Master Boot Record/mbr verseucht?

xXChrissyXx · 06.04.2013, 15:19

Hallo

Ich habe momenten den Laptop von meinem Freund, da ich die Vermutung habe das er sich da was eingefangen hat. (öffnet Programme sehr langsam und diese stürzen auch immer ab) Ich habe Spybot Search and Destroy drüberlaufen lassen und der hat dann angezeigt das irgendwas mit mbr nicht stimmen soll. Also hab ich als nächstes die Anleitung hier abgearbeitet und GMER und OTL drüberlaufen lassen. Ich hoffe das mir jemand helfen kann, da ich da absolut nicht durchblicke. Ich hoffe das ich das jetzt richtig verstanden habe und poste einfach mal die 3 logfiles hier rein.

OTL:

OTL logfile created on: 05.04.2013 14:47:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,81 Mb Total Physical Memory | 105,91 Mb Available Physical Memory | 21,06% Memory free
1,46 Gb Paging File | 0,69 Gb Available in Paging File | 47,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 34,03 Gb Free Space | 50,52% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.04.02 11:10:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.02 11:09:58 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.02 11:09:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.02 11:09:55 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011.01.25 21:34:25 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2011.01.25 20:59:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.02 11:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

========== Modules (No Company Name) ==========

MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.02.13 12:39:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.04.02 11:10:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.02 11:09:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.16 14:52:07 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.01.25 21:34:24 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.04.02 11:10:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.02 11:10:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.02 11:10:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.03.03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 04:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8489e25f-7e6c-40e5-b87f-d2fc733af00b&apn_sauid=A17AF693-5BCB-44B2-85B1-D627297855EC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 11:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.30 19:10:29 | 000,000,000 | ---D | M]

[2013.02.16 16:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.30 19:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.16 16:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBA8A43-5553-4A05-B307-E925999A5383}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.05 14:45:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.04 18:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.04 18:54:12 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbrRootkitscan
[2013.03.24 19:33:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.24 17:24:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.24 17:24:11 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013.03.24 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ProcAlyzer Dumps
[2013.03.24 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.24 15:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.24 15:07:41 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.03.24 15:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- C:\481f620d16d3e72c88
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- \481f620d16d3e72c88
[2013.03.16 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.16 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013.04.05 14:51:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 14:49:39 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.05 14:49:39 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.05 14:49:39 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.05 14:49:39 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.05 14:30:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 14:30:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 14:30:03 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.04.05 14:29:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.03 09:41:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.02 11:10:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.02 11:10:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.02 11:10:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 19:35:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.24 16:51:03 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.03.24 16:51:03 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.24 15:08:09 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.16 14:35:24 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013.03.24 15:09:09 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.24 15:09:07 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.03.24 15:09:05 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.24 15:08:10 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.24 15:08:09 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.16 14:35:24 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.15 14:00:05 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.04.15 14:00:05 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.04.15 14:00:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.04.15 14:00:04 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.04.15 14:00:04 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.04.15 14:00:04 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.04.15 14:00:04 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.04.15 14:00:04 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.04.15 14:00:04 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.04.15 14:00:04 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.04.15 14:00:04 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.04.15 14:00:04 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.04.15 14:00:04 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.04.15 14:00:04 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.04.15 14:00:04 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.24 20:52:44 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.14 11:15:19 | 000,000,000 | ---- | C] () -- \C_USERPART
[2006.11.09 19:36:39 | 000,438,840 | RHS- | C] () -- \bootmgr

========== ZeroAccess Check ==========

[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.25 21:06:04 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.26 05:17:26 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

========== Purity Check ==========

< End of report >

Extras:

