Fehlercode "searchpreview.de:443" - wie bekomme ich den weg

EMuc · 25.01.2011, 17:12

Hallo zusammen,

langsam bin ich völlig ratlos und bevor ich nun alles neu aufspiele möchte ich mich nun doch an Euch wenden.

Bin mir nicht sicher, ob ich mir nicht doch einen Trojaner eingefangen habe. Seit Tagen versuche ich mein Problem zu lösen. Nun wurde mir Euer Forum genannt und ich hoffe, daß man mir helfen kann.

Spybot Search hat nichts gefunden. Norton auch nicht.
Habe Vista, benutze Firefox 3.6.13 - Cache bereinigt, CCleaner, mit Tuneup alles durchsucht, defragmentiert ... und und und ....

Seitenaufbau teilweise sehr langsam, dauert bis zu 20 Sekunden. Am Provider bzw. an der Leitung liegt es nicht.

Immer wieder mal kommen Fehlermeldungen ... z.B. diese (siehe Anlage)

"Ein Fehler ist während einer Verbindung mit f.searchpreview.de:443 aufgetreten"

Hoffe, dass mir jemand helfen kann.

Danke schön

markusg · 25.01.2011, 17:24

tune up ist in diesen, wie in allen andern fällen nicht hilfreich, tuneup ist, ums genau zu sagen, schrott und hat auf keinem pc was zu suchen. das was tuneup kann, kann man selbst genauso, und ohne die gefahren, die durch tuneup auftreten.
die "verbesserungen" die tuneup zu bringen scheint, kann man auch unter "plazebo efekt" ablegen.
ich würd das von meinem pc verbannen!-
aber jetzt zum wichtigem teil:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

EMuc · 25.01.2011, 17:32

Danke, melde mich dann

EMuc · 25.01.2011, 17:55

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.01.2011 17:30:30 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\KARIN\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 69,51 Gb Free Space | 59,81% Space Free | Partition Type: NTFS
Drive E: | 115,21 Gb Total Space | 110,18 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
 
Computer Name: HAUSE | User Name: KARIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KARIN\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\T3Desk\T3Desk.exe (Tehnif Software SRL)
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\Spybot - Malware entfernen\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Malware entfernen\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\LFXGDIPO.EXE ()
PRC - C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe ()
PRC - C:\Program Files\Companion Suite Pro LL\MFServices.exe ()
PRC - C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\KARIN\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Amhooker.dll (A4Tech Co.,Ltd.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Malware entfernen\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110124.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110124.035\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110125.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (lfxnt) -- C:\Windows\System32\drivers\lfxnt.sys ()
DRV - (Amusbprt) -- C:\Windows\System32\drivers\Amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (Amfilter) -- C:\Windows\System32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (XMLDIUSB) -- C:\Windows\System32\drivers\XMLDIUSB.sys (OEM)
DRV - (LFXACT) -- C:\Windows\System32\drivers\LFXACT.sys (OEM)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fireloop@drawloop.com:2.1
FF - prefs.js..extensions.enabledItems: isgdcreator@postspectacular.com:0.2.2
FF - prefs.js..extensions.enabledItems: punyurl@puny.sapo.pt:1.7
FF - prefs.js..extensions.enabledItems: ShortenURL@loucypher:0.3.6
FF - prefs.js..extensions.enabledItems: {03b2b49d-07cc-415e-8ed7-1cbaf4c9092b}:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {8585C31E-1E94-4498-ACEC-CB913A05FC52}:4.3.3.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: facebookBlocker@webgraph.com:1.2.1
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "local,*.local"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010.06.06 07:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010.06.03 08:18:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.14 18:39:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.14 18:39:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.18 19:29:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.14 18:39:03 | 000,000,000 | ---D | M]
 
