Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner beim Online-Banking

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.06.2013, 18:49   #1
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo zusammen,

ich habe gestern festgestellt, dass ich einen Trojaner auf dem Rechner habe. Beim Einloggen für das Online-Banking wurde ich aufgefordert, meine Tan-Liste einzugeben. Das hatte ich nicht gemacht und ich habe dann antivir laufen lassen, die Dateien in die Quarantäne verschoben und gelöscht. Nun habe ich gehört, dass dies nicht ausreicht. Könnt Ihr mir helfen meinen Rechner zu säubern?

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2013 17:12:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Huthmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,61 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 56,72% Memory free
7,21 Gb Paging File | 5,14 Gb Available in Paging File | 71,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 153,98 Gb Free Space | 66,12% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,38 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
 
Computer Name: MJH | User Name: Huthmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
PRC - [2013.06.10 11:41:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.10 11:40:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.06.10 11:40:08 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.06.10 11:40:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.10 11:39:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.10 11:39:57 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.05.27 13:50:36 | 001,516,608 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.30 12:03:00 | 001,648,264 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.10 03:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.08.15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009.05.21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009.05.21 21:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009.05.21 21:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009.05.21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.06.28 23:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.10.20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.06.10 11:41:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.10 11:40:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.10 11:40:08 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.06.10 11:40:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.10 11:39:57 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.05.18 15:13:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.22 11:52:33 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.07.01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.05.21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2013.03.28 06:46:36 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 06:46:36 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 06:46:36 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 19:22:09 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.29 01:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.28 23:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 18:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 12:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.09.30 21:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.14 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.08.14 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.04.06 13:49:16 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2C85BFB1-9AFE-47A4-BE14-87755B3ED67D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{36D28309-7E16-4884-B7F9-2F4745334787}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{421D42E9-DE13-43BA-B84F-CDD4F5ED31B6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1d0c625-41f3-4be6-aa09-45c35c780d96&apn_sauid=1E7E84FB-B3BF-4E4A-ACC2-CC1E0612CC7C
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE478
IE - HKCU\..\SearchScopes\{756D3384-B88A-4A23-92C3-305FE75B6446}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{B3A25B8E-87C6-43FC-9A3B-BD5E037A0D32}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
 
 
========== Chrome ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Avira Toolbar = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [brah] C:\Users\Huthmann\AppData\Roaming\brah\sit.bat ()
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKCU..\Run: [Ytobfo] C:\Users\Huthmann\AppData\Roaming\Ysih\uvmi.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FCFBBE-C0E1-499C-93F4-56EC17B65178}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.10 17:11:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 11:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.10 11:45:16 | 000,141,376 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:45:16 | 000,114,608 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.06.07 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Huthmann\AppData\Roaming\Ikavow
[2013.06.07 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Huthmann\AppData\Roaming\Esadu
[2013.06.07 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Huthmann\AppData\Roaming\Anymko
[2013.06.02 18:56:27 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\Huthmann\AppData\Roaming\chromebrowser.exe
[2013.06.02 18:56:07 | 000,000,000 | RHSD | C] -- C:\Program Files (x86)\Myan
[2013.06.02 18:56:06 | 000,000,000 | RHSD | C] -- C:\Users\Huthmann\AppData\Roaming\Paaspgty
[2013.06.02 18:55:56 | 000,000,000 | ---D | C] -- C:\Users\Huthmann\AppData\Roaming\brah
[2013.05.28 17:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013.05.28 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2013.05.28 17:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2013.05.28 17:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
[2013.01.22 15:44:04 | 001,730,272 | ---- | C] (Audible Inc.) -- C:\Users\Huthmann\ActiveSetupN.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 17:11:11 | 000,000,000 | ---- | M] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:17 | 000,050,477 | ---- | M] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.10 15:04:00 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 15:04:00 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 14:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.10 14:52:28 | 2903,220,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 12:25:40 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.10 12:25:40 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.10 12:25:40 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.10 12:25:40 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.10 12:25:40 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.10 12:12:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 11:50:55 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.10 11:47:55 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.06.10 11:31:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 18:56:08 | 000,012,240 | ---- | M] () -- C:\Program Files (x86)\PJQ.dat
[2013.06.02 18:55:59 | 000,030,720 | ---- | M] () -- C:\Users\Huthmann\0lz7g3zb5jb8o.exe
[2013.05.19 12:08:06 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 14:31:31 | 000,000,004 | ---- | M] () -- C:\Users\Huthmann\AppData\Roaming\skype.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.10 17:11:11 | 000,000,000 | ---- | C] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:16 | 000,050,477 | ---- | C] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.02 18:56:08 | 000,012,240 | ---- | C] () -- C:\Program Files (x86)\PJQ.dat
[2013.06.02 18:55:59 | 000,030,720 | ---- | C] () -- C:\Users\Huthmann\0lz7g3zb5jb8o.exe
[2013.05.12 14:29:42 | 000,000,004 | ---- | C] () -- C:\Users\Huthmann\AppData\Roaming\skype.ini
[2012.10.25 20:01:41 | 000,238,325 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2012.10.25 20:01:41 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.10.25 19:45:21 | 000,238,976 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.10.12 06:45:35 | 000,328,095 | ---- | C] () -- C:\Users\Huthmann\winmail_opener.exe
[2012.09.09 11:01:15 | 000,197,908 | ---- | C] () -- C:\Users\Huthmann\Office 2010.xps
[2012.04.17 06:19:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.06 13:43:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012.04.06 13:33:56 | 087,227,952 | ---- | C] () -- C:\Users\Huthmann\avira_free_antivirus_898de.exe
[2012.03.01 19:49:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2012.03.01 19:35:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.03.01 19:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.01 19:15:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.22 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ahizyd
[2013.06.10 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Anymko
[2013.01.22 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\bc0e72aa-946e-426c-9dbd-e45434712a8c79
[2013.06.07 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\brah
[2012.04.21 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013.06.07 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Esadu
[2013.06.09 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ikavow
[2013.01.20 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Kikoa
[2013.06.02 18:56:06 | 000,000,000 | RHSD | M] -- C:\Users\Huthmann\AppData\Roaming\Paaspgty
[2013.03.31 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\RavensburgerTipToi
[2012.09.09 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\SoftGrid Client
[2012.05.06 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Toshiba
[2012.04.06 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TOSHIBA Online Product Information
[2012.04.17 06:20:59 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TP
[2013.01.22 06:41:08 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ysih
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---


Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.06.2013 17:12:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Huthmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,61 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 56,72% Memory free
7,21 Gb Paging File | 5,14 Gb Available in Paging File | 71,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 153,98 Gb Free Space | 66,12% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,38 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
 