OTL Extras logfile created on: 05.04.2013 14:47:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,81 Mb Total Physical Memory | 105,91 Mb Available Physical Memory | 21,06% Memory free
1,46 Gb Paging File | 0,69 Gb Available in Paging File | 47,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 34,03 Gb Free Space | 50,52% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BB9FBB87-E529-4EFE-BB57-20DF2B39A971}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB53610-728C-4FE4-8791-42CE6D8C71A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{188E9809-6BBB-4AFD-81BE-EBE537E05F73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5BA60129-5C00-4C6B-90EC-A2BC938083B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8869BD36-41A2-4663-997F-40C4102A90FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{978548A6-F02E-4B7A-B1F5-DB4CFC88D6D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D675D218-A218-40D1-BA89-9D175096F065}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E2DE08F2-7E4C-485E-B915-4487BD5DEFC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9A2F8B89-D461-4737-ACA0-CD31D2A1DAF2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{6FBF6460-471F-4234-A144-C8272863F2CD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{2E886C29-857C-4CE5-A205-F6AA7278E666}" = ESU for Microsoft Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 C1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3AAFBD6A-7F68-4BDC-8280-22DCFACE13EB}" = HP Active Support Library
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alfons Lernwelt" = Alfons Lernwelt
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.03.2013 04:44:16 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 12.0.0.4493, Zeitstempel
0x4f9207d9, fehlerhaftes Modul xul.dll, Version 12.0.0.4493, Zeitstempel 0x4f92069e,
Ausnahmecode 0xc0000005, Fehleroffset 0x001115b8, Prozess-ID 0xe80, Anwendungsstartzeit
01ce260b3d71f971.

Error - 22.03.2013 05:07:48 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 12.0.0.4493, Zeitstempel
0x4f9207d9, fehlerhaftes Modul xul.dll, Version 12.0.0.4493, Zeitstempel 0x4f92069e,
Ausnahmecode 0xc0000005, Fehleroffset 0x001115b8, Prozess-ID 0x784, Anwendungsstartzeit
01ce26db6cb95124.

Error - 04.04.2013 11:16:20 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x188,
Anwendungsstartzeit 01ce3146befd18ec.

Error - 04.04.2013 12:01:44 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm SDWelcome.exe, Version 2.0.12.126 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ec4 Anfangszeit: 01ce314c7e1539bc Zeitpunkt
der Beendigung: 47

Error - 04.04.2013 12:57:12 | Computer Name = User-PC | Source = EventSystem | ID = 4609
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1008
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1008
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1010
Description =

Error - 04.04.2013 13:09:38 | Computer Name = User-PC | Source = PerfNet | ID = 2004
Description =

Error - 04.04.2013 13:09:38 | Computer Name = User-PC | Source = PerfNet | ID = 2002
Description =

[ System Events ]
Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

Gmer: (ließ sich nur im abgesicherten Modus ausführen da es im Normalmodus abgebrochen wurde)

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 15:44:45
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxtdapob.sys

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys

Device \FileSystem\cdfs \Cdfs 8FE3B067

---- Processes - GMER 2.1 ----

Process (*** hidden *** ) [4] 82FC6940

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Mit freundlichen Grüßen

Chrissy

aharonov · 06.04.2013, 22:36

Hallo Chrissy,

Zitat:

Ich habe Spybot Search and Destroy drüberlaufen lassen und der hat dann angezeigt das irgendwas mit mbr nicht stimmen soll.

Dieses Logfile, in welchem der Spybot seinen Verdacht äussert, würde ich gerne sehen.
Zudem geht aus den Logs hervor, dass bereits weitere Tools heruntergeladen wurden (z.B. aswMBR). Wurde eines dieser Tools ausgeführt? Entsprechende Logs bitte auch alle noch nachreichen.

xXChrissyXx · 08.04.2013, 23:17

Hallo Leo,

hier die angeforderten Logfiles:

aswMBR (Quickscan im abgesichertem Modus da der Vollscan im Normalmodus abgebrochen wurde) :

