Avirus meldet mit TR/Crypt.EPACK.Gen5. Virus oder Nicht?

kira · 02.08.2011, 05:44

mit 6. und 7. bitte weiter:-> http://www.trojaner-board.de/101674-...tml#post688395

SeekerG · 02.08.2011, 07:08

Hallo kira,

zum Punk 6. Gmer werde von 'Geblockte Autistartprogramme' gestoppt.

Zum Punk 7.

mbr.log

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8267B912] -> \Device\Harddisk0\DR0[0x863B5380]
3 CLASSPNP[0x8A70D8B3] -> ntkrnlpa!IofCallDriver[0x8267B912] -> \Device\Ide\IAAStorageDevice-1[0x85854028]
kernel: MBR read successfully
user & kernel MBR OK

MfG.

kira · 03.08.2011, 05:44

1.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

SeekerG · 03.08.2011, 18:09

Hallo kira,

ich habe ein Stelle ereicht wo ich unsicher bin.

Zum Punkt 1. (von d. letzte Post).

Ich habe alles erledigt bis zum "Fehler beheben", nur "Alle beheben" taucht nicht auf. Stat "Alle beheben" gibt es ein Fenster mit "Änderungen in der Registry sichern?. Sicher zu sein habe ich alles noch ein mal durchgeführt mit genau d. gleiche Ergebnis. Ich habe an dieste stelle aufgegeben asl ich will keine Katastrophe verursachen.

Auf Grund Punkt 1. nicht erledigt war habe ich Punk 2. nicht durchgeführt.

MfG.

kira · 04.08.2011, 05:12

"Änderungen in der Registry sichern?"
beantworte mit "Ja"
dann "Alle beheben"

SeekerG · 04.08.2011, 07:01

Hallo kira,

Punkt 1. vollständigt durchgeführt.

Punkt 2. auch durchgeführt. Log ist dabei.

ComboFix Log.

Code:

ATTFilter

ComboFix 11-08-03.02 - AndyJenny 04.08.2011   7:30.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2939.2028 [GMT 2:00]
ausgeführt von:: c:\users\AndyJenny\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\tloadfE0.dll
c:\windows\system32\no
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-04 bis 2011-08-04  ))))))))))))))))))))))))))))))
.
.
2011-08-03 14:39 . 2011-08-03 14:39	0	---ha-w-	c:\users\AndyJenny\AppData\Local\BITDECE.tmp
2011-08-02 05:57 . 2011-08-02 05:53	89088	----a-w-	c:\windows\system32\mbr.exe
2011-07-31 16:24 . 2011-07-31 16:24	--------	d-----w-	C:\_OTL
2011-07-30 02:46 . 2011-07-30 02:46	--------	d-----w-	c:\program files\CCleaner
2011-07-27 04:09 . 2011-07-27 04:09	0	---ha-w-	c:\users\AndyJenny\AppData\Local\BIT757D.tmp
2011-07-25 17:59 . 2011-07-25 17:59	--------	d-----w-	c:\program files\avmwlanstick
2011-07-25 17:58 . 2011-07-25 17:58	--------	d-----w-	c:\program files\AVM_FRITZ!WLAN_USB_Stick_Build100906
2011-07-25 12:38 . 2011-07-25 12:38	--------	d-----w-	c:\users\AndyJenny\AppData\Roaming\Malwarebytes
2011-07-25 12:38 . 2011-07-25 12:38	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-25 12:37 . 2011-07-27 03:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-20 18:45 . 2011-07-20 18:45	--------	d-----w-	c:\users\AndyJenny\AppData\Roaming\SUPERAntiSpyware.com
2011-07-20 14:37 . 2011-07-20 14:37	--------	d-----w-	c:\programdata\WindowsSearch
2011-07-18 21:27 . 2011-07-18 21:27	388096	----a-r-	c:\users\AndyJenny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-18 21:27 . 2011-07-18 21:27	--------	d-----w-	c:\program files\HJT
2011-07-17 17:12 . 2011-07-17 17:12	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-07-17 16:56 . 2011-07-17 16:56	0	---ha-w-	c:\users\AndyJenny\AppData\Local\BIT4CF7.tmp
2011-07-15 18:01 . 2011-07-15 18:01	0	---ha-w-	c:\users\AndyJenny\AppData\Local\BITD0D5.tmp
2011-07-15 16:42 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E783FB09-4DD4-40C9-B498-9C630E1B5AE9}\mpengine.dll
2011-07-13 20:06 . 2011-06-02 13:34	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 20:06 . 2011-04-12 16:07	504832	----a-w-	c:\users\AndyJenny\tloadfE0.VIR001
2011-07-13 20:06 . 2011-04-12 16:07	504832	----a-w-	c:\users\AndyJenny\tloadfE0.VIR000
2011-07-13 20:05 . 2011-04-20 15:55	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 20:05 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\system32\dpl100.dll
2011-05-28 06:08 . 2011-06-16 20:58	916480	----a-w-	c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 20:58	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 20:58	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 20:58	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 20:58	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 20:58	385024	----a-w-	c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 20:58	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 20:58	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-02-05 09:15	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-12 16:07	504832	--sha-w-	c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskjx67.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-01 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-28 375296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
.
c:\users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
maxdome Download Manager.lnk - c:\program files\maxdome\DCBin\DCTrayApp.exe [2009-5-1 88808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [N/A]
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 586752]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-30 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 Prosieben;maxdome Download Manager;c:\program files\maxdome\DCBin\DCService.exe [2009-05-01 77032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\ASpybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-30 31848]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 20:35]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 20:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
mStart Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-SUPERAntiSpyware - f:\sas\SUPERAntiSpyware.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-04 07:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Prosieben]
"ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-08-04  07:36:18
ComboFix-quarantined-files.txt  2011-08-04 05:36
.
Vor Suchlauf: 11 Verzeichnis(se), 96.727.166.976 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 96.647.602.176 Bytes frei
.
- - End Of File - - 106CBD8BC15183258A948FB78AB074E2