Computer Name: MJH | User Name: Huthmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = TXTFile] -- C:\Program Files (x86)\Myan\Myan.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = TXTFile] -- C:\Program Files (x86)\Myan\Myan.exe ()
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files (x86)\Myan\Myan.exe" %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files (x86)\Myan\Myan.exe" %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BF7E0E-AAE8-4EBA-B388-8C7B3E034385}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0D5DD689-0C67-4089-A2CE-2D517DB0ACF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E3D189C-9F0D-47C2-A76D-503259B15BB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{112903C5-BA90-4B6E-BB09-F0B64A145E1A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F49ECFC-0525-4486-B383-D4C57E9F3BE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2AA46FFA-2FFF-4887-88C9-545409E5AC70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2B4A911D-B770-4ADC-8256-2269726CE2BB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{607E3A7B-FA80-4F8C-855A-0F9597BB0730}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6296774C-B776-4F29-9DF3-3AC5F1364E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6814128E-8969-40F4-9ECB-4F724B1A27AB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{69AA1A8C-6DB2-4547-B89C-28046849C136}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F8E3E82-0FFF-4A2F-8644-9C38BEA759E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7A105FCE-778E-4D99-8406-3B3A30A8C936}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E66AFBB-D964-441C-82EB-8BBC9EEA2E36}" = lport=138 | protocol=17 | dir=in | app=system | 
"{908D45A5-CB0C-4348-9C26-F911168FBD76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9CA9FF61-1DEB-4627-BF5C-F5DFE4C320BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACBCB2A6-0ED7-4520-8E6F-326540A13381}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0748B88-C242-4F96-9379-4B45DBB3B378}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CA0566D1-B716-4208-BD2C-124F2D64FF47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D252FB18-4142-4D61-9E2E-6C1C7DD3D5EA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D73A14D7-F451-4228-96F1-1A7ECBB6D23A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB79A65A-43FD-4C60-9567-0492BA6741EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E60BA1F0-F3C8-4F0F-B61F-5921CDBAF632}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED981150-B918-45D1-97BC-4C27E974F04A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EFC67F8A-6944-47FF-B57A-1CF789574ACA}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088DACF8-846A-40DF-B0E4-F0DBE97C25BE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{0A81CBBE-1CB9-49CC-B358-D801B9611B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1950B8C6-D7CF-4692-AA30-657523916D49}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqste08.exe | 
"{22AA351B-2A35-4E08-9F54-171C559D6AE7}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpiscnapp.exe | 
"{22FE0053-7EA7-4EBD-9708-95D025ADEE09}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqfxt08.exe | 
"{24961E48-4AC6-4DA2-9068-7F87CCD7121F}" = protocol=6 | dir=in | app=c:\windows\syswow64\ftp.exe | 
"{350FBAFD-384E-4B75-896D-9AE5DE2E651B}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpoews01.exe | 
"{36017B73-F5BA-4438-9781-7C2F5BF7C7AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{39E7558B-6355-4AC5-8213-70102D653CEF}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqusgm.exe | 
"{3B74F021-C40E-4264-90A0-F1C2B5370347}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4047E60B-8978-4040-A4EB-E79A3D62D517}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{407B12DC-388C-4530-9CB2-1D04EDF26EF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{47F6F782-C3DF-4CBC-8009-09E26398B756}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49613BAD-4839-4BF7-9F37-22A10D395D5C}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpofxs08.exe | 
"{4A304C07-F11D-42E5-814D-150073D4C8FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CFA50AC-7103-4997-AFAB-CE0AD85DA2D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5014A2E5-1939-4C8F-B441-C5F8C41B9029}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5118F5A4-D75B-4172-8853-3612290CEE45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51EDACDC-44BD-47C0-AEC7-A525E1EDFBE5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52F45541-029F-4157-A7AB-AA09E2C14721}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpofxm08.exe | 
"{55B65D55-E87F-4ECA-B035-333ADEC68204}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp software update\hpwucli.exe | 
"{585BE9FB-45F7-44AC-8B1F-CB1DE5761532}" = protocol=6 | dir=out | app=system | 
"{601BB4A9-E068-4B4F-BF19-E3BC232BE13B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62938BF2-EDE5-405B-968B-92BDCB488747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FE21054-0038-469F-9E41-A6FD2B408C48}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7D85222A-A6DB-41BF-B88E-75A2721A3AF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{87622535-0B57-49F3-8962-E7404B9309D3}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe | 
"{8803A873-0FCD-49AA-8576-F1980D07EB03}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{948D7C69-1214-469D-9D7C-7DD721465B66}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpfccopy.exe | 
"{9A13145B-DF96-455E-87C9-798A4BC21060}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1FF45F8-F9DD-4E79-B9B6-6B98DC9D0840}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{A7DAABA2-41E2-4700-ABC6-77CFCC27BB6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B26B4393-606A-425E-B058-A4A05738567C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B5A7CE44-DB1A-404D-A0CA-3728E8ADF3E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqusgh.exe | 
"{BDF5E668-67E0-4BAC-A123-0E70B1C7515E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C13B26FA-572A-4220-85B3-8D5CB1E24A15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CA409D96-B15F-4255-BAF6-4DBF254A331B}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpzwiz01.exe | 
"{CC358E0F-2A94-44C4-93A5-3B6D51F831F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqscnvw.exe | 
"{D0EFE99A-56AD-4796-8F71-339247BD59CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D419B2E0-DFB1-4B1D-BD2B-E99CDE6C4658}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe | 
"{D97842E7-A1C5-41FE-955E-88B02F160685}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqkygrp.exe | 
"{E69CD8B4-462D-423B-B17C-0E9DF88B32B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqtra08.exe | 
"{EAD3458B-09A7-4ADA-8321-5794E5CAEC5A}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqgpc01.exe | 
"{EDF79F2C-501D-4CC5-A8B6-8E62019EFF05}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hposid01.exe | 
"{EE1872A4-B2E6-4E75-ADCC-65818BA197B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0B1C58A-B16B-4F9D-91EF-6912191F8DAE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F151ACA1-17F8-4134-9CEA-B3214BE816F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hposfx08.exe | 
"{FD9E8950-C605-4D16-B3E3-46C2B05803EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\ftp.exe | 
"{FDD02C07-FF53-4D27-B434-4AEDF22D172A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6167672A-758D-9960-C32C-47A15E180A70}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D90334-5A27-22AA-0CC9-BB2E7FE4608E}" = ccc-utility64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B0CF6A06-8D6E-3C49-1B5E-75027D2AB2FB}" = AMD Media Foundation Decoders
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019A5307-B53F-DEC7-BF70-E20C2A121E65}" = Catalyst Control Center InstallProxy
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{094FD5E0-01D2-AAB1-027F-A80F8CAB1477}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10097883-9F66-3920-8C7E-3239E72953B3}" = CCC Help Greek
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DECD57-2D3E-59DE-215C-9B2118FFF9C1}" = CCC Help Korean
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24C934DB-D7F8-797E-8937-BF9BA23F1128}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29A4049F-58A7-E0D9-991D-A1A672E51EFE}" = CCC Help Thai
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2E823133-4B6B-60A4-43F4-E586F01FCCCA}" = AMD VISION Engine Control Center
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E1C0066-D04D-863E-3381-9FD232A888A2}" = CCC Help Portuguese
"{401E17B0-7A9E-3173-42B6-B3A780A2934A}" = CCC Help German
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54B80F68-3A7C-1931-AFE8-CA9BABC3EC4D}" = CCC Help English
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68625052-E88D-8598-3E83-9AE6B5D6394D}" = Catalyst Control Center Localization All
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BABB47D-F46A-4AD1-8548-4C6292232D18}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9158DA86-4AC8-6EA5-20B1-36B3F9CF6497}" = CCC Help Czech
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{988C14A1-37AC-EB3F-B607-DED60CEE16E8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A713F0C-D077-9B5F-4E0D-D21657387965}" = CCC Help Dutch
"{9A828AEE-658C-0AA0-7B13-83CC644A7E97}" = CCC Help Chinese Traditional
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B09443E0-838F-6C14-83E4-DFF68F25D688}" = CCC Help Japanese
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B946C4A5-E889-D859-AAB1-DE0C00902115}" = CCC Help Russian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C1F6CAC5-20D3-C4AA-B867-0836493AB636}" = CCC Help Turkish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4674FEF-AC81-79B6-C6C9-1E13CD51B77C}" = myphotobook.de
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA8EF8F2-AF33-253B-7A5E-51E7B1AA6E42}" = CCC Help Hungarian
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED61893-3D8D-C863-5913-AACB740063C2}" = CCC Help Spanish
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAE8B2AB-DDD1-3F5E-42F5-EB54BAE8A7BE}" = CCC Help Swedish
"{ED7B4752-749D-3BA8-2CEB-5AC5A7FADF36}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE99A545-DFC9-EF57-5EDC-43F7B6855AB3}" = CCC Help Danish
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F510D82F-CD6A-0983-EF06-66004AC50565}" = CCC Help Chinese Standard
"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB1966E-4ACF-6648-8E7C-0D8C2EE573CA}" = CCC Help Norwegian
"1&1 Mail & Media GmbH 1und1DesktopIconsInstaller" = WEB.DE Desktop Icons
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Internet Security
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WTA-015e098e-efbe-48e1-a1a4-50d3105e1432" = Insaniquarium Deluxe
"WTA-167abb7c-30ed-45f8-9078-68a9f033ea24" = Plants vs. Zombies - Game of the Year
"WTA-1f35ecae-43a2-41a3-85d4-dac662f1c459" = FATE
"WTA-22836754-997a-456b-bf53-e575ad59d69e" = Wedding Dash 2 - Rings Around the World
"WTA-6194c977-0b5c-48c9-a5a9-d521365b2976" = Bejeweled 3
"WTA-8df5b88e-c4f2-4254-9d27-899c17f5a0a7" = Chuzzle Deluxe
"WTA-adcdd80d-083e-4f9f-a2e4-ab92f190dd7a" = Slingo Deluxe
"WTA-b26c7e6e-cfa5-4c53-a208-5a48f6ea1d3e" = Penguins!
"WTA-c3ac59de-38eb-46bd-9148-62a18447b7ad" = Zuma Deluxe
"WTA-cd122ecb-0279-4193-bcd2-66ee65b37ed1" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-e30f71f6-287b-4905-ba76-02ff594484d8" = Final Drive: Nitro
"WTA-e54a21cb-21b2-468a-847b-6dc7c1fbc024" = Polar Bowler
"WTA-e7bec45b-837d-43c5-9c16-1bd5a821ce63" = Diner Dash 2 Restaurant Rescue
"WTA-f283900d-b2c6-488e-ba71-5546ba6828e8" = Bejeweled 2 Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"JNLP" = JNLP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2012 13:49:51 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2012 03:48:08 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2012 13:48:41 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 06:37:06 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 09:58:00 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 12:51:59 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 23:33:54 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 05:17:10 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 09:09:46 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 11:06:50 | Computer Name = MJH | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.06.2013 07:35:09 | Computer Name = MJH | Source = DCOM | ID = 10010
Description = 
 
Error - 10.06.2013 05:04:53 | Computer Name = MJH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
 
Error - 10.06.2013 05:49:19 | Computer Name = MJH | Source = DCOM | ID = 10010
Description = 
 
Error - 10.06.2013 05:51:23 | Computer Name = MJH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
 
Error - 10.06.2013 06:17:18 | Computer Name = MJH | Source = DCOM | ID = 10010
Description = 
 
Error - 10.06.2013 06:18:47 | Computer Name = MJH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
 
Error - 10.06.2013 06:24:43 | Computer Name = MJH | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 10.06.2013 08:51:31 | Computer Name = MJH | Source = DCOM | ID = 10010
Description = 
 
