Master Boot Record/mbr verseucht?
 

Hallo :)

Ich habe momenten den Laptop von meinem Freund, da ich die Vermutung habe das er sich da was eingefangen hat. (öffnet Programme sehr langsam und diese stürzen auch immer ab) Ich habe Spybot Search and Destroy drüberlaufen lassen und der hat dann angezeigt das irgendwas mit mbr nicht stimmen soll. Also hab ich als nächstes die Anleitung hier abgearbeitet und Gmer und OTL drüberlaufen lassen. Ich hoffe das mir jemand helfen kann, da ich da absolut nicht durchblicke. Ich hoffe das ich das jetzt richtig verstanden habe und poste einfach mal die 3 logfiles hier rein.

OTL:

OTL logfile created on: 05.04.2013 14:47:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,81 Mb Total Physical Memory | 105,91 Mb Available Physical Memory | 21,06% Memory free
1,46 Gb Paging File | 0,69 Gb Available in Paging File | 47,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 34,03 Gb Free Space | 50,52% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.04.02 11:10:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.02 11:09:58 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.02 11:09:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.02 11:09:55 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011.01.25 21:34:25 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2011.01.25 20:59:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.02 11:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.02.13 12:39:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.04.02 11:10:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.02 11:09:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.16 14:52:07 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.01.25 21:34:24 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.04.02 11:10:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.02 11:10:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.02 11:10:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.03.03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 04:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8489e25f-7e6c-40e5-b87f-d2fc733af00b&apn_sauid=A17AF693-5BCB-44B2-85B1-D627297855EC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 11:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.30 19:10:29 | 000,000,000 | ---D | M]

[2013.02.16 16:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.30 19:10:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.16 16:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.29 11:02:20 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBA8A43-5553-4A05-B307-E925999A5383}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.05 14:45:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.04 18:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.04 18:54:12 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbrRootkitscan
[2013.03.24 19:33:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.24 17:24:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.24 17:24:11 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013.03.24 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ProcAlyzer Dumps
[2013.03.24 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.24 15:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.24 15:07:41 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.03.24 15:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- C:\481f620d16d3e72c88
[2013.03.16 17:18:38 | 000,000,000 | ---D | C] -- \481f620d16d3e72c88
[2013.03.16 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.16 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013.04.05 14:51:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 14:49:39 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.05 14:49:39 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.05 14:49:39 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.05 14:49:39 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.05 14:30:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 14:30:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 14:30:03 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.04.05 14:29:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 14:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.04.03 09:41:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.02 11:10:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.02 11:10:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.02 11:10:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 19:35:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.03.24 16:51:03 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.03.24 16:51:03 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.24 15:08:09 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.16 14:35:24 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013.03.24 15:09:09 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.24 15:09:07 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.03.24 15:09:05 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.24 15:08:10 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.24 15:08:09 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.16 14:35:24 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.15 14:00:05 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.04.15 14:00:05 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.04.15 14:00:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.04.15 14:00:04 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.04.15 14:00:04 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.04.15 14:00:04 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.04.15 14:00:04 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.04.15 14:00:04 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.04.15 14:00:04 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.04.15 14:00:04 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.04.15 14:00:04 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.04.15 14:00:04 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.04.15 14:00:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.04.15 14:00:04 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.04.15 14:00:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.04.15 14:00:04 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.04.15 14:00:04 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.24 20:52:44 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.14 11:15:19 | 000,000,000 | ---- | C] () -- \C_USERPART
[2006.11.09 19:36:39 | 000,438,840 | RHS- | C] () -- \bootmgr

========== ZeroAccess Check ==========

[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.25 21:06:04 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.26 05:17:26 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Extras:

OTL Extras logfile created on: 05.04.2013 14:47:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,81 Mb Total Physical Memory | 105,91 Mb Available Physical Memory | 21,06% Memory free
1,46 Gb Paging File | 0,69 Gb Available in Paging File | 47,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 34,03 Gb Free Space | 50,52% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BB9FBB87-E529-4EFE-BB57-20DF2B39A971}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB53610-728C-4FE4-8791-42CE6D8C71A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{188E9809-6BBB-4AFD-81BE-EBE537E05F73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5BA60129-5C00-4C6B-90EC-A2BC938083B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8869BD36-41A2-4663-997F-40C4102A90FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{978548A6-F02E-4B7A-B1F5-DB4CFC88D6D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D675D218-A218-40D1-BA89-9D175096F065}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E2DE08F2-7E4C-485E-B915-4487BD5DEFC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9A2F8B89-D461-4737-ACA0-CD31D2A1DAF2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{6FBF6460-471F-4234-A144-C8272863F2CD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{2E886C29-857C-4CE5-A205-F6AA7278E666}" = ESU for Microsoft Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 C1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3AAFBD6A-7F68-4BDC-8280-22DCFACE13EB}" = HP Active Support Library
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alfons Lernwelt" = Alfons Lernwelt
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.03.2013 04:44:16 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 12.0.0.4493, Zeitstempel
0x4f9207d9, fehlerhaftes Modul xul.dll, Version 12.0.0.4493, Zeitstempel 0x4f92069e,
Ausnahmecode 0xc0000005, Fehleroffset 0x001115b8, Prozess-ID 0xe80, Anwendungsstartzeit
01ce260b3d71f971.