MfG.

kira · 05.08.2011, 04:22

1.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.

Zitat:

Ask Toolbar zu deinstallieren

Software mit Revo Uninstaller deinstallieren

Downloade von Revo Group die Freeware-Version des Revo Uninstallers

Doppelklick auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklick auf das Icon Revo Uninstaller.
Doppelklicke nacheinander folgende Software aus der Code-Box:
Code:
ATTFilter
```
         
```
Bestätige die Deinstallation mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach übrig gebliebenen Registry-Einträgen auf dem Rechner suchen. Klicke auf weiter.
Klicke auf den Button Markiere alle, klicke auf löschen und weiter und bestätige mit Ja.
Zum Schluss sucht das Tool evtl. noch nach übrig geblieben Dateien und Ordnern.
Prüfe die Ordner und Dateien und klicke ggfs. auf den Button Markiere alle, klicke auf weiter und bestätige mit Ja.

Starte den Rechner neu.

4.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SeekerG · 05.08.2011, 13:06

Hallo kira,

Punk 1. Erledigt.

Punkt 2. Adobe Reader entfernt aber ohne IN zugang kann ich nicht neu installieren. Werder später neu installiert.

Punkt 3. Erledigt.

Punkt 4. SUPERAntiSpyware ist installiert aber ohne IN zugang kann ich d. Updates nicht runterladen. Scan durchgeführt mit keine gefundene probleme.
Zeilen 5, 6, 7, und 8 von Punkt 4. könnte ich nicht durchführen als es keine Schadprogramme gefunden hat. Sicher zu sein habe ich d. Scan ein zweiter mal laufen lassen mit d. gleiche Ergebnisse.

Punk 4. ESET Online Scanner. Wie Punkt 2. keine IN zugang.

Punkt 5. OTL Scan. Erledigt.

OTL.txt

Code:

ATTFilter

OTL logfile created on: 05.08.2011 13:02:32 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 62,73% Memory free
5,96 Gb Paging File | 4,75 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 85,22 Gb Free Space | 57,24% Space Free | Partition Type: NTFS
Drive D: | 147,73 Gb Total Space | 143,05 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 3,63 Gb Free Space | 97,43% Space Free | Partition Type: FAT32
 
Computer Name: ANDYJENNY-PC | User Name: AndyJenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.29 03:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.07.19 02:28:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2010.05.28 13:54:42 | 000,375,296 | ---- | M] () -- C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.03.19 20:50:52 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Programme\maxdome\DCBin\DCTrayApp.exe
PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\ASpybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.06.24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.05.09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:33:41 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008.01.21 04:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.19 02:28:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\ASpybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.10.22 02:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.03.30 16:43:54 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010.03.30 16:43:54 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 20:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: 7digital@songbirdnest.com:1.7.2.1667
FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.8.1667
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: concerts-philips@songbirdnest.com:1.0.5.1667
FF - prefs.js..extensions.enabledItems: ewaacdec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewh264dec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewmp3enc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: ewmpeg4dec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewmpeg4enc@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: fileassociation@philips.com:3.2.0.1002
FF - prefs.js..extensions.enabledItems: gogear@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.7.2.1273013908
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.3.1667
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.19.1667
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:3.2.0.2202
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:5.0.0.2417
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:3.2.0.2200
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:3.2.0.2207
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:3.2.0.2203
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.7.1667
FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.7.1667
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.02 22:53:44 | 000,000,000 | ---D | M]
 