Error - 10.06.2013 08:53:19 | Computer Name = MJH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
 
Error - 10.06.2013 08:59:08 | Computer Name = MJH | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
 
< End of report >
         
--- --- ---


GMER:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-10 19:41:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 TOSHIBA_ rev.GT00 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Huthmann\AppData\Local\Temp\pxddypow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 710 fffff80002dbf096 31 bytes {CMP AL, 0xc1; OR AL, 0x75; OR EAX, 0xfffffffff6278348; OR QWORD [RDI], 0x6; JMP 0xe4}
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 743 fffff80002dbf0b7 7 bytes [48, B9, FF, FF, FF, FF, FF]
 
---- User code sections - GMER 2.1 ----
 
.text C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b21465 2 bytes [B2, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b214bb 2 bytes [B2, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b21465 2 bytes [B2, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b214bb 2 bytes [B2, 76]
.text ... * 2
 
---- Threads - GMER 2.1 ----
 
Thread C:\Windows\System32\svchost.exe [932:728] 000007fefb81f2f4
Thread C:\Windows\System32\svchost.exe [932:1020] 000007fefba96204
Thread C:\Windows\System32\svchost.exe [932:1096] 000007fefada2070
Thread C:\Windows\System32\svchost.exe [932:1124] 000007fefacd5428
Thread C:\Windows\System32\svchost.exe [932:5436] 000007fefad1a828
Thread C:\Windows\System32\svchost.exe [980:1280] 000007fefa6b59a0
Thread C:\Windows\System32\svchost.exe [980:1420] 000007fefd171a70
Thread C:\Windows\System32\svchost.exe [980:4360] 000007fef95544e0
Thread C:\Windows\System32\svchost.exe [980:4988] 000007fef97f88f8
Thread C:\Windows\system32\svchost.exe [1112:1932] 000007fef996bd88
Thread C:\Windows\system32\svchost.exe [1112:3864] 000007fee46e5170
Thread C:\Windows\system32\svchost.exe [1112:4112] 000007fef97a5124
Thread C:\Windows\system32\svchost.exe [1772:3280] 000007fee1b88470
Thread C:\Windows\system32\svchost.exe [1772:4092] 000007fee1b92418
Thread C:\Windows\system32\svchost.exe [1772:4124] 000007fee031f130
Thread C:\Windows\system32\svchost.exe [1772:2676] 000007fee0314734
Thread C:\Windows\system32\svchost.exe [1772:4308] 000007fee0314734
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2580:1492] 000007fefbcf2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2580:4508] 000007fee07ed618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2580:3636] 000007fef97a5124
 
---- Registry - GMER 2.1 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4AD0B7C1-FB4F-41D4-8F99-5DF39E2169CC}?\Device\{BB14A854-D181-4F34-94F1-37D39E5E2291}?\Device\{306B08D7-CA7A-4E27-B1B1-578B57E25042}?\Device\{5D35CE20-2C52-4D08-8402-3F696F545782}?\Device\{DA5D5416-F79F-432D-B138-6653A79082E0}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4AD0B7C1-FB4F-41D4-8F99-5DF39E2169CC}"?"{BB14A854-D181-4F34-94F1-37D39E5E2291}"?"{306B08D7-CA7A-4E27-B1B1-578B57E25042}"?"{5D35CE20-2C52-4D08-8402-3F696F545782}"?"{DA5D5416-F79F-432D-B138-6653A79082E0}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4AD0B7C1-FB4F-41D4-8F99-5DF39E2169CC}?\Device\TCPIP6TUNNEL_{BB14A854-D181-4F34-94F1-37D39E5E2291}?\Device\TCPIP6TUNNEL_{306B08D7-CA7A-4E27-B1B1-578B57E25042}?\Device\TCPIP6TUNNEL_{5D35CE20-2C52-4D08-8402-3F696F545782}?\Device\TCPIP6TUNNEL_{DA5D5416-F79F-432D-B138-6653A79082E0}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{306B08D7-CA7A-4E27-B1B1-578B57E25042}@InterfaceName isatap.{F7136D39-91F5-48D9-ABDE-2606526089C1}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{306B08D7-CA7A-4E27-B1B1-578B57E25042}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 3665
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2931
 
---- EOF - GMER 2.1 ----
         
--- --- ---


Wenn Ihr helfen könntet wäre ich sehr dankbar!!!

Alt 10.06.2013, 19:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 10.06.2013, 20:46   #3
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

danke für die schnelle Antwort!!!

FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2013 02
Ran by Huthmann (administrator) on 10-06-2013 21:33:23
Running from C:\Users\Huthmann\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-22] (Toshiba Europe GmbH)
HKCU\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-22] (Google Inc.)
HKCU\...\Run: [Ytobfo] C:\Users\Huthmann\AppData\Roaming\Ysih\uvmi.exe [x]
HKCU\...\Run: [brah] "C:\Users\Huthmann\AppData\Roaming\brah\sit.bat" [193 2013-06-02] ()
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1516608 2013-05-27] (1und1 Mail und Media GmbH)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKCU - {2C85BFB1-9AFE-47A4-BE14-87755B3ED67D} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {36D28309-7E16-4884-B7F9-2F4745334787} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {421D42E9-DE13-43BA-B84F-CDD4F5ED31B6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1d0c625-41f3-4be6-aa09-45c35c780d96&apn_sauid=1E7E84FB-B3BF-4E4A-ACC2-CC1E0612CC7C
SearchScopes: HKCU - {756D3384-B88A-4A23-92C3-305FE75B6446} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {B3A25B8E-87C6-43FC-9A3B-BD5E037A0D32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [260832] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (registryAccess) - C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Avira Toolbar) - C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [657120 2013-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-06-10] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-06-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-06-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S0 AFS; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 21:33 - 2013-06-10 21:33 - 00000000 ____D C:\FRST
2013-06-10 21:31 - 2013-06-10 21:31 - 01920126 ____A (Farbar) C:\Users\Huthmann\Desktop\FRST64.exe
2013-06-10 19:40 - 2013-06-10 19:41 - 00007194 ____A C:\Users\Huthmann\Desktop\GMER.log
2013-06-10 17:31 - 2013-06-10 17:31 - 00377856 ____A C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
2013-06-10 17:30 - 2013-06-10 17:30 - 00100434 ____A C:\Users\Huthmann\Desktop\OTL1.Txt
2013-06-10 17:30 - 2013-06-10 17:30 - 00077914 ____A C:\Users\Huthmann\Desktop\Extras1.Txt
2013-06-10 17:29 - 2013-06-10 17:29 - 00077914 ____A C:\Users\Huthmann\Desktop\Extras.Txt
2013-06-10 17:25 - 2013-06-10 17:25 - 00100434 ____A C:\Users\Huthmann\Desktop\OTL.Txt
2013-06-10 17:11 - 2013-06-10 17:11 - 00602112 ____A (OldTimer Tools) C:\Users\Huthmann\Desktop\OTL.exe
2013-06-10 17:11 - 2013-06-10 17:11 - 00000478 ____A C:\Users\Huthmann\Desktop\defogger_disable.log
2013-06-10 17:11 - 2013-06-10 17:11 - 00000000 ____A C:\Users\Huthmann\defogger_reenable
2013-06-10 17:10 - 2013-06-10 17:10 - 00050477 ____A C:\Users\Huthmann\Desktop\Defogger.exe
2013-06-10 11:45 - 2013-06-10 11:42 - 00141376 ____A (Avira GmbH) C:\Windows\System32\Drivers\avfwot.sys
2013-06-10 11:45 - 2013-06-10 11:42 - 00114608 ____A (Avira GmbH) C:\Windows\System32\Drivers\avfwim.sys
2013-06-07 17:32 - 2013-06-10 12:16 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Anymko
2013-06-07 17:32 - 2013-06-09 11:48 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Ikavow
2013-06-07 17:32 - 2013-06-07 17:32 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Esadu
2013-06-07 17:28 - 2013-06-07 17:28 - 00037376 ____A C:\Users\Huthmann\Documents\Einsatzplan Junior Cup 2013.xls
2013-06-02 18:56 - 2013-06-02 18:56 - 00739856 ____A (Google Inc.) C:\Users\Huthmann\AppData\Roaming\chromebrowser.exe
2013-06-02 18:56 - 2013-06-02 18:56 - 00012240 ____A C:\Program Files (x86)\PJQ.dat
2013-06-02 18:56 - 2013-06-02 18:56 - 00000000 _RSHD C:\Users\Huthmann\AppData\Roaming\Paaspgty
2013-06-02 18:56 - 2013-06-02 18:56 - 00000000 _RSHD C:\Program Files (x86)\Myan
2013-06-02 18:55 - 2013-06-07 20:25 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\brah
2013-06-02 18:55 - 2013-06-02 18:55 - 00030720 ____A C:\Users\Huthmann\0lz7g3zb5jb8o.exe
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\UUdb
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\1&1 Mail & Media GmbH
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-05-18 15:02 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-18 15:00 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-18 15:00 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-18 15:00 - 2013-04-01 08:03 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_AuthenticAMD.dll
2013-05-18 15:00 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-18 15:00 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-18 15:00 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-18 15:00 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-18 15:00 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-18 15:00 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-18 15:00 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-18 15:00 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-18 15:00 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-18 15:00 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-18 15:00 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-18 14:05 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 14:05 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 14:05 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 14:05 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 14:05 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 14:05 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 14:05 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 14:05 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 14:05 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-18 14:05 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-18 14:05 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 14:05 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-18 14:05 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-18 14:05 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 14:04 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 14:04 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 14:04 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 14:04 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 14:04 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 14:04 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 14:04 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 14:04 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 14:04 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 14:04 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 14:04 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 14:04 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-12 14:29 - 2013-05-12 14:31 - 00000004 ____A C:\Users\Huthmann\AppData\Roaming\skype.ini