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 23:49:10
-----------------------------
23:49:10.320 OS Version: Windows 6.0.6000
23:49:10.320 Number of processors: 2 586 0xE08
23:49:10.335 ComputerName: USER-PC UserName: User
23:49:11.381 Initialize success
23:49:46.028 AVAST engine defs: 13040802
23:50:03.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
23:50:03.953 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7BP Size: 76319MB BusType: 3
23:50:04.312 Disk 0 MBR read successfully
23:50:04.312 Disk 0 MBR scan
23:50:04.546 Disk 0 unknown MBR code
23:50:04.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68973 MB offset 63
23:50:04.624 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 5750 MB offset 141258752
23:50:04.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1590 MB offset 153042944
23:50:04.702 Disk 0 scanning sectors +156299264
23:50:05.092 Disk 0 scanning C:\Windows\system32\drivers
23:50:24.639 Service scanning
23:50:53.031 Modules scanning
23:51:08.085 Disk 0 trace - called modules:
23:51:08.085 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
23:51:08.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83622230]
23:51:08.085 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x835da030]
23:51:08.756 AVAST engine scan C:\Windows
23:51:21.111 AVAST engine scan C:\Windows\system32
23:54:18.125 AVAST engine scan C:\Windows\system32\drivers
23:54:40.028 AVAST engine scan C:\Users\User
23:56:40.695 AVAST engine scan C:\ProgramData
23:57:10.538 Scan finished successfully
00:00:39.189 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\Sp\MBR.dat"
00:00:39.267 The log file has been saved successfully to "C:\Users\User\Desktop\Sp\aswMBR.txt"

Spybot Search and Destroy (Normalmodus mit Antivir da dieses sich nicht ausschalten ließ)

Vollscan:

Search results from Spybot - Search & Destroy

08.04.2013 14:42:57
Scan took 00:33:11.
19 items found.

Log: [SBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done)
C:\WINDOWS\ntbtlog.txt
Properties.size=492292
Properties.md5=99CC4AB6C13776641FCD9FE7D81D67FA
Properties.filedate=1365252276
Properties.filedatetext=2013-04-06 14:44:36

Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Properties.size=7798
Properties.md5=5A93DE0CBF5489253C6FD3974612B79B
Properties.filedate=1365422117
Properties.filedatetext=2013-04-08 13:55:17

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)

Verlauf: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)

--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-03-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

RootkitQuickScan:

RootAlyzer Quick Scan Results

Dateien im Windows-Verzeichnis
----------------------------------------
89 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Dateien im Systemverzeichnis
----------------------------------------
2570 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Systemweite Starteinträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Winlogon-Einträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Versteckte Prozesse (mittels Handles)
----------------------------------------
0 Handle-Prozess-IDs für 50 Prozesse.
Keine versteckten Prozesse entdeckt.
========================================

Versteckte Prozesse (mittels Threads)
----------------------------------------
50 Prozesse überprüft.
Keine versteckten Prozesse entdeckt.
========================================

Master Boot Records
----------------------------------------
1 MBRs überprüft.
Unbekannte MBRs: PhysicalDrive0
PhysicalDrive0
========================================

liebe Grüße

Chrissy

aharonov · 09.04.2013, 00:09

Hallo Chrissy,

dann mach mal so weiter:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von OTL

xXChrissyXx · 10.04.2013, 14:39

Hallo Leo,

hier die weiteren angeforderten Logfiles:

Adwcleaner:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 10/04/2013 um 14:40:35 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic  (32 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16982

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (de)

*************************

AdwCleaner[S1].txt - [1321 octets] - [10/04/2013 14:40:35]

########## EOF - C:\AdwCleaner[S1].txt - [1381 octets] ##########

--- --- ---
Combofix:
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-04-10.01 - User 10.04.2013  14:51:46.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.49.1031.18.503.145 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-10 bis 2013-04-10  ))))))))))))))))))))))))))))))
.
.
2013-04-10 13:02 . 2013-04-10 13:02	--------	d-----w-	c:\users\User\AppData\Local\temp
2013-04-10 13:02 . 2013-04-10 13:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-02 09:08 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F26741D-06AA-4991-A805-7B5B115696EE}\mpengine.dll
2013-03-24 13:08 . 2013-04-04 15:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-24 13:07 . 2013-04-10 12:29	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-03-16 15:18 . 2013-03-16 15:19	--------	d-----w-	C:\481f620d16d3e72c88
2013-03-16 12:35 . 2013-03-16 12:35	--------	d-----w-	c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 12:51 . 2012-10-14 13:10	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-16 12:51 . 2011-05-19 12:59	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2011-01-25 15:36	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-15 15:56 . 2012-07-30 17:10	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 15:56 . 2011-02-18 16:15	473520	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-21 01:18 . 2012-04-29 09:02	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57	40368	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2013-02-19 19:47	3288856	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.hp.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 83.169.185.33 83.169.185.97
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq4x6kpl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
FF - ExtSQL: 2013-02-16 15:08; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-01-29 19:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-10 15:02
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-10  15:07:02
ComboFix-quarantined-files.txt  2013-04-10 13:06
.
Vor Suchlauf: 9 Verzeichnis(se), 36.649.897.984 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 36.393.373.696 Bytes frei
.
- - End Of File - - 2BAFE0DAE3EA346F353F29C723B62372