[2010.10.18 19:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AndyJenny\AppData\Roaming\mozilla\Extensions
[2010.10.18 19:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AndyJenny\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2010.10.18 19:39:40 | 000,000,530 | ---- | M] () -- C:\Users\AndyJenny\AppData\Roaming\Philips-Songbird\Profiles\8c27c6qv.default\searchplugins\92eb774f-32e6-4b52-9cb2-f572de368900.xml
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\7DIGITAL@SONGBIRDNEST.COM
[2010.10.18 19:33:38 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CONCERTS-PHILIPS@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWAACDEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWH264DEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMP3ENC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMPEG4DEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MPEG-4 Video Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMPEG4ENC@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\FILEASSOCIATION@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GOGEAR@SONGBIRDNEST.COM
[2010.10.18 19:33:38 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2010.10.18 19:33:39 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2010.11.26 20:49:48 | 000,000,000 | ---D | M] (Philips Branding) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2010.10.18 19:39:30 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
[2010.10.18 19:39:30 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
 
O1 HOSTS File: ([2011.08.04 07:34:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\ASpybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\ASpybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.05 07:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.05 07:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.08.05 07:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.05 07:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011.08.05 07:30:53 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.08.05 07:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.08.05 07:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.05 07:19:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.05 07:19:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.05 07:19:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.05 07:19:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.05 07:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.04 11:30:32 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011.08.04 07:36:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.04 07:34:39 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Local\temp
[2011.08.04 07:28:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.04 07:28:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.04 07:28:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.04 07:28:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.04 07:28:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.08.04 07:28:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.04 07:18:20 | 004,163,262 | R--- | C] (Swearware) -- C:\Users\AndyJenny\Desktop\ComboFix.exe
[2011.07.31 18:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.30 04:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.25 19:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.07.25 19:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick
[2011.07.25 19:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVM_FRITZ!WLAN_USB_Stick_Build100906
[2011.07.25 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Malwarebytes
[2011.07.25 14:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.25 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.20 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.20 16:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.07.18 23:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2011.07.18 23:27:12 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.07.17 19:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.13 22:06:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 22:06:02 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\Users\AndyJenny\tloadfE0.VIR001
[2011.07.13 22:06:02 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\Users\AndyJenny\tloadfE0.VIR000
[2011.07.13 22:05:53 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 22:05:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.06 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\Desktop\Filme Moped
[5 C:\Users\AndyJenny\AppData\Local\*.tmp files -> C:\Users\AndyJenny\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.05 12:08:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 11:35:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.05 11:35:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.05 07:39:46 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.05 07:35:52 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.08.05 07:35:30 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.08.05 07:35:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.05 07:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.05 07:35:21 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.05 07:30:53 | 000,001,062 | ---- | M] () -- C:\Users\AndyJenny\Desktop\Revo Uninstaller.lnk
[2011.08.05 07:19:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.05 07:19:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.05 07:19:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.05 07:19:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.04 07:34:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.04 06:58:15 | 000,104,540 | ---- | M] () -- C:\Users\AndyJenny\Documents\cc_20110804_065758.reg
[2011.08.03 15:34:30 | 004,163,262 | R--- | M] (Swearware) -- C:\Users\AndyJenny\Desktop\ComboFix.exe
[2011.08.02 07:53:02 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.01 13:49:33 | 000,000,680 | ---- | M] () -- C:\Users\AndyJenny\AppData\Local\d3d9caps.dat
[2011.07.30 04:46:19 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.29 21:03:55 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.29 21:03:55 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.29 21:03:55 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.29 21:03:55 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.24 23:29:40 | 000,000,000 | ---- | M] () -- C:\Users\AndyJenny\defogger_reenable
[2011.07.20 17:12:50 | 000,002,613 | ---- | M] () -- C:\Users\AndyJenny\Desktop\HiJackThis.lnk
[2011.07.18 22:31:55 | 000,001,255 | ---- | M] () -- C:\Users\AndyJenny\Desktop\Explorer.lnk
[2011.07.18 20:39:49 | 000,000,236 | ---- | M] () -- C:\Users\AndyJenny\AppData\Roaming\wklnhst.dat
[2011.07.18 02:11:33 | 000,322,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.17 19:49:17 | 000,000,072 | ---- | M] () -- C:\Windows\wiso.ini
[2011.07.09 17:59:59 | 000,022,016 | ---- | M] () -- C:\Users\AndyJenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\Users\AndyJenny\AppData\Local\*.tmp files -> C:\Users\AndyJenny\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.05 07:39:46 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.05 07:30:53 | 000,001,062 | ---- | C] () -- C:\Users\AndyJenny\Desktop\Revo Uninstaller.lnk
[2011.08.04 07:28:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.04 07:28:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.04 07:28:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.04 07:28:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.04 07:28:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.04 06:58:05 | 000,104,540 | ---- | C] () -- C:\Users\AndyJenny\Documents\cc_20110804_065758.reg
[2011.08.02 07:57:31 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.01 13:50:39 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.30 04:46:19 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.24 23:29:40 | 000,000,000 | ---- | C] () -- C:\Users\AndyJenny\defogger_reenable
[2011.07.18 23:27:12 | 000,002,613 | ---- | C] () -- C:\Users\AndyJenny\Desktop\HiJackThis.lnk
[2011.07.18 22:29:50 | 000,001,255 | ---- | C] () -- C:\Users\AndyJenny\Desktop\Explorer.lnk
[2011.07.18 01:26:48 | 000,000,680 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\d3d9caps.dat
[2011.07.17 19:48:05 | 000,000,072 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.04 22:23:27 | 000,000,236 | ---- | C] () -- C:\Users\AndyJenny\AppData\Roaming\wklnhst.dat
[2010.10.22 02:00:00 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2010.02.08 20:37:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.08 20:37:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.05 12:29:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.03 22:56:39 | 000,022,016 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.25 22:26:38 | 000,000,097 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\fusioncache.dat
[2009.08.17 12:07:07 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.08.17 12:07:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.08.17 12:07:07 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.08.17 12:07:07 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.13 13:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.13 13:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.13 13:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.13 13:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.13 13:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.13 13:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.13 13:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 13:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 13:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 13:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 13:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 12:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 10:21:25 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,146,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,322,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.06.26 16:02:33 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Audacity
[2010.07.25 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\GARMIN
[2010.02.05 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\myphotobook
[2010.10.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Philips-Songbird
[2009.10.25 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\T-Online
[2010.02.05 12:30:15 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Template
[2009.10.25 21:25:26 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Toshiba
[2011.08.05 07:34:24 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 05.08.2011 13:02:33 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 62,73% Memory free
5,96 Gb Paging File | 4,75 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 85,22 Gb Free Space | 57,24% Space Free | Partition Type: NTFS
Drive D: | 147,73 Gb Total Space | 143,05 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 3,63 Gb Free Space | 97,43% Space Free | Partition Type: FAT32
 