[2010.06.04 10:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KARIN\AppData\Roaming\mozilla\Extensions
[2009.12.09 10:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KARIN\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.25 09:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions
[2010.09.25 06:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{03b2b49d-07cc-415e-8ed7-1cbaf4c9092b}
[2010.06.05 08:13:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.28 18:09:42 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.01.23 22:57:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.08.17 05:48:17 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.12.31 14:06:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010.06.23 06:28:13 | 000,000,000 | ---D | M] ("eQuake Alert") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2010.10.24 19:02:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.01.22 23:02:40 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.11.13 15:29:20 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011.01.12 18:57:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.24 15:15:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.20 16:20:51 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010.11.28 02:26:17 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.07.12 15:35:29 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011.01.04 13:00:44 | 000,000,000 | ---D | M] ("FacebookBlocker") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\facebookBlocker@webgraph.com
[2010.08.17 05:48:17 | 000,000,000 | ---D | M] ("LOOP for Firefox") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\fireloop@drawloop.com
[2010.11.26 18:38:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\https-everywhere@eff.org
[2010.08.28 18:33:40 | 000,000,000 | ---D | M] ("is.gd Creator") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\isgdcreator@postspectacular.com
[2011.01.06 15:11:23 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\nosquint@urandom.ca
[2011.01.07 18:10:19 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\optimizegoogle@optimizegoogle.com
[2010.06.04 15:17:16 | 000,000,000 | ---D | M] (Puny URL) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\punyurl@puny.sapo.pt
[2010.06.04 11:16:41 | 000,000,000 | ---D | M] (Shorten URL) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\ShortenURL@loucypher
[2010.07.17 16:58:18 | 000,000,000 | ---D | M] (Twitter Links) -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\twitterlinks@dontstopnow.co.uk
[2010.12.23 17:28:08 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\KARIN\AppData\Roaming\mozilla\Firefox\Profiles\llsfevxh.default\extensions\unplug@compunach
[2011.01.25 09:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.19 22:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.14 22:12:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.20 15:51:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.06.03 08:18:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN
[2010.06.06 07:03:21 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
[2011.01.14 18:39:07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.22 15:42:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.22 15:42:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 15:42:51 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 15:42:51 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 15:42:51 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Malware entfernen\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MFPrintServer_Pro_LL] C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe ()
O4 - HKLM..\Run: [MFServices_Pro_LL] C:\Program Files\Companion Suite Pro LL\MFServices.exe ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Malware entfernen\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [T3Desk] C:\Program Files\T3Desk\T3Desk.exe (Tehnif Software SRL)
O4 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Companion - Manager.lnk = C:\Program Files\Companion Suite Pro LL\MFManager.exe ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Forex rates.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Icerocket - Nachrichten.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Journalists Latest Buzz.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netkompakt.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewsBrief.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stockwatch - Nachrichten.URL ()
O4 - Startup: C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welt online - Wikileaks.URL ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKU\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Malware entfernen\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{46AA243C-6639-4E0B-AB18-E7CA14FCCFBB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.25 14:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.01.24 09:34:54 | 000,000,000 | ---D | C] -- C:\Users\KARIN\Documents\Anti-Malware
[2011.01.22 16:49:39 | 000,000,000 | ---D | C] -- C:\Users\KARIN\Desktop\Wohnen
[2011.01.22 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\KARIN\Desktop\Urlaub