--- --- ---
OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.04.2013 15:17:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,81 Mb Total Physical Memory | 55,13 Mb Available Physical Memory | 10,96% Memory free
1,46 Gb Paging File | 1,05 Gb Available in Paging File | 71,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 33,60 Gb Free Space | 49,88% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011.01.25 20:59:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.02.13 12:39:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.16 14:52:07 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.01.25 21:34:24 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.03.03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 04:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops , Printers, Servers and more
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 11:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.30 19:10:29 | 000,000,000 | ---D | M]
 
[2013.02.16 16:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.30 19:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.16 16:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.10 15:02:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBA8A43-5553-4A05-B307-E925999A5383}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 15:07:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.10 15:07:14 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.04.10 15:07:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2013.04.10 14:46:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.10 14:46:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.10 14:46:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.10 14:46:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.04.10 14:46:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.10 14:46:42 | 000,000,000 | ---D | C] -- \ComboFix
[2013.04.10 14:46:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.10 14:46:30 | 000,000,000 | ---D | C] -- \Qoobox
[2013.04.10 14:45:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.10 14:39:38 | 005,050,680 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.04.10 14:31:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.08 14:49:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Sp
[2013.04.05 14:45:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.04 18:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.04 18:54:12 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbrRootkitscan
[2013.03.24 19:33:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.24 17:24:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.24 17:24:11 | 000,000,000 | ---D | C] -- \Config.Msi
[2013.03.24 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ProcAlyzer Dumps
[2013.03.24 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.24 15:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- C:\481f620d16d3e72c88
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- \481f620d16d3e72c88
[2013.03.16 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.16 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 15:15:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 15:15:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 15:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 15:14:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.10 15:02:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.10 14:50:16 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.10 14:50:15 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.10 14:50:15 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.10 14:50:15 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 14:11:54 | 005,050,680 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.04.10 14:11:12 | 000,613,083 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.04.08 22:50:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.04 16:59:40 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19163.exe
[2013.03.24 19:35:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.16 14:35:24 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.10 14:46:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.10 14:46:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.10 14:46:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.10 14:46:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.10 14:46:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.10 14:39:24 | 000,613,083 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.04.05 15:07:30 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19163.exe
[2013.03.16 14:35:24 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.15 14:00:05 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.04.15 14:00:05 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.04.15 14:00:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.04.15 14:00:04 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.04.15 14:00:04 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.04.15 14:00:04 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.04.15 14:00:04 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.04.15 14:00:04 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.04.15 14:00:04 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.04.15 14:00:04 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.04.15 14:00:04 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.04.15 14:00:04 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.04.15 14:00:04 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.04.15 14:00:04 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.04.15 14:00:04 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.24 20:52:44 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.14 11:15:19 | 000,000,000 | ---- | C] () -- \C_USERPART
[2006.11.09 19:36:39 | 000,438,840 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.25 21:06:04 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.26 05:17:26 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.27 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\alw
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2012.04.15 13:58:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\EPSON
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012.04.15 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\UDL
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011.08.28 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006.11.09 18:46:51 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.04.10 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013.04.10 14:27:02 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2006.11.09 18:46:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:48:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Anwendungsdaten
[2011.01.17 11:19:31 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
[2011.01.17 11:21:48 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
[2013.04.10 15:17:07 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
[2013.03.24 17:14:16 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
[2013.04.04 17:43:14 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Druckumgebung
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Eigene Dateien
[2011.01.17 11:22:05 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
[2011.01.17 11:22:03 | 000,000,000 | R--D | M] -- C:\Users\User\Links
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Lokale Einstellungen
[2013.03.16 13:19:51 | 000,000,000 | R--D | M] -- C:\Users\User\Music
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Netzwerkumgebung
[2012.12.30 15:14:25 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
[2011.01.18 10:40:02 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
[2011.01.17 11:22:03 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Startmenü
[2013.02.02 15:49:03 | 000,000,000 | R--D | M] -- C:\Users\User\Videos
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Vorlagen
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