Error - 22.03.2013 05:07:48 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 12.0.0.4493, Zeitstempel
0x4f9207d9, fehlerhaftes Modul xul.dll, Version 12.0.0.4493, Zeitstempel 0x4f92069e,
Ausnahmecode 0xc0000005, Fehleroffset 0x001115b8, Prozess-ID 0x784, Anwendungsstartzeit
01ce26db6cb95124.

Error - 04.04.2013 11:16:20 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x188,
Anwendungsstartzeit 01ce3146befd18ec.

Error - 04.04.2013 12:01:44 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm SDWelcome.exe, Version 2.0.12.126 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ec4 Anfangszeit: 01ce314c7e1539bc Zeitpunkt
der Beendigung: 47

Error - 04.04.2013 12:57:12 | Computer Name = User-PC | Source = EventSystem | ID = 4609
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1008
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1008
Description =

Error - 04.04.2013 13:09:37 | Computer Name = User-PC | Source = Perflib | ID = 1010
Description =

Error - 04.04.2013 13:09:38 | Computer Name = User-PC | Source = PerfNet | ID = 2004
Description =

Error - 04.04.2013 13:09:38 | Computer Name = User-PC | Source = PerfNet | ID = 2002
Description =

[ System Events ]
Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.04.2013 12:58:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Gmer: (ließ sich nur im abgesicherten Modus ausführen da es im Normalmodus abgebrochen wurde)

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 15:44:45
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxtdapob.sys


---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys

Device \FileSystem\cdfs \Cdfs 8FE3B067

---- Processes - GMER 2.1 ----

Process (*** hidden *** ) [4] 82FC6940

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Mit freundlichen Grüßen

Chrissy

Hallo Chrissy,

Dieses Logfile, in welchem der Spybot seinen Verdacht äussert, würde ich gerne sehen.
Zudem geht aus den Logs hervor, dass bereits weitere Tools heruntergeladen wurden (z.B. aswMBR). Wurde eines dieser Tools ausgeführt? Entsprechende Logs bitte auch alle noch nachreichen.

Hallo Leo,

hier die angeforderten Logfiles:

aswMBR (Quickscan im abgesichertem Modus da der Vollscan im Normalmodus abgebrochen wurde) :

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 23:49:10
-----------------------------
23:49:10.320 OS Version: Windows 6.0.6000
23:49:10.320 Number of processors: 2 586 0xE08
23:49:10.335 ComputerName: USER-PC UserName: User
23:49:11.381 Initialize success
23:49:46.028 AVAST engine defs: 13040802
23:50:03.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
23:50:03.953 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7BP Size: 76319MB BusType: 3
23:50:04.312 Disk 0 MBR read successfully
23:50:04.312 Disk 0 MBR scan
23:50:04.546 Disk 0 unknown MBR code
23:50:04.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68973 MB offset 63
23:50:04.624 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 5750 MB offset 141258752
23:50:04.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1590 MB offset 153042944
23:50:04.702 Disk 0 scanning sectors +156299264
23:50:05.092 Disk 0 scanning C:\Windows\system32\drivers
23:50:24.639 Service scanning
23:50:53.031 Modules scanning
23:51:08.085 Disk 0 trace - called modules:
23:51:08.085 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
23:51:08.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83622230]
23:51:08.085 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x835da030]
23:51:08.756 AVAST engine scan C:\Windows
23:51:21.111 AVAST engine scan C:\Windows\system32
23:54:18.125 AVAST engine scan C:\Windows\system32\drivers
23:54:40.028 AVAST engine scan C:\Users\User
23:56:40.695 AVAST engine scan C:\ProgramData
23:57:10.538 Scan finished successfully
00:00:39.189 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\Sp\MBR.dat"
00:00:39.267 The log file has been saved successfully to "C:\Users\User\Desktop\Sp\aswMBR.txt"

Spybot Search and Destroy (Normalmodus mit Antivir da dieses sich nicht ausschalten ließ)

Vollscan:

Search results from Spybot - Search & Destroy

08.04.2013 14:42:57
Scan took 00:33:11.
19 items found.

