Malwarebytes findet PUP.Dealio

#1 Hallo,

beim Quick-Scan hat Malwarebytes einen Virus gefunden. Hier die Log-Datei:

Zitat

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5655

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

01.02.2011 19:48:26
mbam-log-2011-02-01 (19-48-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165057
Laufzeit: 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich habe anschließend OTL ausgeführt:

Extras.txt:

Zitat

OTL Extras logfile created on: 01.02.2011 19:50:52 - Run 5
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 16,85 Gb Free Space | 18,16% Space Free | Partition Type: NTFS
Drive E: | 92,07 Gb Total Space | 25,70 Gb Free Space | 27,91% Space Free | Partition Type: NTFS

Computer Name: pc | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C81EF8-6FE6-425A-83E3-B541AB99D0AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B80FF52-DC92-4855-84C8-EE05F6D144C8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F29C8ED-9D78-40CD-A599-3277EAEB7A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CB2818-AD81-41E0-8698-A0E5C2DC7DE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C95004D1-C8BA-4AAC-93A1-D65D2CC5D4CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4EF7DB3-810B-4636-AE01-DE9988141B99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{0DC7F1CB-B3EB-48CF-8136-3BF8635F8566}" = Internet Explorer 8 WEB.DE Edition
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6041D07D-CBC6-4119-8C35-D95B77AD5FBA}" = Internet Explorer WEB.DE Addon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}" = CD/DVD Label Printer LPCW-100
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.6
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = GMX Toolbar MSVC90 CRT
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer 8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FileZilla Client" = FileZilla Client 3.2.4.1
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Explorer 8 WEB.DE Edition" = Internet Explorer 8 WEB.DE Edition
"Internet Explorer WEB.DE Addon" = Internet Explorer WEB.DE Addon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"PersonalFax" = PersonalFax 1.50
"SopCast" = SopCast 3.3.2
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Totalcmd" = Total Commander (Remove or Repair)
"Videoload Manager" = Videoload Manager 2.0.2200
"VLC media player" = VLC media player 1.0.1
"WEB.DE Update" = WEB.DE Update
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

Error - 30.06.2010 06:13:32 | Computer Name = pc | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 31.01.2011 09:30:45 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 31.01.2011 09:33:37 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.01.2011 09:33:37 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.01.2011 09:46:02 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 31.01.2011 09:48:40 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.01.2011 09:48:40 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.01.2011 09:48:40 | Computer Name = pc | Source = Service Control Manager | ID = 7034
Description =

Error - 31.01.2011 10:00:40 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 31.01.2011 10:03:18 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.01.2011 10:03:18 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =


< End of report >

OTL.txt:

Zitat

OTL logfile created on: 01.02.2011 19:50:52 - Run 5
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 16,85 Gb Free Space | 18,16% Space Free | Partition Type: NTFS
Drive E: | 92,07 Gb Total Space | 25,70 Gb Free Space | 27,91% Space Free | Partition Type: NTFS