liebe Grüße

Chrissy

aharonov · 10.04.2013, 14:46

Hi Chrissy,

wie läuft denn der Rechner jetzt? Macht er immer noch die zu Beginn beschriebenen Probleme?

aharonov · 13.04.2013, 17:35

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov · 15.04.2013, 15:28

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

aharonov · 19.04.2013, 20:02

Wir machen hier weiter.
Schildere bitte die aktuellen Probleme und mach einen frischen OTL-Scan:

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

xXChrissyXx · 20.04.2013, 19:50

Hallo Leo,

hier das neue Logfile von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.04.2013 20:15:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,66 Mb Total Physical Memory | 177,19 Mb Available Physical Memory | 35,25% Memory free
1,45 Gb Paging File | 0,85 Gb Available in Paging File | 58,34% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 32,08 Gb Free Space | 47,62% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,75 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.10 16:19:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.11 15:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.10 15:02:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBA8A43-5553-4A05-B307-E925999A5383}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 18:10:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.16 19:03:16 | 000,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\uxtuneup.dll
[2013.04.16 19:03:16 | 000,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\authuitu.dll
[2013.04.16 19:03:09 | 000,361,728 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2013.04.16 19:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.04.16 19:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008
[2013.04.16 19:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2008
[2013.04.16 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.04.12 23:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013.04.12 22:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013.04.12 22:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.04.12 21:36:13 | 001,005,088 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx
[2013.04.12 21:36:13 | 000,450,560 | ---- | C] (LogicNP Software (hxxp://www.ssware.com)) -- C:\Windows\System32\fldrvw90.ocx
[2013.04.12 21:36:11 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.4.2.ocx
[2013.04.12 21:36:11 | 000,089,888 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx
[2013.04.12 21:36:11 | 000,077,504 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtScrollContainer.ocx
[2013.04.12 21:36:10 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF2.ocx
[2013.04.12 21:36:10 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll
[2013.04.12 21:36:09 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx
[2013.04.12 21:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup
[2013.04.12 21:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\AllDup
[2013.04.12 19:13:05 | 000,000,000 | ---D | C] -- C:\Users\User\Tracing
[2013.04.12 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.12 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2013.04.12 19:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.04.12 19:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.04.12 19:03:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.12 19:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013.04.12 19:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.04.12 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.04.12 18:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.04.12 17:52:09 | 000,000,000 | ---D | C] -- C:\Windows\QLB
[2013.04.12 15:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.04.12 15:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.04.12 15:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.12 15:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.12 15:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.12 15:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.04.12 14:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.12 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.12 13:55:47 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2013.04.12 13:55:47 | 000,000,000 | ---D | C] -- \PerfLogs
[2013.04.11 21:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.04.11 21:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.04.11 15:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.04.11 15:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.11 06:50:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.11 06:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.04.10 18:15:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\WindowsUpdate
[2013.04.10 16:21:29 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.04.10 16:21:29 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.04.10 16:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.10 16:21:26 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.04.10 16:21:26 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.04.10 16:21:25 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.04.10 16:21:16 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.04.10 16:21:14 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.04.10 16:18:58 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.10 16:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.10 16:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.04.10 15:07:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.10 15:07:14 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.04.10 15:07:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2013.04.10 14:46:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.10 14:46:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.10 14:46:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.10 14:46:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.04.10 14:46:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.10 14:46:42 | 000,000,000 | ---D | C] -- \ComboFix
[2013.04.10 14:46:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.10 14:46:30 | 000,000,000 | ---D | C] -- \Qoobox
[2013.04.10 14:45:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.10 14:31:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.04 18:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.24 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ProcAlyzer Dumps
[2013.03.24 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.24 15:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 20:00:17 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.04.20 19:36:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 19:36:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 19:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.20 18:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.19 21:12:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.16 19:25:08 | 000,628,436 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.16 19:25:08 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.16 19:25:08 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.16 19:25:08 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.16 19:03:14 | 000,361,728 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2013.04.16 19:02:29 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2013.04.16 19:02:28 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.12 23:00:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013.04.12 22:00:52 | 000,001,039 | ---- | M] () -- C:\Users\User\Desktop\Auslogics Disk Defrag.lnk