[2011.01.20 21:46:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.20 21:34:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.20 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Local\Sunbelt Software
[2011.01.20 21:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.01.20 19:31:05 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Roaming\ScanSpyware
[2011.01.20 17:50:19 | 000,000,000 | ---D | C] -- C:\Users\KARIN\Desktop\Neu f. Firefox
[2011.01.20 16:29:16 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Roaming\Malwarebytes
[2011.01.20 16:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.20 15:51:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.20 15:51:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.20 15:51:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.14 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Local\Real
[2011.01.14 18:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011.01.14 18:39:03 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011.01.14 18:38:48 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011.01.14 18:38:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011.01.14 18:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011.01.14 18:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.01.14 18:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.01.14 14:47:08 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2011.01.14 14:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2011.01.14 14:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011.01.14 14:43:45 | 000,000,000 | ---D | C] -- C:\Users\KARIN\AppData\Local\PackageAware
[2011.01.12 09:26:33 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 09:26:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.10 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\KARIN\Documents\Wikileaks
[2010.12.29 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\psynetic
[2009.04.09 11:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.25 17:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.01.25 16:49:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.25 16:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.25 14:49:17 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.01.25 13:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.25 13:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.25 12:09:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.01.25 03:12:15 | 000,000,111 | ---- | M] () -- C:\Users\KARIN\Desktop\Krankenkassenbeitrag Direktversicherung.URL
[2011.01.25 01:59:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 16:33:43 | 000,000,058 | ---- | M] () -- C:\Users\KARIN\Desktop\Interfax.URL
[2011.01.24 09:36:25 | 000,000,105 | ---- | M] () -- C:\Users\KARIN\Desktop\Achtung Trojaner wirbt mit Überraschung auf Facebook.URL
[2011.01.23 09:30:36 | 000,000,051 | ---- | M] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netkompakt.URL
[2011.01.22 18:01:17 | 000,000,084 | ---- | M] () -- C:\Users\KARIN\Desktop\NewsBrief.URL
[2011.01.22 10:45:59 | 000,022,796 | ---- | M] () -- C:\Users\KARIN\Documents\cc_20110122_104541.reg
[2011.01.21 20:43:54 | 000,001,027 | ---- | M] () -- C:\Users\KARIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.20 21:34:17 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.01.20 21:22:54 | 000,000,805 | ---- | M] () -- C:\Windows\ScanSpyware.INI
[2011.01.20 21:19:48 | 000,021,268 | ---- | M] () -- C:\Users\KARIN\Documents\Trojaner.odt
[2011.01.20 08:10:43 | 000,000,072 | ---- | M] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welt online - Wikileaks.URL
[2011.01.14 18:39:03 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011.01.14 18:38:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011.01.14 18:38:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011.01.14 18:38:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011.01.14 14:47:08 | 000,000,827 | ---- | M] () -- C:\Users\KARIN\Desktop\Eusing Free Registry Cleaner.lnk
[2011.01.06 19:07:26 | 000,000,202 | ---- | M] () -- C:\Users\KARIN\Desktop\Twittersuche.URL
[2011.01.04 09:32:33 | 000,000,680 | ---- | M] () -- C:\Users\KARIN\AppData\Local\d3d9caps.dat
[2011.01.01 11:50:27 | 000,000,084 | ---- | M] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewsBrief.URL
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.25 14:49:17 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.01.25 03:12:15 | 000,000,111 | ---- | C] () -- C:\Users\KARIN\Desktop\Krankenkassenbeitrag Direktversicherung.URL
[2011.01.24 16:33:43 | 000,000,058 | ---- | C] () -- C:\Users\KARIN\Desktop\Interfax.URL
[2011.01.24 09:36:25 | 000,000,105 | ---- | C] () -- C:\Users\KARIN\Desktop\Achtung Trojaner wirbt mit Überraschung auf Facebook.URL
[2011.01.23 09:30:36 | 000,000,051 | ---- | C] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netkompakt.URL
[2011.01.22 18:01:17 | 000,000,084 | ---- | C] () -- C:\Users\KARIN\Desktop\NewsBrief.URL
[2011.01.22 10:45:49 | 000,022,796 | ---- | C] () -- C:\Users\KARIN\Documents\cc_20110122_104541.reg
[2011.01.21 20:43:53 | 000,001,027 | ---- | C] () -- C:\Users\KARIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.20 21:22:54 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011.01.20 21:19:46 | 000,021,268 | ---- | C] () -- C:\Users\KARIN\Documents\Trojaner.odt