Computer Name: pc | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe ()
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (RelayFax) -- C:\Program Files\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (SASKUTIL) -- C:\Users\pc\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Users\pc\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.31 21:16:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.31 21:16:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.31 21:16:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 12:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 10:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2011.02.01 13:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 08:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 21:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 13:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.20 11:56:35 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.11.26 09:04:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2011.01.23 14:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.20 12:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 20:50:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 10:56:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.23 14:51:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.09 21:20:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar IE8\uitb.dll (1&1 Mail & Media GmbH)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll ()
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar IE8\uitb.dll (1&1 Mail & Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar IE8\uitb.dll (1&1 Mail & Media GmbH)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WEB.DE Update] C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft Works Update Detection] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar IE8\uitb.dll (1&1 Mail & Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 12:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.02.01 19:42:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011.02.01 19:34:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.01 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.02.01 19:34:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.01 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.01 19:34:04 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-1.50.1.1100.exe
[2011.01.28 12:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
[2011.01.28 12:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.01.28 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.01.23 14:51:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.23 14:51:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.23 14:51:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.17 17:05:07 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2011.01.17 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\SopCast
[2011.01.17 17:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2011.01.17 10:34:49 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\officemaps
[2011.01.12 08:49:36 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 08:48:00 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[5 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.02.01 19:47:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000UA.job
[2011.02.01 19:43:56 | 000,296,448 | ---- | M] () -- C:\Users\pc\Desktop\hesu4uj1.exe
[2011.02.01 19:42:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011.02.01 19:34:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-1.50.1.1100.exe
[2011.02.01 18:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.01 18:06:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 18:06:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 08:19:34 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000Core.job
[2011.01.31 18:55:24 | 000,012,079 | ---- | M] () -- C:\Users\pc\.recently-used.xbel
[2011.01.26 08:58:04 | 027,359,536 | ---- | M] () -- C:\Users\pc\Desktop\wsftppro12.3_German_SN0GIP8FBMWSX7ENYYAR5N0PC.exe
[2011.01.19 15:48:14 | 387,385,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[[2011.01.13 23:47:44 | 000,002,052 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011.01.13 22:25:44 | 000,211,456 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.02.01 19:43:54 | 000,296,448 | ---- | C] () -- C:\Users\pc\Desktop\hesu4uj1.exe
[2010.11.01 08:44:30 | 001,140,104 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1.dll
[2010.05.28 08:38:26 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010.05.19 03:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.09 22:51:21 | 000,001,814 | ---- | C] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 22:51:21 | 000,000,422 | ---- | C] () -- C:\Windows\FAXCPP.INI
[2010.05.09 22:51:12 | 000,000,034 | ---- | C] () -- C:\Windows\RFOIni.ini
[2010.05.09 22:51:04 | 000,000,034 | ---- | C] () -- C:\Windows\RFRIni.ini
[2010.05.09 22:45:57 | 000,000,034 | ---- | C] () -- C:\Windows\RFPIni.ini
[2010.05.09 15:54:49 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.05.03 18:53:26 | 000,000,016 | ---- | C] () -- C:\Users\pc\AppData\Roaming\qvjsge.dat
[2010.02.12 11:51:20 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.11.26 19:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.11.22 09:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.11.22 09:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Local\mxfilerelatedcache.mxc2
[2009.10.20 18:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.20 17:59:24 | 000,000,571 | ---- | C] () -- C:\Users\pc\AppData\Roaming\AutoGK.ini
[2009.10.13 12:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 12:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 12:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 12:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 12:47:12 | 000,000,133 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.28 16:37:38 | 000,000,196 | ---- | C] () -- C:\Users\pc\AppData\Roaming\default.rss
[2009.09.27 18:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 18:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 15:05:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 20:43:49 | 000,211,456 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.20 10:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.04.15 15:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 09:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 19:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 19:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 19:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 19:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 19:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 09:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 07:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 07:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 05:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.02.28 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\AnvSoft
[2009.11.26 22:04:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Any Video Converter
[2010.08.08 09:17:25 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BitDefender
[2010.09.08 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.03.13 09:46:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Das Fussball Studio
[2011.02.01 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FileZilla
[2009.11.21 21:12:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FreeFLVConverter
[2010.05.09 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FRITZ!
[2010.08.30 09:20:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\GHISLER
[2011.01.31 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\gtk-2.0
[2009.08.27 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IBP
[2010.05.13 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ICQ
[2010.11.11 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IrfanView
[2009.12.06 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Leadertech
[2009.09.13 12:07:31 | 000,000,000 | -HSD | M] -- C:\Users\pc\AppData\Roaming\lowsec
[2010.04.30 14:56:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera
[2010.10.01 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Pegasys Inc
[2010.09.15 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\PersonalFax
[2010.05.20 11:58:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\QuickScan
[2010.05.16 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\RelayFax
[2010.08.30 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SMSout
[2010.07.06 11:35:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SuperMailer
[2009.08.19 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Thunderbird
[2010.06.10 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2009.08.19 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Toshiba
[2010.05.09 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\winsuite
[2011.01.31 15:00:44 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >

#2 Ich sehe Du hast GMER geladen: Hast Du es auch ausgeführt?

#3 GMER konnte ich nicht ausführen, da nach einiger Zeit ein blauer Bildschirm mit einer Meldung Crash Dump o.ä. angezeigt wurde und der Laptop neu startete.

#4 Hast Du denn noch Probleme?

#5 mir ist aufgefallen, dass der Laptop ständig irgendwas im Hintergrund macht (die entsprechende Lampe flackert stets), obwohl ich kein Programm oder sonstiges offen habe.

#6 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

#7

Zitat

ComboFix 11-01-31.02 - pc 02.02.2011 21:19:09.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1982 [GMT 1:00]
ausgeführt von:: c:\users\pc\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\pc\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\pc\Favorites\mxfilerelatedcache.mxc2

.
((((((((((((((((((((((( Dateien erstellt von 2011-01-02 bis 2011-02-02 ))))))))))))))))))))))))))))))
.