Computer Name: ANDYJENNY-PC | User Name: AndyJenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEFCB65-BDA4-4611-993A-0F70140094E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E8FA13F-A2A5-4D65-8718-60E2C51997E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{21B2133A-6440-4410-8E23-5787BE31A024}" = rport=445 | protocol=6 | dir=out | app=system | 
"{427C7520-E70F-4288-9918-57706484F93A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4359BE38-B64B-451E-B68F-650C709A0401}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D71B3CE-9E30-48EE-836E-851F5C8B7C9B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{58C83A4D-0743-4E33-88C3-64B3A4814C9B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{59038745-2788-478A-BB97-7222860EA178}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{69D57BE1-6A06-4E1F-9873-A4D6182B635F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{75517179-506B-46E1-B82A-2CD3348F1E62}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8528D5D0-88FB-44C4-81F2-F259BE626E6D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{949C46F5-C077-48EE-8B4A-923A50BBC29F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{955E62FB-0693-429F-8F41-BBF3CF6AE020}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A010F0EA-015C-41D8-9FA9-1DBAE8CFEA2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A06F9704-1B05-4AE1-8EE6-4DFEDC1B2C5A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AE7B908A-4BD0-483C-9D18-91D5ED57D05B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BAD0B3CA-1312-4DA0-8B73-224870E3301E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BF1441BD-09CB-48FE-AD2F-A45906A1A66E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D17C86B7-29BA-43E0-BC9E-DBCC3B589317}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F2BE9CF1-B202-4B13-9104-C5ADAD6CA9AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F571E0DA-7F31-4CDA-A99C-AFC180DAC5A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC5E0E63-8321-4941-95C3-B99790BC89C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1E9DE7-7975-497F-A08E-8EBAB545E197}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1181662D-283A-4260-9BF3-17AB86672DBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2EE70D3C-F01C-4159-BFE4-640FB899FA99}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2F4569A6-63B9-4452-803B-C02B95C7BB61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{86CD453D-2CF6-4C32-B5FB-59D2270B0685}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BFF4AEF7-9C09-4236-BAE8-AB10BDD6BE20}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E502AFB8-402E-4383-B0BE-ACA5674261F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0B206D57-FBAE-4E18-BEB6-A130CA063FFC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{56F2825B-E030-432D-94A4-6B5F6E7829DD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{BE9FA557-3DEE-4FA8-95AB-26FF80087BE5}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=6 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe | 
"UDP Query User{AFA88427-36E5-4002-ADC9-6D36E41FD662}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=17 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe | 
"UDP Query User{C8F57556-81B2-481B-A38F-9AF6F78AEFA9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{EE91A5F1-7123-4474-BA3B-D9FED883D92E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1434CB3B-C5FB-4FCE-993B-DFF115F4558F}" = Radiotracker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B954367-8314-4E94-9FFC-D6EFF7C6B674}" = Steuersparer 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C07B86C3-1816-4C59-927E-0287925DFB96}" = Garmin City Navigator Europe NT 2010
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Free RAR Extract Frog" = Free RAR Extract Frog
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Netzmanager" = Netzmanager
"Philips Songbird" = Philips Songbird
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SYBEX Spieltrieb MahJongg" = SYBEX Spieltrieb MahJongg 1 
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2011 11:43:31 | Computer Name = AndyJenny-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2011 11:44:46 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 11:47:29 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 12:07:18 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:16:12 | Computer Name = AndyJenny-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2011 13:17:27 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:25:37 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:35:25 | Computer Name = AndyJenny-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2011 13:36:41 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:59:18 | Computer Name = AndyJenny-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 04.08.2011 01:07:05 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 04.08.2011 01:29:15 | Computer Name = AndyJenny-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 04.08.2011 01:29:37 | Computer Name = AndyJenny-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.08.2011 01:32:39 | Computer Name = AndyJenny-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.08.2011 01:34:42 | Computer Name = AndyJenny-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.08.2011 00:37:32 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:52:01 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:53:57 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:56:07 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 01:35:51 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
 