[2011.01.20 08:10:43 | 000,000,072 | ---- | C] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welt online - Wikileaks.URL
[2011.01.14 14:47:08 | 000,000,827 | ---- | C] () -- C:\Users\KARIN\Desktop\Eusing Free Registry Cleaner.lnk
[2011.01.06 19:07:26 | 000,000,202 | ---- | C] () -- C:\Users\KARIN\Desktop\Twittersuche.URL
[2011.01.01 11:50:27 | 000,000,084 | ---- | C] () -- C:\Users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewsBrief.URL
[2010.09.22 08:32:46 | 000,001,160 | ---- | C] () -- C:\Users\KARIN\AppData\Local\9A5FF4EA.il
[2010.09.22 08:32:46 | 000,000,280 | ---- | C] () -- C:\Users\KARIN\AppData\Local\IndexIE_9A5FF4EA.il
[2010.05.26 19:24:57 | 000,017,408 | ---- | C] () -- C:\Users\KARIN\AppData\Local\WebpageIcons.db
[2010.01.17 17:55:15 | 000,000,680 | ---- | C] () -- C:\Users\KARIN\AppData\Local\d3d9caps.dat
[2010.01.12 20:10:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.06.12 18:38:51 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009.05.31 17:55:41 | 000,003,094 | ---- | C] () -- C:\Users\KARIN\AppData\Local\xecutor.xpr
[2009.05.31 17:55:41 | 000,003,094 | ---- | C] () -- C:\Users\KARIN\AppData\Local\xecutor._xp
[2009.05.28 20:10:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.26 05:24:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.09 11:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.08 08:24:12 | 000,061,756 | ---- | C] () -- C:\Windows\System32\drivers\lfxnt.sys
[2009.01.07 20:51:00 | 000,054,272 | ---- | C] () -- C:\Users\KARIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.07 19:35:36 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.01.07 19:35:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.01.07 19:35:36 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.01.07 19:35:36 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.02.22 10:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 16:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 16:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 16:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 16:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 16:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 16:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 16:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 15:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 15:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 15:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 15:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 15:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.07.30 05:26:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\LFXCOINS.DLL
[2007.04.23 10:19:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\LFXPJL2K.DLL
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.01.17 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\.purple
[2010.10.18 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Downloaded Installations
[2009.12.18 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\FireShot
[2009.03.15 22:22:06 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Foxit
[2010.10.03 13:53:00 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\GrabPro
[2010.01.17 16:02:10 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\gtk-2.0
[2010.04.04 08:04:11 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\IrfanView
[2009.04.01 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\JonDo
[2010.05.11 06:28:54 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Launchy
[2009.08.13 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Leadertech
[2009.10.23 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2010.10.01 09:44:16 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Nitro PDF
[2009.08.03 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Nokia
[2009.01.07 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\OpenOffice.org
[2010.10.03 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Orbit
[2009.08.03 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\PC Suite
[2010.10.03 13:46:07 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\ProgSense
[2009.10.12 11:55:14 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Qlikworld
[2009.04.01 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\QuickScan
[2011.01.24 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\ScanSpyware
[2010.06.26 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Sinvise Systems
[2010.12.11 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Snitter.88C687E32FFE9452F058A6F4E67005F998FC3136.1
[2010.05.18 11:14:34 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Software Informer
[2010.06.20 10:33:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Thunderbird
[2010.06.04 06:40:46 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Tific
[2009.05.29 23:04:09 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Toshiba
[2009.02.05 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\tradesignal
[2009.01.07 21:02:34 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TuneUp Software
[2009.10.07 03:58:23 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009.12.21 01:38:47 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.09.27 15:28:15 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\UDC Profiles
[2010.05.18 06:24:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Uniblue