[2013.04.12 21:36:14 | 000,000,776 | ---- | M] () -- C:\Users\User\Desktop\AllDup.lnk
[2013.04.12 21:11:02 | 015,124,736 | ---- | M] () -- C:\Users\User\Desktop\TU2008TrialDE.exe
[2013.04.12 17:53:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2013.04.12 17:30:24 | 000,376,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.12 15:16:18 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.11 22:42:31 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.04.11 22:42:10 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2013.04.11 15:23:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.11 06:50:23 | 000,001,057 | ---- | M] () -- C:\Users\User\Desktop\Revo Uninstaller.lnk
[2013.04.10 19:17:43 | 000,000,680 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2013.04.10 16:21:30 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.10 16:21:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.04.10 15:02:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2013.04.16 19:03:25 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.04.16 19:02:29 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008.lnk
[2013.04.16 19:02:29 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2013.04.16 19:02:28 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.12 23:00:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013.04.12 22:00:52 | 000,001,039 | ---- | C] () -- C:\Users\User\Desktop\Auslogics Disk Defrag.lnk
[2013.04.12 21:36:14 | 000,000,776 | ---- | C] () -- C:\Users\User\Desktop\AllDup.lnk
[2013.04.12 21:10:41 | 015,124,736 | ---- | C] () -- C:\Users\User\Desktop\TU2008TrialDE.exe
[2013.04.12 17:53:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2013.04.12 15:16:18 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.12 14:21:49 | 000,000,949 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.11 15:23:42 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.11 15:23:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.11 06:50:23 | 000,001,057 | ---- | C] () -- C:\Users\User\Desktop\Revo Uninstaller.lnk
[2013.04.10 18:39:19 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2013.04.10 16:21:30 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.10 16:21:24 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.04.10 16:21:23 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.04.10 14:46:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.10 14:46:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.10 14:46:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.10 14:46:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.10 14:46:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.15 14:00:05 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.04.15 14:00:05 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.04.15 14:00:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.04.15 14:00:04 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.04.15 14:00:04 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.04.15 14:00:04 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.04.15 14:00:04 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.04.15 14:00:04 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.04.15 14:00:04 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.04.15 14:00:04 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.04.15 14:00:04 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.04.15 14:00:04 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.04.15 14:00:04 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.04.15 14:00:04 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.04.15 14:00:04 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.24 20:52:44 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.14 11:15:19 | 000,000,000 | ---- | C] () -- \C_USERPART
[2006.11.09 19:36:39 | 000,333,203 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.25 21:05:58 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.26 05:17:19 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.12 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.04.12 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\AllDup
[2013.04.12 21:48:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\alw
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013.04.10 16:17:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2012.04.15 13:58:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\EPSON
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013.04.16 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\TuneUp Software
[2012.04.15 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\UDL
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2013.04.12 23:11:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2011.08.28 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006.11.09 18:46:51 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.04.10 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013.04.16 19:02:29 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2013.04.12 19:03:55 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:48:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2006.11.02 14:47:59 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Anwendungsdaten
[2011.01.17 11:19:31 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData
[2011.01.17 11:21:48 | 000,000,000 | R--D | M] -- C:\Users\User\Contacts
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Cookies
[2013.04.20 19:08:11 | 000,000,000 | R--D | M] -- C:\Users\User\Desktop
[2013.03.24 17:14:16 | 000,000,000 | R--D | M] -- C:\Users\User\Documents
[2013.04.20 19:08:11 | 000,000,000 | R--D | M] -- C:\Users\User\Downloads
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Druckumgebung
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Eigene Dateien
[2013.04.20 19:47:09 | 000,000,000 | R--D | M] -- C:\Users\User\Favorites
[2013.04.12 21:47:16 | 000,000,000 | R--D | M] -- C:\Users\User\Links
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Lokale Einstellungen
[2013.03.16 13:19:51 | 000,000,000 | R--D | M] -- C:\Users\User\Music
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Netzwerkumgebung
[2012.12.30 15:14:25 | 000,000,000 | R--D | M] -- C:\Users\User\Pictures
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Recent
[2011.01.18 10:40:02 | 000,000,000 | R--D | M] -- C:\Users\User\Saved Games
[2011.01.17 11:22:03 | 000,000,000 | R--D | M] -- C:\Users\User\Searches
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\SendTo
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Startmenü
[2013.04.16 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\User\Tracing
[2013.02.02 15:49:03 | 000,000,000 | R--D | M] -- C:\Users\User\Videos
[2011.01.17 11:15:20 | 000,000,000 | -HSD | M] -- C:\Users\User\Vorlagen
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Falls es von Wichtigkeit sein sollte, Internet Explorer funktioniert beim Surfen, Firefox hängt sich andauernd auf.