Log: [SBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done)
C:\WINDOWS\ntbtlog.txt
Properties.size=492292
Properties.md5=99CC4AB6C13776641FCD9FE7D81D67FA
Properties.filedate=1365252276
Properties.filedatetext=2013-04-06 14:44:36

Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Properties.size=7798
Properties.md5=5A93DE0CBF5489253C6FD3974612B79B
Properties.filedate=1365422117
Properties.filedatetext=2013-04-08 13:55:17

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2120818730-1585678900-436232442-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)


Verlauf: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-03-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

RootkitQuickScan:

RootAlyzer Quick Scan Results

Dateien im Windows-Verzeichnis
----------------------------------------
89 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Dateien im Systemverzeichnis
----------------------------------------
2570 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Systemweite Starteinträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Winlogon-Einträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Versteckte Prozesse (mittels Handles)
----------------------------------------
0 Handle-Prozess-IDs für 50 Prozesse.
Keine versteckten Prozesse entdeckt.
========================================

Versteckte Prozesse (mittels Threads)
----------------------------------------
50 Prozesse überprüft.
Keine versteckten Prozesse entdeckt.
========================================

Master Boot Records
----------------------------------------
1 MBRs überprüft.
Unbekannte MBRs: PhysicalDrive0
PhysicalDrive0
========================================

liebe Grüße

Chrissy

Hallo Chrissy,

dann mach mal so weiter:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

• Schliesse alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

• WICHTIG: Speichere Combofix auf deinen Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
• Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.

• Setze den Haken bei Scan all Users.
• Drücke auf den Quick Scan Button.
• Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

• Log von Adwcleaner
• Log von Combofix
• Log von OTL

Hallo Leo,

hier die weiteren angeforderten Logfiles:

Adwcleaner:AdwCleaner Logfile:
--- --- ---
Combofix:
Combofix Logfile:
--- --- ---
OTL:OTL Logfile:
--- --- ---

liebe Grüße

Chrissy

Hi Chrissy,

wie läuft denn der Rechner jetzt? Macht er immer noch die zu Beginn beschriebenen Probleme?

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Wir machen hier weiter.
Schildere bitte die aktuellen Probleme und mach einen frischen OTL-Scan:


Starte bitte die OTL.exe.

• Setze den Haken bei Scan all Users.
• Drücke auf den Quick Scan Button.
• Poste den Inhalt von OTL.txt hier in den Thread.

Hallo Leo,

hier das neue Logfile von OTL:OTL Logfile:
--- --- ---

Falls es von Wichtigkeit sein sollte, Internet Explorer funktioniert beim Surfen, Firefox hängt sich andauernd auf.

liebe Grüße

Chrissy

Ist das im Moment das einzige Symptom, dass der Firefox sich aufhängt? Oder was passt sonst noch nicht?

Hallo Leo,

also um es genauer zu beschreiben, wenn ich den lapptop starte und nicht mit dem Internet verbunden bin funktioniert er an sich einwandfrei (Programme starten gut und hängen sich auch nicht auf).

Sobald ich mich dann mit dem Internet verbinde sei es W-Lan oder nur Lan gefriert er regelrecht ein und das auf ganzer Linie, Programme starten langsam und hängen sich auf.

Dann funktioniert auf einmal alles wieder an sich einwandfrei (Nach ungefähr einer Stunde etwa!) Programme starten normal, das Surfen funktioniert an sich einwandfrei, bis auf das Firefox eine Meldung brachte das ein Skript ausgeführt werden möchte, was ich abgelehnt habe. (Bei meinem Rechner fragt er mich das nie und ich hab an sich nur die gleichen add-ons installiert wie hier)

liebe Grüße
Chrissy

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.

• Entpacke das Archiv auf deinem Desktop.
• Im neu erstellten Ordner starte bitte die mbar.exe.
• Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
• Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.

Falls Funde angezeigt werden:

• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
• Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.

Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.

Hallo Leo,

so der Malwarebites Scan hat soweit nichts hervorgebracht. Hier der Scan:

nternet Explorer 7.0.6001.18000
User :: USER-PC [administrator]

20.04.2013 23:44:03
mbar-log-2013-04-20 (23-44-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25866
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Das einzig Seltsame das sich ereignet hat ist das ich jetzt zwei desktop ini files auf dem desktop habe die ich mir nicht erklären kann.

Liebe Grüße

Chrissy