==================== One Month Modified Files and Folders =======

2013-06-10 21:33 - 2013-06-10 21:33 - 00000000 ____D C:\FRST
2013-06-10 21:31 - 2013-06-10 21:31 - 01920126 ____A (Farbar) C:\Users\Huthmann\Desktop\FRST64.exe
2013-06-10 21:24 - 2009-07-14 06:51 - 00087154 ____A C:\Windows\setupact.log
2013-06-10 20:08 - 2012-03-01 19:15 - 01478604 ____A C:\Windows\WindowsUpdate.log
2013-06-10 19:41 - 2013-06-10 19:40 - 00007194 ____A C:\Users\Huthmann\Desktop\GMER.log
2013-06-10 17:31 - 2013-06-10 17:31 - 00377856 ____A C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
2013-06-10 17:30 - 2013-06-10 17:30 - 00100434 ____A C:\Users\Huthmann\Desktop\OTL1.Txt
2013-06-10 17:30 - 2013-06-10 17:30 - 00077914 ____A C:\Users\Huthmann\Desktop\Extras1.Txt
2013-06-10 17:29 - 2013-06-10 17:29 - 00077914 ____A C:\Users\Huthmann\Desktop\Extras.Txt
2013-06-10 17:25 - 2013-06-10 17:25 - 00100434 ____A C:\Users\Huthmann\Desktop\OTL.Txt
2013-06-10 17:11 - 2013-06-10 17:11 - 00602112 ____A (OldTimer Tools) C:\Users\Huthmann\Desktop\OTL.exe
2013-06-10 17:11 - 2013-06-10 17:11 - 00000478 ____A C:\Users\Huthmann\Desktop\defogger_disable.log
2013-06-10 17:11 - 2013-06-10 17:11 - 00000000 ____A C:\Users\Huthmann\defogger_reenable
2013-06-10 17:11 - 2012-04-06 13:05 - 00000000 ____D C:\users\Huthmann
2013-06-10 17:10 - 2013-06-10 17:10 - 00050477 ____A C:\Users\Huthmann\Desktop\Defogger.exe
2013-06-10 15:04 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 15:04 - 2009-07-14 06:45 - 00024912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 12:25 - 2010-11-21 08:50 - 00654844 ____A C:\Windows\System32\perfh007.dat
2013-06-10 12:25 - 2010-11-21 08:50 - 00130426 ____A C:\Windows\System32\perfc007.dat
2013-06-10 12:25 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 12:19 - 2012-04-06 15:45 - 00000000 ___RD C:\Users\Huthmann\Desktop\Verknüpfungen
2013-06-10 12:16 - 2013-06-07 17:32 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Anymko
2013-06-10 12:12 - 2012-04-30 06:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 11:50 - 2011-08-22 11:52 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-10 11:50 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 11:48 - 2012-04-06 13:37 - 00000000 ____D C:\ProgramData\Avira
2013-06-10 11:47 - 2013-02-24 17:33 - 00002077 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-10 11:47 - 2013-02-24 17:32 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-10 11:42 - 2013-06-10 11:45 - 00141376 ____A (Avira GmbH) C:\Windows\System32\Drivers\avfwot.sys
2013-06-10 11:42 - 2013-06-10 11:45 - 00114608 ____A (Avira GmbH) C:\Windows\System32\Drivers\avfwim.sys
2013-06-10 11:31 - 2011-08-22 11:52 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 11:48 - 2013-06-07 17:32 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Ikavow
2013-06-07 20:25 - 2013-06-02 18:55 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\brah
2013-06-07 17:32 - 2013-06-07 17:32 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\Esadu
2013-06-07 17:28 - 2013-06-07 17:28 - 00037376 ____A C:\Users\Huthmann\Documents\Einsatzplan Junior Cup 2013.xls
2013-06-04 11:31 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-03 10:17 - 2012-12-04 18:39 - 00000000 ____D C:\Users\Huthmann\Documents\Beihilfe
2013-06-03 10:17 - 2012-09-22 16:06 - 00000000 ____D C:\Users\Huthmann\Documents\Bewerbung
2013-06-02 19:00 - 2012-04-06 13:22 - 00000000 ____D C:\Users\Huthmann\AppData\Local\Google
2013-06-02 18:56 - 2013-06-02 18:56 - 00739856 ____A (Google Inc.) C:\Users\Huthmann\AppData\Roaming\chromebrowser.exe
2013-06-02 18:56 - 2013-06-02 18:56 - 00012240 ____A C:\Program Files (x86)\PJQ.dat
2013-06-02 18:56 - 2013-06-02 18:56 - 00000000 _RSHD C:\Users\Huthmann\AppData\Roaming\Paaspgty
2013-06-02 18:56 - 2013-06-02 18:56 - 00000000 _RSHD C:\Program Files (x86)\Myan
2013-06-02 18:55 - 2013-06-02 18:55 - 00030720 ____A C:\Users\Huthmann\0lz7g3zb5jb8o.exe
2013-06-02 09:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-31 15:22 - 2012-12-25 11:09 - 00000000 ____D C:\Users\Huthmann\Documents\Fußball
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\UUdb
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\ProgramData\1&1 Mail & Media GmbH
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-05-28 17:52 - 2013-05-28 17:52 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-05-28 17:52 - 2013-05-05 13:49 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-05-27 18:27 - 2012-12-17 18:32 - 00000000 ____D C:\Users\Huthmann\Documents\Rechnungen
2013-05-26 17:56 - 2012-11-01 21:01 - 00000000 ____D C:\Users\Huthmann\AppData\Roaming\HpUpdate
2013-05-19 12:08 - 2009-07-14 06:45 - 00343616 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 15:25 - 2012-09-09 10:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-18 15:22 - 2012-04-09 20:01 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 15:13 - 2012-04-30 06:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-18 15:13 - 2012-04-30 06:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-12 14:31 - 2013-05-12 14:29 - 00000004 ____A C:\Users\Huthmann\AppData\Roaming\skype.ini

Files to move or delete:
====================
C:\Users\Huthmann\0lz7g3zb5jb8o.exe
C:\Users\Huthmann\ActiveSetupN.exe
C:\Users\Huthmann\avira_free_antivirus_898de.exe
C:\Users\Huthmann\winmail_opener.exe
C:\Users\Huthmann\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-29 14:16

==================== End Of Log ============================
Addition:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2013 02
Ran by Huthmann at 2013-06-10 21:39:19 Run:
Running from C:\Users\Huthmann\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
AAVUpdateManager (Version: 18.00.0000)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
AMD Media Foundation Decoders (Version: 1.0.60628.2255)
AMD VISION Engine Control Center (Version: 2011.0628.2340.40663)
Ask Toolbar (Version: 1.15.26.0)
ATI Catalyst Install Manager (Version: 3.0.829.0)
AudibleManager (Version: 2005613806.48.56.12717426)
Avira Internet Security (Version: 13.0.0.3640)
Avira SearchFree Toolbar plus Web Protection Updater (Version: 1.2.6.45268)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.97)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Portuguese (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
FATE (Version: 2.2.0.97)
Fax (Version: 130.0.418.000)
Final Drive: Nitro (Version: 2.2.0.95)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
High-Definition Video Playback (Version: 7.3.10900.8.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Foto- und Bildbearbeitung 2.0 - All-in-One (Version: 1.10.0000)
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber  (Version: 1.10.0000)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Speicher-Disc (Version: 1.0.4.805)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Insaniquarium Deluxe (Version: 2.2.0.97)
Java Auto Updater (Version: 2.0.2.1)
Java(TM) 6 Update 20 (Version: 6.0.200)
JNLP
Junk Mail filter update (Version: 15.4.3502.0922)
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook.de (Version: 1.3.5)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero BackItUp 10 (Version: 5.8.10900.8.100)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10700)
Nero BurnRights 10 (Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10700)
Nero Control Center 10 (Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Express 10 (Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (Version: 10.6.10700)
Nero InfoTool 10 (Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (Version: 10.6.10700)
Nero Kwik Media (Version: 1.6.15100.59.100)
Nero Multimedia Suite 10 Essentials (Version: 10.6.10300)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10800)
Nero StartSmart 10 (Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (Version: 10.6.10700)
Nero Update (Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (Version: 10.6.10900)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Ravensburger tiptoi
Realtek Ethernet Controller Driver (Version: 7.30.1019.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6241)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30123)
Realtek WLAN Driver (Version: 2.00.0016)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 5.10 (Version: 5.10.116)
Slingo Deluxe (Version: 2.2.0.95)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Synaptics Pointing Device Driver (Version: 15.1.16.0)
Toolbox (Version: 130.0.648.000)
TOSHIBA Assist (Version: 4.01.00)
TOSHIBA Bulletin Board (Version: 2.1.10.64)
TOSHIBA ConfigFree (Version: 8.0.36)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.11C)
TOSHIBA Hardware Setup (Version: 1.63.0.34C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Manuals (Version: 10.02)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Online Product Information (Version: 4.01.0000)
TOSHIBA Places Icon Utility (Version: 1.1.0.12)
TOSHIBA Recovery Media Creator (Version: 2.1.0.5 x64)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Service Station (Version: 2.1.45)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Supervisorkennwort (Version: 1.63.51.2C)
TOSHIBA TEMPRO (Version: 3.35)
TOSHIBA Value Added Package (Version: 1.3.22.64)
TOSHIBA Web Camera Application (Version: 1.1.5.7)
TOSHIBA Wireless LAN Indicator (Version: 1.0.4)
TrayApp (Version: 130.0.376.000)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Utility Common Driver (Version: 1.0.52.2C)
WEB.DE Desktop Icons (Version: 3.0.3.0)
WEB.DE MailCheck für Internet Explorer (Version: 2.2.2.0)
WEB.DE Softwareaktualisierung (Version: 3.0.0.54)
WebReg (Version: 130.0.132.017)
Wedding Dash 2 - Rings Around the World (Version: 2.2.0.95)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.5)
WildTangent-Spiele (Version: 1.0.2.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Winmail Opener 1.4 (Version: 1.4)
Yahoo! Toolbar
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points  =========================