[2010.08.27 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Wetterwarnung
[2011.01.25 17:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.01.24 23:39:02 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.17 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\.purple
[2010.06.18 09:38:48 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Adobe
[2010.07.20 09:08:26 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Apple Computer
[2011.01.08 16:03:33 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\CameraWindowDC
[2009.09.30 16:17:01 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\CANON INC
[2009.11.14 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Digsby
[2009.04.26 05:11:18 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\DivX
[2010.10.18 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Downloaded Installations
[2009.05.31 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\dvdcss
[2009.01.26 08:53:59 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\FastStone
[2009.12.18 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\FireShot
[2009.03.15 22:22:06 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Foxit
[2009.01.07 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Google
[2010.10.03 13:53:00 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\GrabPro
[2010.01.17 16:02:10 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\gtk-2.0
[2009.01.07 19:35:48 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Identities
[2009.01.08 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\InstallShield
[2010.04.04 08:04:11 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\IrfanView
[2009.04.01 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\JonDo
[2010.05.11 06:28:54 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Launchy
[2009.08.13 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Leadertech
[2009.08.13 14:44:54 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Logitech
[2009.01.07 20:25:18 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Macromedia
[2011.01.20 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Media Center Programs
[2009.12.19 11:58:33 | 000,000,000 | --SD | M] -- C:\Users\KARIN\AppData\Roaming\Microsoft
[2010.06.04 10:33:44 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Mozilla
[2009.10.23 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2010.10.01 09:44:16 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Nitro PDF
[2009.08.03 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Nokia
[2009.01.07 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\OpenOffice.org
[2010.10.03 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Orbit
[2009.08.03 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\PC Suite
[2010.10.03 13:46:07 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\ProgSense
[2009.10.12 11:55:14 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Qlikworld
[2009.04.01 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\QuickScan
[2011.01.14 18:39:29 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Real
[2011.01.24 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\ScanSpyware
[2010.06.26 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Sinvise Systems
[2010.08.31 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Skype
[2010.08.31 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\skypePM
[2010.12.11 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Snitter.88C687E32FFE9452F058A6F4E67005F998FC3136.1
[2010.05.18 11:14:34 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Software Informer
[2009.01.07 20:37:12 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Symantec
[2010.06.20 10:33:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Thunderbird
[2010.06.04 06:40:46 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Tific
[2009.05.29 23:04:09 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Toshiba
[2009.02.05 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\tradesignal
[2009.01.07 21:02:34 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TuneUp Software
[2009.10.07 03:58:23 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009.12.21 01:38:47 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.09.27 15:28:15 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\UDC Profiles
[2010.05.18 06:24:41 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Uniblue
[2011.01.14 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\vlc
[2010.08.27 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Wetterwarnung
[2010.05.02 18:52:10 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\Yahoo!
[2011.01.08 16:02:53 | 000,000,000 | ---D | M] -- C:\Users\KARIN\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.12.11 20:59:10 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\KARIN\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.03.21 18:17:21 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Users\KARIN\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2010.12.15 12:40:31 | 000,617,472 | ---- | M] () -- C:\Users\KARIN\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7781.tmp_\oracle-pdfimport.oxt\xpdfimport.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< End of report >