< End of report >

P.S. Ich nahme an das d. computer Geschwindigkeit ist wieder normal (ich weiss nicht wie schnell es vorhier war), nur Avirus meldet immer noch mit zwei Funde,

TR/Crypt.XPACK.Gen5

C:\Users\AndyJenny\tloadfEO.VIR000 und
C:\Users\AndyJenny\tloadfEO.VIR001

Nachher meldet für 10 Sekunden in regelmäsiger abstand für ein par Minuten.

Geblockte Autostartprogramme meldet über geblockte Progamme.

MfG.

kira · 05.08.2011, 17:47

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2011.07.13 22:06:02 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\Users\AndyJenny\tloadfE0.VIR001
[2011.07.13 22:06:02 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\Users\AndyJenny\tloadfE0.VIR000

:Commands
[purity]
[emptytemp]
[resethosts]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

SeekerG · 06.08.2011, 04:11

Halo kira,

Punk 1. Erledigt.

OTL Log File.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
C:\Users\AndyJenny\tloadfE0.VIR001 moved successfully.
C:\Users\AndyJenny\tloadfE0.VIR000 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AndyJenny
->Temp folder emptied: 230565 bytes
->Temporary Internet Files folder emptied: 532258 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08062011_041411

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Punkt 2. Erledigt.

OTL.txt.

Code:

ATTFilter

OTL logfile created on: 06.08.2011 04:33:18 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\AndyJenny\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 68,79% Memory free
5,96 Gb Paging File | 4,93 Gb Available in Paging File | 82,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 85,11 Gb Free Space | 57,17% Space Free | Partition Type: NTFS
Drive D: | 147,73 Gb Total Space | 143,05 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 3,63 Gb Free Space | 97,45% Space Free | Partition Type: FAT32
 
Computer Name: ANDYJENNY-PC | User Name: AndyJenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.29 03:09:07 | 004,599,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.07.19 02:28:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AndyJenny\Downloads\OTL.exe
PRC - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2010.05.28 13:54:42 | 000,375,296 | ---- | M] () -- C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.03.19 20:50:52 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.05.01 17:57:50 | 000,088,808 | ---- | M] () -- C:\Programme\maxdome\DCBin\DCTrayApp.exe
PRC - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\ASpybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.06.24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.05.09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:33:41 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008.01.21 04:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.19 02:28:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AndyJenny\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.19 02:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\ASpybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.10.22 02:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.03.30 16:43:54 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010.03.30 16:43:54 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 20:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/service/redir/ie7_start.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: 7digital@songbirdnest.com:1.7.2.1667
FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.8.1667
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: concerts-philips@songbirdnest.com:1.0.5.1667
FF - prefs.js..extensions.enabledItems: ewaacdec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewh264dec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewmp3enc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: ewmpeg4dec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewmpeg4enc@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: fileassociation@philips.com:3.2.0.1002
FF - prefs.js..extensions.enabledItems: gogear@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.7.2.1273013908
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.3.1667
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.19.1667
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:3.2.0.2202
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:5.0.0.2417
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:3.2.0.2200
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:3.2.0.2207
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:3.2.0.2203
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.7.1667
FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.7.1667
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.02 22:53:44 | 000,000,000 | ---D | M]
 
[2010.10.18 19:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AndyJenny\AppData\Roaming\mozilla\Extensions
[2010.10.18 19:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AndyJenny\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2010.10.18 19:39:40 | 000,000,530 | ---- | M] () -- C:\Users\AndyJenny\AppData\Roaming\Philips-Songbird\Profiles\8c27c6qv.default\searchplugins\92eb774f-32e6-4b52-9cb2-f572de368900.xml
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\7DIGITAL@SONGBIRDNEST.COM
[2010.10.18 19:33:38 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CONCERTS-PHILIPS@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWAACDEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (H.264 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWH264DEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMP3ENC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MPEG-4 Video Decoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMPEG4DEC@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (MPEG-4 Video Encoding Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMPEG4ENC@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\FILEASSOCIATION@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GOGEAR@SONGBIRDNEST.COM
[2010.10.18 19:33:38 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2010.10.18 19:33:52 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2010.10.18 19:33:51 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2010.10.18 19:33:39 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2010.11.26 20:49:48 | 000,000,000 | ---D | M] (Philips Branding) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2010.10.18 19:39:30 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
[2010.10.18 19:39:30 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\USERS\ANDYJENNY\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\8C27C6QV.DEFAULT\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
 