04-03-2013 07:17:17 Geplanter Prüfpunkt
15-03-2013 04:47:33 Windows Update
18-03-2013 04:44:46 Windows Update
26-03-2013 04:47:59 Windows Update
11-04-2013 03:51:25 Windows Update
24-04-2013 03:48:55 Windows Update
30-04-2013 12:42:50 Windows Update
12-05-2013 14:41:12 Geplanter Prüfpunkt
16-05-2013 03:43:41 Windows Update
18-05-2013 12:03:22 Windows Update
18-05-2013 13:11:30 Windows Update
10-06-2013 09:47:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2013 09:26:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 02:54:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 00:19:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:51:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:06:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2013 10:49:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2013 08:05:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 08:25:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 05:26:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 05:46:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/10/2013 09:25:02 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (06/10/2013 08:08:14 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/10/2013 02:59:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (06/10/2013 02:53:19 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (06/10/2013 02:51:31 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/10/2013 00:24:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (06/10/2013 00:18:47 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (06/10/2013 00:17:18 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/10/2013 11:51:23 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (06/10/2013 11:49:19 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (06/10/2013 09:26:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 02:54:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 00:19:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:51:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:06:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2013 10:49:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2013 08:05:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 08:25:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 05:26:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2013 05:46:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3691.64 MB
Available physical RAM: 2226.79 MB
Total Pagefile: 7381.46 MB
Available Pagefile: 5379.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:153.88 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:224.38 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41D68339)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 11.06.2013, 07:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hi,

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
C:\Users\Huthmann\0lz7g3zb5jb8o.exe
C:\Users\Huthmann\ActiveSetupN.exe
C:\Users\Huthmann\winmail_opener.exe
C:\Users\Huthmann\AppData\Roaming\skype.ini
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.06.2013, 16:13   #5
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

hier ist die Fixlog.txt Datei

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2013 02
Ran by Huthmann at 2013-06-11 17:10:22 Run:1
Running from C:\Users\Huthmann\Desktop
Boot Mode: Normal
==============================================

C:\Users\Huthmann\0lz7g3zb5jb8o.exe => Moved successfully.
C:\Users\Huthmann\ActiveSetupN.exe => Moved successfully.
C:\Users\Huthmann\winmail_opener.exe => Moved successfully.
C:\Users\Huthmann\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====
         
Hallo Schrauber,

hier nun die nächste Log. Danke bisweilen.

Code:
ATTFilter
ComboFix 13-06-08.02 - Huthmann 11.06.2013  18:53:20.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2233 [GMT 2:00]
ausgeführt von:: c:\users\Huthmann\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\users\Huthmann\AppData\Roaming\chromebrowser.exe
c:\users\Huthmann\avira_free_antivirus_898de.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 17:02 . 2013-06-11 17:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-11 15:18 . 2013-06-11 15:18	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0A46479-B033-43DE-9B3A-068A9025921D}\offreg.dll
2013-06-11 15:09 . 2013-05-13 23:48	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0A46479-B033-43DE-9B3A-068A9025921D}\mpengine.dll
2013-06-10 19:33 . 2013-06-10 19:33	--------	d-----w-	C:\FRST
2013-06-10 09:45 . 2013-06-10 09:42	141376	----a-w-	c:\windows\system32\drivers\avfwot.sys
2013-06-10 09:45 . 2013-06-10 09:42	114608	----a-w-	c:\windows\system32\drivers\avfwim.sys
2013-06-07 15:32 . 2013-06-10 10:16	--------	d-----w-	c:\users\Huthmann\AppData\Roaming\Anymko
2013-06-07 15:32 . 2013-06-09 09:48	--------	d-----w-	c:\users\Huthmann\AppData\Roaming\Ikavow
2013-06-07 15:32 . 2013-06-07 15:32	--------	d-----w-	c:\users\Huthmann\AppData\Roaming\Esadu
2013-06-02 16:56 . 2013-06-02 16:56	--------	d-sh--r-	c:\program files (x86)\Myan
2013-06-02 16:56 . 2013-06-02 16:56	--------	d-sh--r-	c:\users\Huthmann\AppData\Roaming\Paaspgty
2013-06-02 16:55 . 2013-06-07 18:25	--------	d-----w-	c:\users\Huthmann\AppData\Roaming\brah
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\UUdb
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\1&1 Mail & Media GmbH
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\program files\WEB.DE MailCheck
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\program files (x86)\WEB.DE MailCheck
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\DesktopIcons
2013-05-28 15:51 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\1und1DesktopIconsInstaller
2013-05-18 13:02 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-18 12:05 . 2013-04-05 04:43	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-18 12:04 . 2013-04-05 06:50	855552	----a-w-	c:\windows\system32\jscript.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 13:22 . 2012-04-09 18:01	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-18 13:13 . 2012-04-30 04:53	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 13:13 . 2012-04-30 04:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 11:29 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 08:08 . 2013-05-06 08:08	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-30 12:50 . 2013-04-30 12:50	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-30 12:50 . 2013-04-30 12:50	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-30 12:50 . 2013-04-30 12:50	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-30 12:50 . 2013-04-30 12:50	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:50 . 2013-04-30 12:50	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:50 . 2013-04-30 12:50	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:50 . 2013-04-30 12:50	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-30 12:50 . 2013-04-30 12:50	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:50 . 2013-04-30 12:50	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-30 12:50 . 2013-04-30 12:50	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-30 12:50 . 2013-04-30 12:50	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-30 12:50 . 2013-04-30 12:50	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:50 . 2013-04-30 12:50	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-30 12:50 . 2013-04-30 12:50	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:50 . 2013-04-30 12:50	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-30 12:50 . 2013-04-30 12:50	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-30 12:50 . 2013-04-30 12:50	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:50 . 2013-04-30 12:50	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:50 . 2013-04-30 12:50	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-30 12:50 . 2013-04-30 12:50	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:50 . 2013-04-30 12:50	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-30 12:50 . 2013-04-30 12:50	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-30 12:50 . 2013-04-30 12:50	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-30 12:50 . 2013-04-30 12:50	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-30 12:50 . 2013-04-30 12:50	441856	----a-w-	c:\windows\system32\html.iec
2013-04-30 12:50 . 2013-04-30 12:50	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-30 12:50 . 2013-04-30 12:50	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-30 12:50 . 2013-04-30 12:50	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-30 12:50 . 2013-04-30 12:50	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-30 12:50 . 2013-04-30 12:50	235008	----a-w-	c:\windows\system32\url.dll
2013-04-30 12:50 . 2013-04-30 12:50	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-30 12:50 . 2013-04-30 12:50	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-30 12:50 . 2013-04-30 12:50	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-30 12:50 . 2013-04-30 12:50	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-30 12:50 . 2013-04-30 12:50	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-30 12:50 . 2013-04-30 12:50	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-30 12:50 . 2013-04-30 12:50	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-30 12:50 . 2013-04-30 12:50	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-30 12:50 . 2013-04-30 12:50	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:50 . 2013-04-30 12:50	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-30 12:50 . 2013-04-30 12:50	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-30 12:50 . 2013-04-30 12:50	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-30 12:50 . 2013-04-30 12:50	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-30 12:50 . 2013-04-30 12:50	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 12:50 . 2013-04-30 12:50	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-30 12:50 . 2013-04-30 12:50	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-30 12:50 . 2013-04-30 12:50	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-30 12:50 . 2013-04-30 12:50	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-30 12:50 . 2013-04-30 12:50	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-30 12:47 . 2013-04-30 12:47	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-30 12:47 . 2013-04-30 12:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-30 12:47 . 2013-04-30 12:47	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-30 12:47 . 2013-04-30 12:47	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-30 12:47 . 2013-04-30 12:47	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 12:47 . 2013-04-30 12:47	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-30 12:47 . 2013-04-30 12:47	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-30 12:47 . 2013-04-30 12:47	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-30 12:47 . 2013-04-30 12:47	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 12:47 . 2013-04-30 12:47	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-30 12:47 . 2013-04-30 12:47	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-30 12:47 . 2013-04-30 12:47	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-04-30 12:47 . 2013-04-30 12:47	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-04-30 12:47 . 2013-04-30 12:47	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-04-30 12:47 . 2013-04-30 12:47	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-04-30 12:47 . 2013-04-30 12:47	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-04-30 12:47 . 2013-04-30 12:47	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-30 12:47 . 2013-04-30 12:47	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-30 12:47 . 2013-04-30 12:47	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-30 12:47 . 2013-04-30 12:47	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-30 12:47 . 2013-04-30 12:47	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-30 12:47 . 2013-04-30 12:47	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-30 12:47 . 2013-04-30 12:47	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-30 12:47 . 2013-04-30 12:47	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-30 12:47 . 2013-04-30 12:47	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-30 12:47 . 2013-04-30 12:47	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-30 12:47 . 2013-04-30 12:47	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-22 09:52	433648	----a-w-	c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-22 39408]
"brah"="c:\users\Huthmann\AppData\Roaming\brah\sit.bat" [2013-06-02 193]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-10 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-05-27 1516608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-22 1493888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 15:31	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 13:13]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 09:51]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-22 09:52	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-10 11580520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-22 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
.
------- Dateityp-Verknüpfung -------
.
txtfile="c:\program files (x86)\Myan\Myan.exe" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ytobfo - c:\users\Huthmann\AppData\Roaming\Ysih\uvmi.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  19:06:38
ComboFix-quarantined-files.txt  2013-06-11 17:06
.
Vor Suchlauf: 8 Verzeichnis(se), 166.339.338.240 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 166.833.782.784 Bytes frei
.
- - End Of File - - 8AE65294ED276730140C2A7436A75E65
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 11.06.2013, 19:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hi,