2011-02-01 07:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42227381-EF24-439A-ABE3-32FE239C62FB}\mpengine.dll
2011-01-12 07:49 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 07:49 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 07:49 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 07:49 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 07:49 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 07:49 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 07:48 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-05-20 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-10-13 215944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CW100;CW100 Device;c:\windows\system32\DRIVERS\CW100.sys [2002-05-24 24092]
R3 iComp;Python2 USB WDM Encoder;c:\windows\system32\DRIVERS\p2usbwdm.sys [2005-08-24 1622144]
R3 RelayFax;RelayFax Server Engine;c:\progra~1\RelayFax\App\RFEngine.exe [2010-03-26 1265732]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S1 SASDIFSV;SASDIFSV;c:\users\pc\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\pc\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000Core.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 15:37]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000UA.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 15:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?http://www.ebay.de/
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: BitDefender QuickScanner: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 21:29
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-02 21:35:12
ComboFix-quarantined-files.txt 2011-02-02 20:34
ComboFix2.txt 2010-08-09 20:33

Vor Suchlauf: 18 Verzeichnis(se), 22.285.627.392 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 22.771.335.168 Bytes frei

- - End Of File - - 28C8456304EDDBFCC76F16055D90024D

#8 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

#9

Zitat

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=acf23f0bc439084291587d0f06ccb52d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-03 03:25:41
# local_time=2011-02-03 04:25:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 17150509 17150509 0 0
# compatibility_mode=768 16777215 100 0 45996099 45996099 0 0
# compatibility_mode=1797 16775165 100 100 203989 72196412 20421 0
# compatibility_mode=5892 16776573 100 100 139958 134213833 0 0
# compatibility_mode=8192 67108863 100 0 3744 3744 0 0
# compatibility_mode=9730 16764926 0 4 43749694 43749694 0 0
# scanned=527068
# found=2
# cleaned=2
# scan_time=22435
C:\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3553f2-7f92db5b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30a5ebc-4b1e4777 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

#10 Wie läufts zur Zeit?

#11 das ständige Laden (also Hintergrundaktivitäten) haben aufgehört. Ich hab auch das Gefühl, dass alles etwas schneller läuft.

Meinst du mein System ist jetzt sauber? Was hatte ich denn drauf?

#12 CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

#13 Es wurde nur eine OTL.Txt erstellt:

Zitat

OTL logfile created on: 04.02.2011 22:55:12 - Run 6
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 20,39 Gb Free Space | 21,97% Space Free | Partition Type: NTFS
Drive E: | 92,07 Gb Total Space | 57,68 Gb Free Space | 62,64% Space Free | Partition Type: NTFS