O1 HOSTS File: ([2011.08.06 04:14:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\ASpybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\ASpybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.05 07:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.05 07:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.08.05 07:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.08.05 07:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011.08.05 07:30:53 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.08.05 07:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.08.05 07:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.05 07:19:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.05 07:19:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.05 07:19:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.05 07:19:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.05 07:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.08.04 11:30:32 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011.08.04 07:36:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.04 07:34:39 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Local\temp
[2011.08.04 07:28:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.04 07:28:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.04 07:28:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.04 07:28:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.04 07:28:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.08.04 07:28:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.04 07:18:20 | 004,163,262 | R--- | C] (Swearware) -- C:\Users\AndyJenny\Desktop\ComboFix.exe
[2011.07.31 18:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.30 04:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.25 19:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.07.25 19:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick
[2011.07.25 19:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVM_FRITZ!WLAN_USB_Stick_Build100906
[2011.07.25 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Malwarebytes
[2011.07.25 14:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.25 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.20 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.20 16:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.07.18 23:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2011.07.18 23:27:12 | 000,000,000 | ---D | C] -- C:\Users\AndyJenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.07.17 19:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.13 22:06:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 22:05:53 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 22:05:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[5 C:\Users\AndyJenny\AppData\Local\*.tmp files -> C:\Users\AndyJenny\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.06 04:17:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.08.06 04:15:45 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.08.06 04:15:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 04:15:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 04:15:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.06 04:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.06 04:15:34 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.06 04:14:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.06 04:12:42 | 000,000,526 | ---- | M] () -- C:\Users\AndyJenny\Desktop\OTL.exe - Verknüpfung.lnk
[2011.08.06 04:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 07:39:46 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.05 07:30:53 | 000,001,062 | ---- | M] () -- C:\Users\AndyJenny\Desktop\Revo Uninstaller.lnk
[2011.08.05 07:19:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.08.05 07:19:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.05 07:19:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.05 07:19:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.08.04 06:58:15 | 000,104,540 | ---- | M] () -- C:\Users\AndyJenny\Documents\cc_20110804_065758.reg
[2011.08.03 15:34:30 | 004,163,262 | R--- | M] (Swearware) -- C:\Users\AndyJenny\Desktop\ComboFix.exe
[2011.08.02 07:53:02 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.01 13:49:33 | 000,000,680 | ---- | M] () -- C:\Users\AndyJenny\AppData\Local\d3d9caps.dat
[2011.07.30 04:46:19 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.29 21:03:55 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.29 21:03:55 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.29 21:03:55 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.29 21:03:55 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.24 23:29:40 | 000,000,000 | ---- | M] () -- C:\Users\AndyJenny\defogger_reenable
[2011.07.20 17:12:50 | 000,002,613 | ---- | M] () -- C:\Users\AndyJenny\Desktop\HiJackThis.lnk
[2011.07.18 22:31:55 | 000,001,255 | ---- | M] () -- C:\Users\AndyJenny\Desktop\Explorer.lnk
[2011.07.18 20:39:49 | 000,000,236 | ---- | M] () -- C:\Users\AndyJenny\AppData\Roaming\wklnhst.dat
[2011.07.18 02:11:33 | 000,322,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.17 19:49:17 | 000,000,072 | ---- | M] () -- C:\Windows\wiso.ini
[2011.07.09 17:59:59 | 000,022,016 | ---- | M] () -- C:\Users\AndyJenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\Users\AndyJenny\AppData\Local\*.tmp files -> C:\Users\AndyJenny\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.06 04:12:42 | 000,000,526 | ---- | C] () -- C:\Users\AndyJenny\Desktop\OTL.exe - Verknüpfung.lnk
[2011.08.05 07:39:46 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.08.05 07:30:53 | 000,001,062 | ---- | C] () -- C:\Users\AndyJenny\Desktop\Revo Uninstaller.lnk
[2011.08.04 07:28:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.04 07:28:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.04 07:28:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.04 07:28:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.04 07:28:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.04 06:58:05 | 000,104,540 | ---- | C] () -- C:\Users\AndyJenny\Documents\cc_20110804_065758.reg
[2011.08.02 07:57:31 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.01 13:50:39 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.30 04:46:19 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.24 23:29:40 | 000,000,000 | ---- | C] () -- C:\Users\AndyJenny\defogger_reenable
[2011.07.18 23:27:12 | 000,002,613 | ---- | C] () -- C:\Users\AndyJenny\Desktop\HiJackThis.lnk
[2011.07.18 22:29:50 | 000,001,255 | ---- | C] () -- C:\Users\AndyJenny\Desktop\Explorer.lnk
[2011.07.18 01:26:48 | 000,000,680 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\d3d9caps.dat
[2011.07.17 19:48:05 | 000,000,072 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.04 22:23:27 | 000,000,236 | ---- | C] () -- C:\Users\AndyJenny\AppData\Roaming\wklnhst.dat
[2010.10.22 02:00:00 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2010.02.08 20:37:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.08 20:37:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.05 12:29:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.03 22:56:39 | 000,022,016 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.25 22:26:38 | 000,000,097 | ---- | C] () -- C:\Users\AndyJenny\AppData\Local\fusioncache.dat
[2009.08.17 12:07:07 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.08.17 12:07:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.08.17 12:07:07 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.08.17 12:07:07 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.13 13:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.13 13:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.13 13:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.13 13:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.13 13:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.13 13:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.13 13:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 13:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 13:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 13:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 13:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 12:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 10:21:25 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,146,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,322,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.06.26 16:02:33 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Audacity
[2010.07.25 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\GARMIN
[2010.02.05 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\myphotobook
[2010.10.18 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Philips-Songbird
[2009.10.25 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\T-Online
[2010.02.05 12:30:15 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Template
[2009.10.25 21:25:26 | 000,000,000 | ---D | M] -- C:\Users\AndyJenny\AppData\Roaming\Toshiba
[2011.08.06 04:14:38 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt.