--- --- ---

EMuc · 25.01.2011, 17:57

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.01.2011 17:30:30 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\KARIN\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 69,51 Gb Free Space | 59,81% Space Free | Partition Type: NTFS
Drive E: | 115,21 Gb Total Space | 110,18 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
 
Computer Name: HAUSE | User Name: KARIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4EC76C-4AC1-42BB-91A5-A857FACA3566}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1B624CB2-E555-4774-A8F6-9EF50C5AB8D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7786B467-ED90-4940-A41C-570D88E0947A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8386B12D-30B4-4EC4-B20A-6F66DFDB5D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9046594A-5B6F-46C9-AD56-E214BBD95BE6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A00C0BEB-A2CD-4E91-A3F7-27C2D3E06AA3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EAE16A2F-71A3-4F1C-9C21-19BE08CFBAE6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5CA2C59-83AC-46E0-AA36-AB218AE3022B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE7D1F0E-4F97-4976-83AA-60E6771497A6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FEC1AF45-5280-4A8E-A093-EEFDE8CC6EDB}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C0076F-F375-4B79-80D6-A2B9F3592C97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2AF977FD-AA33-481A-8933-4AD041CB061E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{2FA331A2-82F9-4BCD-9BBB-11377BA31D70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5F0BAE80-A899-4BF1-A005-3719ED3A538D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{711B548A-F487-4A91-B976-EC9FB3C7DCD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{820B8FEC-AB64-4119-A7BC-452EABDEAA5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{823702C6-8BDE-4F0E-8078-5E725E002623}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87CE51E7-6CB9-44A9-9416-52E63AA038C9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{A92EC1F4-13A1-4C56-90C1-C651DDE12F7F}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\temp\kd_installer.exe | 
"{B4886849-7C30-4CF9-9691-1A9AA0E47642}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{D3074912-78E1-495A-BBD0-D7F60E732914}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\temp\kd_installer.exe | 
"{F4A38C70-55E4-41A5-A0EC-ED3729EE1D51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F8552739-22C3-414C-B8FB-89B996C02381}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C6B69CB-7BB1-4281-9DC2-A23BF0642F2A}" = Motorola Software Update
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E017CD1-349E-4889-B3D1-E6E5405DE267}" = AudialsOne
"{42CB94C5-66F6-4F63-8D31-7FA3A86490A8}" = Toshiba TEMPRO
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D8DAC0F-56E7-446B-B8A3-A7E75EEF077B}_is1" = T3Desk 2010 Build Version 10.06
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB919664-CCE8-4217-BEF5-29B82005A4D9}" = Companion Suite Pro LL
"{BF250D88-A8F1-B407-DA49-694C48DE0C06}" = TwitterLocal
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Image Expert" = Image Expert
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Kalenderchen_is1" = Kalenderchen 4
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"N360" = Norton 360
"net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1" = TwitterLocal
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"tvbrowser" = TV-Browser 2.7.4
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VLC media player" = VLC media player 1.1.6
"WheelMouse" = iWheelWorks 7.80
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zattoo4" = Zattoo4 4.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4113819021-1639554721-1352295337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.02.2010 10:47:35 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 04:05:55 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2010 12:33:32 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.03.2010 07:12:30 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.03.2010 07:22:46 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.03.2010 09:52:42 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.03.2010 09:01:39 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2010 01:59:35 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2010 14:13:33 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2010 23:52:10 | Computer Name = HAUSE | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 08.01.2009 04:04:08 | Computer Name = HAUSE | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.02.2009 03:24:12 | Computer Name = HAUSE | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.02.2009 03:24:34 | Computer Name = HAUSE | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.12.2009 05:26:39 | Computer Name = HAUSE | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 21.01.2011 01:43:47 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.01.2011 01:43:47 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.01.2011 09:17:18 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 21.01.2011 13:09:56 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 21.01.2011 15:47:11 | Computer Name = HAUSE | Source = DCOM | ID = 10010
Description = 
 
Error - 22.01.2011 08:17:01 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 22.01.2011 16:04:45 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.01.2011 16:32:14 | Computer Name = HAUSE | Source = DCOM | ID = 10010
Description = 
 
Error - 24.01.2011 18:38:52 | Computer Name = HAUSE | Source = DCOM | ID = 10010
Description = 
 
Error - 25.01.2011 08:22:58 | Computer Name = HAUSE | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >

--- --- ---

EMuc · 25.01.2011, 17:58

Muss jetzt dann schnell weg. Melde mich aber spätestens morgen.
Danke für die Hilfe!!

markusg · 25.01.2011, 18:13

1.
deinstaliere mal bitte spybot es kann die reinigung stören, neustart.
2. poste das Malwarebytes log.
3. malwarebytes updaten, und nen vollständigen scan machen, log posten.