liebe Grüße

Chrissy

aharonov · 20.04.2013, 19:55

Ist das im Moment das einzige Symptom, dass der Firefox sich aufhängt? Oder was passt sonst noch nicht?

xXChrissyXx · 20.04.2013, 21:09

Hallo Leo,

also um es genauer zu beschreiben, wenn ich den lapptop starte und nicht mit dem Internet verbunden bin funktioniert er an sich einwandfrei (Programme starten gut und hängen sich auch nicht auf).

Sobald ich mich dann mit dem Internet verbinde sei es W-Lan oder nur Lan gefriert er regelrecht ein und das auf ganzer Linie, Programme starten langsam und hängen sich auf.

Dann funktioniert auf einmal alles wieder an sich einwandfrei (Nach ungefähr einer Stunde etwa!) Programme starten normal, das Surfen funktioniert an sich einwandfrei, bis auf das Firefox eine Meldung brachte das ein Skript ausgeführt werden möchte, was ich abgelehnt habe. (Bei meinem Rechner fragt er mich das nie und ich hab an sich nur die gleichen add-ons installiert wie hier)

liebe Grüße
Chrissy

aharonov · 20.04.2013, 21:15

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.

Falls Funde angezeigt werden:

Klicke auf den CleanUp Button und erlaube den Neustart.
Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.

Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.

xXChrissyXx · 20.04.2013, 23:06

Hallo Leo,

so der Malwarebites Scan hat soweit nichts hervorgebracht. Hier der Scan:

nternet Explorer 7.0.6001.18000
User :: USER-PC [administrator]

20.04.2013 23:44:03
mbar-log-2013-04-20 (23-44-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25866
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Das einzig Seltsame das sich ereignet hat ist das ich jetzt zwei desktop ini files auf dem desktop habe die ich mir nicht erklären kann.

Liebe Grüße

Chrissy

10.04.2013, 14:46	#6
aharonov /// TB-Ausbilder	Master Boot Record/mbr verseucht? Hi Chrissy, wie läuft denn der Rechner jetzt? Macht er immer noch die zu Beginn beschriebenen Probleme? __________________ --> Master Boot Record/mbr verseucht?

19.04.2013, 20:02	#9
aharonov /// TB-Ausbilder	Master Boot Record/mbr verseucht? Wir machen hier weiter. Schildere bitte die aktuellen Probleme und mach einen frischen OTL-Scan: Starte bitte die OTL.exe. Setze den Haken bei Scan all Users. Drücke auf den Quick Scan Button. Poste den Inhalt von OTL.txt hier in den Thread. __________________ cheers, Leo

20.04.2013, 19:55	#11
aharonov /// TB-Ausbilder	Master Boot Record/mbr verseucht? Ist das im Moment das einzige Symptom, dass der Firefox sich aufhängt? Oder was passt sonst noch nicht? __________________ cheers, Leo

Master Boot Record/mbr verseucht?

Log-Analyse und Auswertung: Master Boot Record/mbr verseucht?