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\Huthmann\AppData\Roaming\Anymko
    c:\users\Huthmann\AppData\Roaming\Ikavow
    c:\users\Huthmann\AppData\Roaming\Esadu
    c:\program files (x86)\Myan
    c:\users\Huthmann\AppData\Roaming\Paaspgty
    c:\users\Huthmann\AppData\Roaming\brah
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "brah"=-
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
--> Trojaner beim Online-Banking

Alt 11.06.2013, 20:29   #7
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

hier nun das Log. Suspect oder Collect ist nicht erschienen, daher kein upload.

Code:
ATTFilter
ComboFix 13-06-08.02 - Huthmann 11.06.2013  21:12:45.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2200 [GMT 2:00]
ausgeführt von:: c:\users\Huthmann\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Huthmann\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Myan
c:\program files (x86)\Myan\Myan.exe
c:\users\Huthmann\AppData\Roaming\Anymko
c:\users\Huthmann\AppData\Roaming\brah
c:\users\Huthmann\AppData\Roaming\brah\1.bat
c:\users\Huthmann\AppData\Roaming\brah\API.class
c:\users\Huthmann\AppData\Roaming\brah\diablo121016.cl
c:\users\Huthmann\AppData\Roaming\brah\diakgcn121016.cl
c:\users\Huthmann\AppData\Roaming\brah\libblkmaker-0.1-0.dll
c:\users\Huthmann\AppData\Roaming\brah\libblkmaker_jansson-0.1-0.dll
c:\users\Huthmann\AppData\Roaming\brah\libcurl-4.dll
c:\users\Huthmann\AppData\Roaming\brah\libjansson-4.dll
c:\users\Huthmann\AppData\Roaming\brah\libusb-1.0.dll
c:\users\Huthmann\AppData\Roaming\brah\miner.php
c:\users\Huthmann\AppData\Roaming\brah\pdcurses.dll
c:\users\Huthmann\AppData\Roaming\brah\phatk121016.cl
c:\users\Huthmann\AppData\Roaming\brah\poclbm121016.cl
c:\users\Huthmann\AppData\Roaming\brah\pthreadGC2.dll
c:\users\Huthmann\AppData\Roaming\brah\scrypt121016.cl
c:\users\Huthmann\AppData\Roaming\brah\sit.bat
c:\users\Huthmann\AppData\Roaming\brah\zlib1.dll
c:\users\Huthmann\AppData\Roaming\Esadu
c:\users\Huthmann\AppData\Roaming\Esadu\daca.dyo
c:\users\Huthmann\AppData\Roaming\Ikavow
c:\users\Huthmann\AppData\Roaming\Ikavow\ocun.myq
c:\users\Huthmann\AppData\Roaming\Ikavow\ocun.tmp
c:\users\Huthmann\AppData\Roaming\Paaspgty
c:\users\Huthmann\AppData\Roaming\Paaspgty\Paaspgty.scr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 19:22 . 2013-06-11 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-11 15:09 . 2013-05-13 23:48	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0A46479-B033-43DE-9B3A-068A9025921D}\mpengine.dll
2013-06-10 19:33 . 2013-06-10 19:33	--------	d-----w-	C:\FRST
2013-06-10 09:45 . 2013-06-10 09:42	141376	----a-w-	c:\windows\system32\drivers\avfwot.sys
2013-06-10 09:45 . 2013-06-10 09:42	114608	----a-w-	c:\windows\system32\drivers\avfwim.sys
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\UUdb
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\1&1 Mail & Media GmbH
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\program files\WEB.DE MailCheck
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\program files (x86)\WEB.DE MailCheck
2013-05-28 15:52 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\DesktopIcons
2013-05-28 15:51 . 2013-05-28 15:52	--------	d-----w-	c:\programdata\1und1DesktopIconsInstaller
2013-05-18 13:02 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-18 12:05 . 2013-04-05 04:43	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-18 12:04 . 2013-04-05 06:50	855552	----a-w-	c:\windows\system32\jscript.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 13:22 . 2012-04-09 18:01	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-18 13:13 . 2012-04-30 04:53	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 13:13 . 2012-04-30 04:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 11:29 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 08:08 . 2013-05-06 08:08	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-30 12:50 . 2013-04-30 12:50	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-30 12:50 . 2013-04-30 12:50	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-30 12:50 . 2013-04-30 12:50	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-30 12:50 . 2013-04-30 12:50	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:50 . 2013-04-30 12:50	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:50 . 2013-04-30 12:50	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:50 . 2013-04-30 12:50	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-30 12:50 . 2013-04-30 12:50	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:50 . 2013-04-30 12:50	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-30 12:50 . 2013-04-30 12:50	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-30 12:50 . 2013-04-30 12:50	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-30 12:50 . 2013-04-30 12:50	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:50 . 2013-04-30 12:50	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-30 12:50 . 2013-04-30 12:50	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:50 . 2013-04-30 12:50	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-30 12:50 . 2013-04-30 12:50	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-30 12:50 . 2013-04-30 12:50	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:50 . 2013-04-30 12:50	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:50 . 2013-04-30 12:50	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-30 12:50 . 2013-04-30 12:50	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:50 . 2013-04-30 12:50	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-30 12:50 . 2013-04-30 12:50	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-30 12:50 . 2013-04-30 12:50	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-30 12:50 . 2013-04-30 12:50	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-30 12:50 . 2013-04-30 12:50	441856	----a-w-	c:\windows\system32\html.iec
2013-04-30 12:50 . 2013-04-30 12:50	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-30 12:50 . 2013-04-30 12:50	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-30 12:50 . 2013-04-30 12:50	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-30 12:50 . 2013-04-30 12:50	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-30 12:50 . 2013-04-30 12:50	235008	----a-w-	c:\windows\system32\url.dll
2013-04-30 12:50 . 2013-04-30 12:50	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-30 12:50 . 2013-04-30 12:50	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-30 12:50 . 2013-04-30 12:50	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-30 12:50 . 2013-04-30 12:50	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-30 12:50 . 2013-04-30 12:50	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-30 12:50 . 2013-04-30 12:50	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-30 12:50 . 2013-04-30 12:50	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-30 12:50 . 2013-04-30 12:50	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-30 12:50 . 2013-04-30 12:50	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:50 . 2013-04-30 12:50	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-30 12:50 . 2013-04-30 12:50	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-30 12:50 . 2013-04-30 12:50	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-30 12:50 . 2013-04-30 12:50	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-30 12:50 . 2013-04-30 12:50	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 12:50 . 2013-04-30 12:50	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-30 12:50 . 2013-04-30 12:50	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-30 12:50 . 2013-04-30 12:50	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-30 12:50 . 2013-04-30 12:50	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-30 12:50 . 2013-04-30 12:50	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-30 12:47 . 2013-04-30 12:47	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-30 12:47 . 2013-04-30 12:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-30 12:47 . 2013-04-30 12:47	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-30 12:47 . 2013-04-30 12:47	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-30 12:47 . 2013-04-30 12:47	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 12:47 . 2013-04-30 12:47	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-30 12:47 . 2013-04-30 12:47	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-30 12:47 . 2013-04-30 12:47	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-30 12:47 . 2013-04-30 12:47	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 12:47 . 2013-04-30 12:47	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-30 12:47 . 2013-04-30 12:47	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-30 12:47 . 2013-04-30 12:47	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-04-30 12:47 . 2013-04-30 12:47	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-04-30 12:47 . 2013-04-30 12:47	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-04-30 12:47 . 2013-04-30 12:47	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-04-30 12:47 . 2013-04-30 12:47	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-04-30 12:47 . 2013-04-30 12:47	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 12:47 . 2013-04-30 12:47	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-30 12:47 . 2013-04-30 12:47	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-30 12:47 . 2013-04-30 12:47	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-30 12:47 . 2013-04-30 12:47	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-30 12:47 . 2013-04-30 12:47	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-30 12:47 . 2013-04-30 12:47	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-30 12:47 . 2013-04-30 12:47	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-30 12:47 . 2013-04-30 12:47	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-30 12:47 . 2013-04-30 12:47	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-30 12:47 . 2013-04-30 12:47	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-30 12:47 . 2013-04-30 12:47	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-22 09:52	433648	----a-w-	c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-10 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-05-27 1516608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-22 1493888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 15:31	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 13:13]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 09:51]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-22 09:52	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-10 11580520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-22 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  21:25:34
ComboFix-quarantined-files.txt  2013-06-11 19:25
ComboFix2.txt  2013-06-11 17:06
.
Vor Suchlauf: 11 Verzeichnis(se), 166.879.981.568 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 166.580.326.400 Bytes frei
.
- - End Of File - - A898BCB417506EED6240AF8B79F9A583
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 12.06.2013, 07:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches OTL log. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.06.2013, 18:41   #9
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