Computer Name: pc | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (RelayFax) -- C:\Program Files\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.02 19:26:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.02 19:26:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.02.02 19:26:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 12:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 10:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2011.02.03 23:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 08:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 21:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 13:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.20 11:56:35 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.11.26 09:04:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2011.01.23 14:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.20 12:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 20:50:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 10:56:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.23 14:51:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.02.02 21:29:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Microsoft Works Update Detection] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 12:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: lanmanserver - C:\Windows\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
NetSvcs: IKEEXT - C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
NetSvcs: AudioSrv - C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\System32\Sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - File not found
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
NetSvcs: seclogon - C:\Windows\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation)
NetSvcs: msiscsi - C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
NetSvcs: MMCSS - C:\Windows\System32\mmcss.dll (Microsoft Corporation)
NetSvcs: ProfSvc - C:\Windows\System32\profsvc.dll (Microsoft Corporation)
NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
NetSvcs: winmgmt - C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: schedule - C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\Windows\System32\KMSVC.DLL (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.02.02 22:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.02.02 21:53:09 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\ktk
[2011.02.02 21:35:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.02 21:35:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.02 21:14:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.02 21:14:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.02 21:14:46 | 000,000,000 | ---D | C] -- C:\Combo-Fix1328C
[2011.02.02 21:14:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.02 21:14:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.02 19:28:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.02.01 19:42:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011.02.01 19:34:04 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-1.50.1.1100.exe
[2011.01.17 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\SopCast
[5 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.02.04 22:53:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011.02.04 22:49:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 22:49:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 22:47:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000UA.job
[2011.02.04 19:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011.02.04 08:49:00 | 000,002,052 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011.02.03 23:53:19 | 000,211,456 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.02.03 00:47:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000Core.job
[2011.02.02 21:29:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.02 21:13:34 | 004,263,406 | R--- | M] () -- C:\Users\pc\Desktop\Combo-Fix.exe
[2011.02.02 20:37:09 | 268,704,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.02 13:17:01 | 000,509,952 | ---- | M] () -- [2011.02.01 19:43:56 | 000,296,448 | ---- | M] () -- C:\Users\pc\Desktop\hesu4uj1.exe
[2011.02.01 19:34:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-1.50.1.1100.exe
[2011.01.31 18:55:24 | 000,012,079 | ---- | M] () -- C:\Users\pc\.recently-used.xbel
[2011.01.28 15:06:25 | 000,041,472 | ---- | M] () -- [2011.01.26 08:58:04 | 027,359,536 | ---- | M] () -- C:\Users\pc\Desktop\wsftppro12.3_German_SN0GIP8FBMWSX7ENYYAR5N0PC.exe
[2011.01.19 14:50:19 | 000,026,112 | ---- | M] () -- [5 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.02.02 21:14:56 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.02 21:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.02 21:14:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.02 21:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.02 21:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.02 21:13:14 | 004,263,406 | R--- | C] () -- C:\Users\pc\Desktop\Combo-Fix.exe
[2011.02.02 11:29:00 | 000,512,000 | ---- | C] () -- [2011.02.01 19:43:54 | 000,296,448 | ---- | C] () -- C:\Users\pc\Desktop\hesu4uj1.exe
[2011.01.31 18:55:24 | 000,012,079 | ---- | C] () -- C:\Users\pc\.recently-used.xbel
[2011.01.26 08:58:02 | 027,359,536 | ---- | C] () -- C:\Users\pc\Desktop\wsftppro12.3_German_SN0GIP8FBMWSX7ENYYAR5N0PC.exe
[2011.01.25 16:45:14 | 000,041,472 | ---- | C] () -- [2010.05.28 08:38:26 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010.05.19 03:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.09 22:51:21 | 000,001,814 | ---- | C] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 22:51:21 | 000,000,422 | ---- | C] () -- C:\Windows\FAXCPP.INI
[2010.05.09 22:51:12 | 000,000,034 | ---- | C] () -- C:\Windows\RFOIni.ini
[2010.05.09 22:51:04 | 000,000,034 | ---- | C] () -- C:\Windows\RFRIni.ini
[2010.05.09 22:45:57 | 000,000,034 | ---- | C] () -- C:\Windows\RFPIni.ini
[2010.05.09 15:54:49 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.05.03 18:53:26 | 000,000,016 | ---- | C] () -- C:\Users\pc\AppData\Roaming\qvjsge.dat
[2010.02.12 11:51:20 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.11.26 19:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.11.22 09:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.11.22 09:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Local\mxfilerelatedcache.mxc2
[2009.10.20 18:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.20 17:59:24 | 000,000,571 | ---- | C] () -- C:\Users\pc\AppData\Roaming\AutoGK.ini
[2009.10.13 12:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 12:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 12:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 12:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 12:47:12 | 000,000,133 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.28 16:37:38 | 000,000,196 | ---- | C] () -- C:\Users\pc\AppData\Roaming\default.rss
[2009.09.27 18:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 18:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 15:05:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 20:43:49 | 000,211,456 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.20 10:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.04.15 15:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 09:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 19:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 19:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 19:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 19:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 19:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 09:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 07:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 07:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 05:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.02.28 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\AnvSoft
[2009.11.26 22:04:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Any Video Converter
[2010.08.08 09:17:25 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BitDefender
[2010.09.08 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.03.13 09:46:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Das Fussball Studio
[2011.02.04 22:53:57 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FileZilla
[2009.11.21 21:12:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FreeFLVConverter
[2010.05.09 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FRITZ!
[2010.08.30 09:20:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\GHISLER
[2011.01.31 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\gtk-2.0
[2009.08.27 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IBP
[2010.05.13 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ICQ
[2010.11.11 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IrfanView
[2009.12.06 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Leadertech
[2009.09.13 12:07:31 | 000,000,000 | -HSD | M] -- C:\Users\pc\AppData\Roaming\lowsec
[2010.04.30 14:56:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera
[2010.10.01 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Pegasys Inc
[2010.09.15 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\PersonalFax
[2010.05.20 11:58:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\QuickScan
[2010.05.16 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\RelayFax
[2010.08.30 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SMSout
[2010.07.06 11:35:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SuperMailer
[2009.08.19 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Thunderbird
[2010.06.10 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2009.08.19 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Toshiba
[2010.05.09 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\winsuite
[2011.02.04 14:48:37 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >

#14 Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

• SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier


• MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.


• Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.


• MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.


• Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.


• Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle [url=http://download.mozilla.org/?product=firefox-3.6&os=win&lang=de]Mozilla Firefox[/url].

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.


• NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.


• AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.


• WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

#15 habe die Schritte durchgeführt. Kannst du mir vielleicht abschließend noch sagen, ob der Virus gefährlich war (muss ich z.B. meine Passwörter ändern) oder kannst du das nicht erkennen?

Vielen Dank auf jeden Fall für die Top-Hilfe.