Code:

ATTFilter

OTL Extras logfile created on: 06.08.2011 04:33:18 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\AndyJenny\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 68,79% Memory free
5,96 Gb Paging File | 4,93 Gb Available in Paging File | 82,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 85,11 Gb Free Space | 57,17% Space Free | Partition Type: NTFS
Drive D: | 147,73 Gb Total Space | 143,05 Gb Free Space | 96,83% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 3,63 Gb Free Space | 97,45% Space Free | Partition Type: FAT32
 
Computer Name: ANDYJENNY-PC | User Name: AndyJenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEFCB65-BDA4-4611-993A-0F70140094E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E8FA13F-A2A5-4D65-8718-60E2C51997E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{21B2133A-6440-4410-8E23-5787BE31A024}" = rport=445 | protocol=6 | dir=out | app=system | 
"{427C7520-E70F-4288-9918-57706484F93A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4359BE38-B64B-451E-B68F-650C709A0401}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D71B3CE-9E30-48EE-836E-851F5C8B7C9B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{58C83A4D-0743-4E33-88C3-64B3A4814C9B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{59038745-2788-478A-BB97-7222860EA178}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{69D57BE1-6A06-4E1F-9873-A4D6182B635F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{75517179-506B-46E1-B82A-2CD3348F1E62}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8528D5D0-88FB-44C4-81F2-F259BE626E6D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{949C46F5-C077-48EE-8B4A-923A50BBC29F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{955E62FB-0693-429F-8F41-BBF3CF6AE020}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A010F0EA-015C-41D8-9FA9-1DBAE8CFEA2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A06F9704-1B05-4AE1-8EE6-4DFEDC1B2C5A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AE7B908A-4BD0-483C-9D18-91D5ED57D05B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BAD0B3CA-1312-4DA0-8B73-224870E3301E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BF1441BD-09CB-48FE-AD2F-A45906A1A66E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D17C86B7-29BA-43E0-BC9E-DBCC3B589317}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F2BE9CF1-B202-4B13-9104-C5ADAD6CA9AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F571E0DA-7F31-4CDA-A99C-AFC180DAC5A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC5E0E63-8321-4941-95C3-B99790BC89C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1E9DE7-7975-497F-A08E-8EBAB545E197}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1181662D-283A-4260-9BF3-17AB86672DBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2EE70D3C-F01C-4159-BFE4-640FB899FA99}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2F4569A6-63B9-4452-803B-C02B95C7BB61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{86CD453D-2CF6-4C32-B5FB-59D2270B0685}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BFF4AEF7-9C09-4236-BAE8-AB10BDD6BE20}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E502AFB8-402E-4383-B0BE-ACA5674261F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0B206D57-FBAE-4E18-BEB6-A130CA063FFC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{56F2825B-E030-432D-94A4-6B5F6E7829DD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{BE9FA557-3DEE-4FA8-95AB-26FF80087BE5}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=6 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe | 
"UDP Query User{AFA88427-36E5-4002-ADC9-6D36E41FD662}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=17 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe | 
"UDP Query User{C8F57556-81B2-481B-A38F-9AF6F78AEFA9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{EE91A5F1-7123-4474-BA3B-D9FED883D92E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1434CB3B-C5FB-4FCE-993B-DFF115F4558F}" = Radiotracker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B954367-8314-4E94-9FFC-D6EFF7C6B674}" = Steuersparer 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C07B86C3-1816-4C59-927E-0287925DFB96}" = Garmin City Navigator Europe NT 2010
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Free RAR Extract Frog" = Free RAR Extract Frog
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Netzmanager" = Netzmanager
"Philips Songbird" = Philips Songbird
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SYBEX Spieltrieb MahJongg" = SYBEX Spieltrieb MahJongg 1 
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2011 11:47:29 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 12:07:18 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:16:12 | Computer Name = AndyJenny-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2011 13:17:27 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:25:37 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:35:25 | Computer Name = AndyJenny-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.07.2011 13:36:41 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2011 13:59:18 | Computer Name = AndyJenny-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 26.07.2011 22:10:19 | Computer Name = AndyJenny-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2011 23:03:37 | Computer Name = AndyJenny-PC | Source = System Restore | ID = 8199
Description = 
 