hier die Dateien. Derzeit habe sind keine Probleme mehr aufgetreten, Danke.

ADW:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 12/06/2013 um 18:33:08 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Huthmann - MJH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Huthmann\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Partner Service

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Huthmann\AppData\Local\APN
Ordner Gelöscht : C:\Users\Huthmann\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Huthmann\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Huthmann\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [9894 octets] - [12/06/2013 18:33:08]

########## EOF - C:\AdwCleaner[S1].txt - [9954 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Huthmann on 12.06.2013 at 19:06:53,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{421D42E9-DE13-43BA-B84F-CDD4F5ED31B6}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2013 at 19:15:54,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und hier noch ein neues OTL:
Code:
ATTFilter
OTL logfile created on: 12.06.2013 19:25:26 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Huthmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,61 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 61,49% Memory free
7,21 Gb Paging File | 5,27 Gb Available in Paging File | 73,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 155,02 Gb Free Space | 66,57% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,38 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
 
Computer Name: MJH | User Name: Huthmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
PRC - [2013.05.27 13:50:36 | 001,516,608 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.06.28 23:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.10.20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.06.10 11:41:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.10 11:40:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.10 11:40:08 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.06.10 11:40:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.10 11:39:57 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.05.18 15:13:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.07.01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.05.21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2013.03.28 06:46:36 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 06:46:36 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 06:46:36 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 19:22:09 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.29 01:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.28 23:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 18:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 12:56:44 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.09.30 21:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.14 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.08.14 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.04.06 13:49:16 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2C85BFB1-9AFE-47A4-BE14-87755B3ED67D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{36D28309-7E16-4884-B7F9-2F4745334787}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE478
IE - HKCU\..\SearchScopes\{756D3384-B88A-4A23-92C3-305FE75B6446}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{B3A25B8E-87C6-43FC-9A3B-BD5E037A0D32}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Avira Toolbar = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
 
O1 HOSTS File: ([2013.06.11 21:22:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FCFBBE-C0E1-499C-93F4-56EC17B65178}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.12 19:06:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.12 19:06:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.12 19:05:45 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Huthmann\Desktop\JRT.exe
[2013.06.12 05:33:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 21:34:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.06.11 21:04:32 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Huthmann\Desktop\ComboFix.exe
[2013.06.11 17:20:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 17:20:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 17:20:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 17:16:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 17:15:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.10 21:33:16 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.10 21:31:07 | 001,920,126 | ---- | C] (Farbar) -- C:\Users\Huthmann\Desktop\FRST64.exe
[2013.06.10 17:11:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 11:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.10 11:45:16 | 000,141,376 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:45:16 | 000,114,608 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.05.28 17:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013.05.28 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2013.05.28 17:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2013.05.28 17:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.12 19:05:45 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Huthmann\Desktop\JRT.exe
[2013.06.12 18:58:44 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 18:58:44 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 18:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 18:50:44 | 2903,220,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 18:32:27 | 000,648,201 | ---- | M] () -- C:\Users\Huthmann\Desktop\adwcleaner.exe
[2013.06.11 21:22:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.11 21:04:57 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Huthmann\Desktop\ComboFix.exe
[2013.06.11 19:17:36 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.11 19:17:36 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.11 19:17:36 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.11 19:17:36 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.11 19:17:36 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.10 21:31:10 | 001,920,126 | ---- | M] (Farbar) -- C:\Users\Huthmann\Desktop\FRST64.exe
[2013.06.10 17:31:53 | 000,377,856 | ---- | M] () -- C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
[2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 17:11:11 | 000,000,000 | ---- | M] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:17 | 000,050,477 | ---- | M] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.10 12:12:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 11:50:55 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.10 11:47:55 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.06.10 11:31:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 18:56:08 | 000,012,240 | ---- | M] () -- C:\Program Files (x86)\PJQ.dat
[2013.05.19 12:08:06 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.12 18:32:27 | 000,648,201 | ---- | C] () -- C:\Users\Huthmann\Desktop\adwcleaner.exe
[2013.06.11 17:20:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 17:20:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 17:20:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 17:20:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 17:20:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.10 17:31:53 | 000,377,856 | ---- | C] () -- C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
[2013.06.10 17:11:11 | 000,000,000 | ---- | C] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:16 | 000,050,477 | ---- | C] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.02 18:56:08 | 000,012,240 | ---- | C] () -- C:\Program Files (x86)\PJQ.dat
[2012.10.25 20:01:41 | 000,238,325 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2012.10.25 20:01:41 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.10.25 19:45:21 | 000,238,976 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.09.09 11:01:15 | 000,197,908 | ---- | C] () -- C:\Users\Huthmann\Office 2010.xps
[2012.04.17 06:19:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.06 13:43:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012.03.01 19:49:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2012.03.01 19:35:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.03.01 19:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.01 19:15:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.22 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ahizyd
[2013.01.22 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\bc0e72aa-946e-426c-9dbd-e45434712a8c79
[2012.04.21 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013.01.20 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Kikoa
[2013.03.31 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\RavensburgerTipToi
[2012.09.09 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\SoftGrid Client
[2012.05.06 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Toshiba
[2012.04.06 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TOSHIBA Online Product Information
[2012.04.17 06:20:59 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TP
[2013.01.22 06:41:08 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ysih
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 12.06.2013, 19:49   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Supi, noch nen Onlinscan, dann sind wir durch


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.06.2013, 04:49   #11
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Guten Morgen Schrauber,

hier nun die Log`s:

Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a7a9e295511d0b4ca9cccc0d8e615baf
# engine=14059
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-12 08:55:37
# local_time=2013-06-12 10:55:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 13166 122700387 0 0
# scanned=164953
# found=7
# cleaned=0
# scan_time=6822
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\FRST\Quarantine\0lz7g3zb5jb8o.exe"
sh=283A23082E335CD47F1B181245E0A90FC65350E9 ft=0 fh=0000000000000000 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\Program Files (x86)\PJQ.dat"
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Myan\Myan.exe.vir"
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Huthmann\AppData\Roaming\Paaspgty\Paaspgty.scr.vir"
sh=FA4E25F05D0A4760F64279B94A8734C19872FBE0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Huthmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\14254742-54422ca4"
sh=A9F71A9262305B42586484605D47501EE5AE0DEA ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OOC trojan" ac=I fn="C:\Users\Huthmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d90297-4d8e493a"
sh=A9F71A9262305B42586484605D47501EE5AE0DEA ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OOC trojan" ac=I fn="C:\Users\Huthmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d90297-5579ae22"
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 TOSHIBA TOSHIBA Online Product Information TOPI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
OTL:

Code:
ATTFilter
OTL logfile created on: 13.06.2013 05:34:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Huthmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,61 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 61,80% Memory free
7,21 Gb Paging File | 5,33 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 155,11 Gb Free Space | 66,61% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,38 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
Drive F: | 7,41 Gb Total Space | 4,30 Gb Free Space | 58,10% Space Free | Partition Type: FAT32
Drive G: | 3,76 Gb Total Space | 1,43 Gb Free Space | 38,09% Space Free | Partition Type: FAT32
 
Computer Name: MJH | User Name: Huthmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
PRC - [2013.05.27 13:50:36 | 001,516,608 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.06.28 23:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.10.20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.06.10 11:41:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.10 11:40:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.06.10 11:40:08 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.06.10 11:40:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.10 11:39:57 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.05.18 15:13:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.07.01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.05.21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2013.03.28 06:46:36 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 06:46:36 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 06:46:36 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 19:22:09 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.29 01:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.28 23:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 18:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 12:56:44 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.09.30 21:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.14 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.08.14 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.04.06 13:49:16 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2C85BFB1-9AFE-47A4-BE14-87755B3ED67D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{36D28309-7E16-4884-B7F9-2F4745334787}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE478
IE - HKCU\..\SearchScopes\{756D3384-B88A-4A23-92C3-305FE75B6446}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{B3A25B8E-87C6-43FC-9A3B-BD5E037A0D32}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 19:55:58 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Avira Toolbar = C:\Users\Huthmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
 