EMuc · 25.01.2011, 22:19

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5599

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.01.2011 22:17:53
mbam-log-2011-01-25 (22-17-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 347308
Laufzeit: 2 Stunde(n), 57 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

EMuc · 26.01.2011, 11:29

Nun habe ich auch die andere Fehlermeldung die sehr häufig kommt :-(

markusg · 26.01.2011, 12:05

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

EMuc · 26.01.2011, 15:46

Hallo marcusg,

hach, bin ich froh, daß ich so gut betreut bin.

Herzlichen Dank an Dich :-)

markusg · 26.01.2011, 15:47

war das jetzt ironie

gabs nen problem mit combofix oder hat es das problem gelöst. das log benötige ich auf jeden fall

EMuc · 26.01.2011, 15:47

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-01-25.03 - KARIN 26.01.2011  15:22:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3061.1823 [GMT 1:00]
ausgeführt von:: c:\users\KARIN\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\Favorites\bookmarks.html
c:\users\KARIN\AppData\Roaming\Microsoft\Windows\Recent\desktop_90411203.ico
E:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-12-26 bis 2011-01-26  ))))))))))))))))))))))))))))))
.

2011-01-26 14:28 . 2011-01-26 14:29	--------	d-----w-	c:\users\KARIN\AppData\Local\temp
2011-01-26 14:28 . 2011-01-26 14:28	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-01-25 18:20 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 18:19 . 2011-01-25 18:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-25 18:19 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-20 20:46 . 2011-01-20 20:46	--------	d-----w-	c:\windows\Sun
2011-01-20 20:34 . 2011-01-20 20:34	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 20:33 . 2011-01-20 20:33	--------	d-----w-	c:\users\KARIN\AppData\Local\Sunbelt Software
2011-01-20 20:32 . 2011-01-21 19:45	--------	d-----w-	c:\programdata\Lavasoft
2011-01-20 18:31 . 2011-01-24 11:16	--------	d-----w-	c:\users\KARIN\AppData\Roaming\ScanSpyware
2011-01-20 15:29 . 2011-01-20 15:29	--------	d-----w-	c:\users\KARIN\AppData\Roaming\Malwarebytes
2011-01-20 15:29 . 2011-01-20 15:29	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-14 17:39 . 2011-01-14 17:39	--------	d-----w-	c:\users\KARIN\AppData\Local\Real
2011-01-14 17:39 . 2011-01-14 17:39	11776	----a-w-	c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-01-14 17:39 . 2011-01-14 17:39	--------	d-----w-	c:\program files\Common Files\xing shared
2011-01-14 17:39 . 2011-01-14 17:39	151776	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-01-14 17:38 . 2011-01-14 17:38	100352	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-14 13:47 . 2011-01-14 13:51	--------	d-----w-	c:\program files\Eusing Free Registry Cleaner
2011-01-14 13:43 . 2011-01-14 13:43	--------	d-----w-	c:\users\KARIN\AppData\Local\PackageAware
2011-01-12 08:26 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 08:26 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:26 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:26 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:26 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 08:26 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:26 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe
2010-12-29 12:33 . 2010-12-29 12:33	--------	d-----w-	c:\program files\psynetic