[ System Events ]
Error - 05.08.2011 00:37:32 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:52:01 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:53:57 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 00:56:07 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 01:35:51 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 07:34:51 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 21:55:28 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 22:10:47 | Computer Name = AndyJenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.08.2011 um 04:09:20 unerwartet heruntergefahren.
 
Error - 05.08.2011 22:11:14 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 05.08.2011 22:15:59 | Computer Name = AndyJenny-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
 
< End of report >

P.S. Ausserhalb eine Meldung von d. 'Geblockte Autostartprogramme' gibt nicht anders zum melden.

MfG.

SeekerG · 11.08.2011, 17:43

Hallo kira,

wie geht es weiter?

MfG.

kira · 12.08.2011, 06:01

Ich glaube Du wirst wohl doch nicht ohne um eine komplette Neuinstallation rum kommen, nur so kannst Du sicher sein, dass Dein Speicher sauber ist.
Um eventuelle Rootkit-Viren ausfindig zu machen und entfernen zu können, müssen die Anwendungsprogramme immer auf den aktuellen Stand gebracht werden. Wegen einer fehlenden Internetverbindung ist es nicht möglich, ist der Bereinigungsprozess nutzlos! Problem Nummer zwei besteht darin, dass der Rechner wohl hochgradig verseucht ist und nicht mehr vertrauenswürdig:-> *klick* - Technische Kompromittierung
** Lesestoff:-> Warum man bei Infektionen den Rechner neu installieren sollte...
- Also um kurzen Prozess zu machen: Festplatte formatieren und Windows neu einrichten, die einzige Lösung die ich Dir empfehlen kann!
Es gibt leider auch bei uns Situation, wo man besser Format C empfiehlt, als eine tagelange Reingung, die nicht zum Erfolg führen muss.

SeekerG · 12.08.2011, 09:05

Hallo kira,

ich bedanke mich für Ihre Antwort.

Ein neue Installation hätte ich sofort an Anfang gemacht wenn d. SW vorhanden wäre. Nur meine Tochter hat keine Weiderherstellungs-DVD's gebrannt. OS ist keine Probleme nur die fehlender Gerät spezifische Treiber.

Nur ich habe eine Frage, wie ist diese Trojaner übertragen und gelargert? Ist es möglich irgern was in Fotos, Musik u.s.w. immer noch vorhanden ist. Es hat keine Zweck alles neu zum installieren wenn d. Trojaner in die Sicherheits-Datein vorhanden ist.

MfG.

kira · 13.08.2011, 06:18

Zitat:

Zitat von SeekerG

. Nur meine Tochter hat keine Weiderherstellungs-DVD's gebrannt.

-> Wie verwende ich die Toshiba HDD Recovery Utility?:-> http://aps2.toshiba-tro.de/kb0/HTD7C02140000R01DE.htm

Zitat:

Zitat von SeekerG

Ist es möglich irgern was in Fotos, Musik u.s.w. immer noch vorhanden ist.

es kommt drauf an...woher hat man Fotos und Musikdateien auf PC installiert? aus einer sicheren Quelle stammen oder nicht?
ansonsten allgemein gilt:
Datensicherung:
Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
** Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!

- Bevor du mit deinem PC direkt ins Netz gehst:
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern ( am besten von einem anderen, nicht-infizierten Rechner aus! )

Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

- Vor zurückspielen:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten
- Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung

SeekerG · 18.08.2011, 14:18

Hallo kira,

trotz keine Erfolg werde ich gern mich bedanken für Ihre Bemühung.

Ich finde es Toll das manche Leute opfern Ihre zeit andere Leute zum helfen. Noch mal, ein grosse Danke.

Ich habe mine Tochter überredet Windows 7 und ein Spiegelkopie-Programm zu vewenden. Ich benutze seit Jahre d. Spiegelkopie-System und habe nie probleme gehabt.

Goodbye and thanks.