O1 HOSTS File: ([2013.06.11 21:22:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6FCFBBE-C0E1-499C-93F4-56EC17B65178}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.12 20:55:48 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Huthmann\Desktop\esetsmartinstaller_enu.exe
[2013.06.12 19:06:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.12 19:06:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.12 19:05:45 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Huthmann\Desktop\JRT.exe
[2013.06.12 05:33:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 21:34:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.06.11 21:04:32 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Huthmann\Desktop\ComboFix.exe
[2013.06.11 17:20:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 17:20:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 17:20:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 17:16:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 17:15:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.10 21:33:16 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.10 21:31:07 | 001,920,126 | ---- | C] (Farbar) -- C:\Users\Huthmann\Desktop\FRST64.exe
[2013.06.10 17:11:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 11:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.10 11:45:16 | 000,141,376 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:45:16 | 000,114,608 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.05.28 17:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.05.28 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013.05.28 17:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2013.05.28 17:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2013.05.28 17:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 05:23:12 | 000,890,839 | ---- | M] () -- C:\Users\Huthmann\Desktop\SecurityCheck.exe
[2013.06.13 03:31:20 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 03:31:20 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 03:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 03:22:43 | 2903,220,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 20:57:37 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.12 20:57:37 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.12 20:57:37 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.12 20:57:37 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.12 20:57:37 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.12 20:55:49 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Huthmann\Desktop\esetsmartinstaller_enu.exe
[2013.06.12 19:05:45 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Huthmann\Desktop\JRT.exe
[2013.06.12 18:32:27 | 000,648,201 | ---- | M] () -- C:\Users\Huthmann\Desktop\adwcleaner.exe
[2013.06.11 21:22:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.11 21:04:57 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Huthmann\Desktop\ComboFix.exe
[2013.06.10 21:31:10 | 001,920,126 | ---- | M] (Farbar) -- C:\Users\Huthmann\Desktop\FRST64.exe
[2013.06.10 17:31:53 | 000,377,856 | ---- | M] () -- C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
[2013.06.10 17:11:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Huthmann\Desktop\OTL.exe
[2013.06.10 17:11:11 | 000,000,000 | ---- | M] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:17 | 000,050,477 | ---- | M] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.10 12:12:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 11:50:55 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.10 11:47:55 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.10 11:42:25 | 000,141,376 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.06.10 11:42:25 | 000,114,608 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.06.10 11:31:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 18:56:08 | 000,012,240 | ---- | M] () -- C:\Program Files (x86)\PJQ.dat
[2013.05.19 12:08:06 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.13 05:23:12 | 000,890,839 | ---- | C] () -- C:\Users\Huthmann\Desktop\SecurityCheck.exe
[2013.06.12 18:32:27 | 000,648,201 | ---- | C] () -- C:\Users\Huthmann\Desktop\adwcleaner.exe
[2013.06.11 17:20:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 17:20:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 17:20:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 17:20:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 17:20:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.10 17:31:53 | 000,377,856 | ---- | C] () -- C:\Users\Huthmann\Desktop\gmer_2.1.19163.exe
[2013.06.10 17:11:11 | 000,000,000 | ---- | C] () -- C:\Users\Huthmann\defogger_reenable
[2013.06.10 17:10:16 | 000,050,477 | ---- | C] () -- C:\Users\Huthmann\Desktop\Defogger.exe
[2013.06.02 18:56:08 | 000,012,240 | ---- | C] () -- C:\Program Files (x86)\PJQ.dat
[2012.10.25 20:01:41 | 000,238,325 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2012.10.25 20:01:41 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.10.25 19:45:21 | 000,238,976 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.09.09 11:01:15 | 000,197,908 | ---- | C] () -- C:\Users\Huthmann\Office 2010.xps
[2012.04.17 06:19:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.06 13:43:42 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2012.03.01 19:49:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2012.03.01 19:35:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.03.01 19:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.01 19:15:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.22 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ahizyd
[2013.01.22 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\bc0e72aa-946e-426c-9dbd-e45434712a8c79
[2012.04.21 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013.01.20 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Kikoa
[2013.03.31 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\RavensburgerTipToi
[2012.09.09 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\SoftGrid Client
[2012.05.06 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Toshiba
[2012.04.06 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TOSHIBA Online Product Information
[2012.04.17 06:20:59 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\TP
[2013.01.22 06:41:08 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ysih
 
========== Purity Check ==========
 
 

< End of report >
         
Gruß und Danke

Alt 13.06.2013, 07:22   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Java bitte updaten.

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
[2013.01.22 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ahizyd
[2013.01.22 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\bc0e72aa-946e-426c-9dbd-e45434712a8c79
[2013.01.20 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Kikoa
[2013.01.22 06:41:08 | 000,000,000 | ---D | M] -- C:\Users\Huthmann\AppData\Roaming\Ysih
:files
C:\Program Files (x86)\PJQ.da
:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.06.2013, 18:53   #13
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

nach dem Java update kam die Meldung Launch Error E4 und gestern wurden dann nochmal beim letzten online scan Trojaner gefunden. Ich gehe davon aus, dass dies normal ist?
Sind die jetzt weg?

Hier das OTL Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Huthmann\AppData\Roaming\Ahizyd folder moved successfully.
C:\Users\Huthmann\AppData\Roaming\bc0e72aa-946e-426c-9dbd-e45434712a8c79 folder moved successfully.
C:\Users\Huthmann\AppData\Roaming\Kikoa folder moved successfully.
C:\Users\Huthmann\AppData\Roaming\Ysih folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\PJQ.da not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Huthmann
->Temp folder emptied: 1600155 bytes
->Temporary Internet Files folder emptied: 728379555 bytes
->Java cache emptied: 223666 bytes
->Google Chrome cache emptied: 9035771 bytes
->Flash cache emptied: 14912865 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44502 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287547 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 760,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06132013_193439

Files\Folders moved on Reboot...
C:\Users\Huthmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Huthmann\AppData\Local\Temp\hpqtra005.log moved successfully.
C:\Users\Huthmann\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Danke

Alt 13.06.2013, 18:56   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



von obigem ESET Scan? Die sind weg, die waren in den Temps oder bereits in Quarantäne. Wenn keine Probleme mehr sind sind wir fertig und räumen auf.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.06.2013, 19:11   #15
cjhut
 
Trojaner beim Online-Banking - Standard

Trojaner beim Online-Banking



Hallo Schrauber,

die waren vom Eset Scan. Also ich bemerke ansonsten keine Probleme mehr.

Antwort

Themen zu Trojaner beim Online-Banking
adobe reader xi, antivir, antivirus, autorun, avira, avira searchfree toolbar, bho, diner dash, e-banking, error, firefox, flash player, google, helper, home, homepage, iexplore.exe, install.exe, logfile, officejet, online-banking, origin, plug-in, realtek, registry, rundll, scan, security, senden, software, svchost.exe, trojaner, tunnel, usb, wildtangent games, windows




Ähnliche Themen: Trojaner beim Online-Banking


  1. Windows XP: Avira meldet mehrere Trojaner, wurde beim Online Banking auf falsche Seite geleitet...
    Log-Analyse und Auswertung - 09.09.2013 (13)
  2. Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
    Log-Analyse und Auswertung - 24.05.2013 (23)
  3. Noch ein Trojaner beim Postbank Online Banking
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (20)
  4. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  5. Keylogger/Trojaner mischte sich beim Online-Banking ein
    Log-Analyse und Auswertung - 03.06.2011 (28)
  6. Trojaner verlangt beim Sparkassen-Online-banking 100 Tan-Nummern
    Log-Analyse und Auswertung - 01.05.2011 (7)
  7. Fishing versuche beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (12)
  8. 40 TANs Eingabe beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (17)
  9. Trojaner fragt nach TAN´s beim Online-Banking
    Log-Analyse und Auswertung - 03.01.2011 (34)
  10. 20 Tan-Abfrage beim Online-Banking der Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (18)
  11. 20-TAN Trojaner beim Online-Banking - Trojan.Dropper
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (14)
  12. Trojaner - Fishing der TANs beim Online Banking der Postbank
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (17)
  13. TAN Trojaner beim Online Banking der Deutschen Bank :(
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (12)
  14. Trojaner beim Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (38)
  15. sorgen beim online banking
    Log-Analyse und Auswertung - 29.05.2009 (6)
  16. Verdacht auf Trojaner beim Online-Banking
    Log-Analyse und Auswertung - 14.03.2009 (7)
  17. PIN Passwort-Stärke beim online-Banking
    Diskussionsforum - 04.02.2009 (4)

Zum Thema Trojaner beim Online-Banking - Hallo zusammen, ich habe gestern festgestellt, dass ich einen Trojaner auf dem Rechner habe. Beim Einloggen für das Online-Banking wurde ich aufgefordert, meine Tan-Liste einzugeben. Das hatte ich nicht gemacht - Trojaner beim Online-Banking...
Archiv
Du betrachtest: Trojaner beim Online-Banking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.