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 17:38 . 2006-07-11 16:35	348160	----a-w-	c:\windows\system32\msvcr71.dll
2010-11-29 21:07 . 2010-11-29 21:05	253952	------w-	c:\windows\Setup1.exe
2010-11-29 21:07 . 2010-11-29 21:05	74752	----a-w-	c:\windows\ST6UNST.EXE
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-11-12 17:53 . 2010-05-04 20:39	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-04 18:56 . 2010-12-15 09:34	345600	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 09:34	352768	----a-w-	c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 09:34	270336	----a-w-	c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 09:34	601600	----a-w-	c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 09:34	171520	----a-w-	c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 09:34	916480	----a-w-	c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 09:34	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 09:34	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 09:34	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-15 09:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-15 09:34	385024	----a-w-	c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 09:34	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 09:34	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-15 09:34	34304	----a-w-	c:\windows\system32\atmlib.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
"Kalenderchen"="c:\program files\Kalenderchen\Kalenderchen.exe" [2005-07-20 1445376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"T3Desk"="c:\program files\T3Desk\T3Desk.exe" [2010-06-09 1111040]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-09-24 1786168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"MFPrintServer_Pro_LL"="c:\program files\Companion Suite Pro LL\MFPrintServer.exe" [2007-05-10 73728]
"MFServices_Pro_LL"="c:\program files\Companion Suite Pro LL\MFServices.exe" [2007-05-10 352256]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-07-29 1070336]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 188416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-14 274608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\KARIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Companion - Manager.lnk - c:\program files\Companion Suite Pro LL\MFManager.exe [2009-1-8 167936]
Forex rates.URL [2010-5-12 141]
Icerocket - Nachrichten.URL [2010-10-25 97]
Journalists Latest Buzz.URL [2010-9-4 63]
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2010-3-16 12584112]
Netkompakt.URL [2011-1-23 51]
NewsBrief.URL [2011-1-1 84]
Stockwatch - Nachrichten.URL [2010-11-13 74]
Welt online - Wikileaks.URL [2011-1-20 72]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-7-26 1725440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-13 813584]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 17:15	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Firefox"=c:\program files\Mozilla Firefox\firefox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110125.002\IDSvix86.sys [2010-11-09 353912]
S1 lfxnt;lfxnt;c:\windows\system32\drivers\lfxnt.sys [2007-05-09 61756]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-01 102448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\Drivers\LFXACT.sys [2007-01-08 20672]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2007-01-08 31879]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32	128512	----a-w-	c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2011-01-26 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21 16:47]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-18 07:07]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 16:22]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 16:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\KARIN\AppData\Roaming\Mozilla\Firefox\Profiles\llsfevxh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: LOOP for Firefox: fireloop@drawloop.com - %profile%\extensions\fireloop@drawloop.com
FF - Ext: is.gd Creator: isgdcreator@postspectacular.com - %profile%\extensions\isgdcreator@postspectacular.com
FF - Ext: Puny URL: punyurl@puny.sapo.pt - %profile%\extensions\punyurl@puny.sapo.pt
FF - Ext: Shorten URL: ShortenURL@loucypher - %profile%\extensions\ShortenURL@loucypher
FF - Ext: monkeyfly: {03b2b49d-07cc-415e-8ed7-1cbaf4c9092b} - %profile%\extensions\{03b2b49d-07cc-415e-8ed7-1cbaf4c9092b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: eQuake Alert: {8585C31E-1E94-4498-ACEC-CB913A05FC52} - %profile%\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - %profile%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: FacebookBlocker: facebookBlocker@webgraph.com - %profile%\extensions\facebookBlocker@webgraph.com
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-26 15:28
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????EnS??X???????????????   

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-26  15:31:03
ComboFix-quarantined-files.txt  2011-01-26 14:31

Vor Suchlauf: 16 Verzeichnis(se), 72.191.787.008 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 72.114.491.392 Bytes frei

- - End Of File - - 2801D4470737AC0649CEB3BCD2CECB88

--- --- ---

markusg · 26.01.2011, 16:18

lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

EMuc · 26.01.2011, 17:06

Hi marcusg,

bei ein paar Programmen hab ich nicht gewusst, ob ich die für mein Laptop brauche ... deshalb etwas unentschlossen ...

Fehlercode "searchpreview.de:443" - wie bekomme ich den weg

Plagegeister aller Art und deren Bekämpfung: Fehlercode "searchpreview.de:443" - wie bekomme ich den weg