NtMapViewOfSection-Hook

Wittenberg · 10.06.2012, 22:37

Hallo,

habe nach Trojaner-Befall (Atraps.Gen2 u. Sirefef.AG.35) Vista auf mein Notebook (Toshiba) mittles Recovery-CD neu aufgespielt; dazu die von Euch empfohlene Sicherheitssoftware (Malwarebyte, AVG, SpywareBlaster).
Habe danach mehrfach Malwarebytes u. AVG laufen lassen.
Malwarebytes brachte keine Funde, aber AVG zeigt folgendes:

Objektname: <unknown>
Erkennungsname: Dienstfunktion NtMapViewOfSection-Hook -> 0x86D83A20
Objekttyp: Datei
SDK-Typ: Rootkit
Ergebnis: versteckt
Aktionsverlauf

AVG zeigt an, dass es dieses Element "nicht entfernt oder geheilt" hat.
Will man es manuell entfernen, kommt der Hinweis: "Objekt wird durch eine Rootkit-Technik verborgen (wird normalerweise bei schädlicher Software verwendet). Möchten Sie das Objekt wirklich entfernen?"
Geht man auf "Entfernen", so folgt der Hinweis: "Die Bedrohung kann mit Standardbenuterrechten nicht entferbt werden. Möchten Sie die Bedrohung als Hauptbenutzer entfernen?" - Nach Bestätigung mit "Ja" wird für die Entfernung der Bedrohung der Neustart des Computers empfohlen.

Nach Neustart u. neuerlichem AVG-Suchlauf ist das wieder "Element" zurück.

Was kann ich tun?

Muss allerdings gleich vorwegnehmen, dass ich nur über bescheidene PC-Kenntnisse verfüge.

Habe gemäß Anleitung Defogger (ohne Fehlermeldung), OTL u. Gmer durchlaufen lassen.
Nachfolgend die entsprechenden Logfiles:

Zitat:

OTL logfile created on: 10.06.2012 21:39:41 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 33,03% Memory free
4,21 Gb Paging File | 2,79 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 35,33 Gb Free Space | 47,60% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,26 Gb Free Space | 99,86% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.10 21:32:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.06.09 00:37:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.06.07 09:42:39 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2012.06.06 23:05:25 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.06.06 23:05:23 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcfgex.exe
PRC - [2008.09.18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.08.13 12:14:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007.05.04 13:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007.04.24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.03.22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.03.01 08:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.09 18:21:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2012.06.09 16:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2012.06.09 16:40:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2012.06.09 16:40:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2012.06.09 16:38:44 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2012.06.09 16:38:28 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2012.06.08 23:30:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.06.08 23:26:55 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.06.06 23:05:25 | 000,132,664 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012.06.06 23:05:23 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007.05.31 10:01:22 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.01.18 09:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll
MOD - [2007.01.17 18:08:34 | 000,009,336 | ---- | M] () -- C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\IYIRAH.exe -- (IYIRAH)
SRV - [2012.06.07 09:42:39 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2012.06.06 23:05:25 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.08.13 12:25:54 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.01.14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007.01.12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\391A.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.06.07 10:25:03 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.05.16 18:07:18 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 18:07:18 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVENG.SYS -- (NAVENG)
DRV - [2012.05.16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.16 06:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - [2012.05.10 02:51:50 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20120606.001\IDSvix86.sys -- (IDSvix86)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009.08.03 19:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009.08.03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.08.03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009.08.03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2009.08.03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.08.03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.13 16:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2007.01.03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.12.14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={67BCAA11-D69B-4095-AAA7-D9730D1F585D}&mid=ba1aac90e62d47d0a112d153d419d095-f7812c5c2bd4458c81277ccfd80bb88d6b2aa4f8&lang=de&ds=AVG&pr=fr&d=2012-06-06 23:05:26&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vgwQyqI&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bde4fb2d9-7f50-4e5f-8578-a6d8a00bce51%7D&mid=ba1aac90e62d47d0a112d153d419d095-f7812c5c2bd4458c81277ccfd80bb88d6b2aa4f8&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-06-06%2023%3A05%3A26&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.06 23:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.06 23:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.06 23:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.07 12:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 21:42:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.06.06 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.07 22:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bw6rjb4y.default\extensions
[2012.06.07 12:13:56 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bw6rjb4y.default\extensions\ffxtlbr@incredibar.com
[2012.06.07 12:13:29 | 000,002,203 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bw6rjb4y.default\searchplugins\MyStart Search.xml
[2012.06.06 22:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 23:03:53 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.06.07 12:13:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.06.06 23:05:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012.06.06 22:55:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW6RJB4Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.09 16:25:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.06 23:05:22 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{198A7525-D125-43C4-92B6-956B826585EC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c368af6-b00f-11e1-bb8b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c368af6-b00f-11e1-bb8b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.10 21:32:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.09 18:19:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.09 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.09 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.09 12:58:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.06.07 22:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012.06.07 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.06.07 22:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.06.07 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.06.07 22:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.06.07 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.06.07 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.06.07 12:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.07 12:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.06.07 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.07 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2012.06.07 09:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
[2012.06.07 01:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.07 01:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012.06.07 01:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.06.07 01:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.06.07 01:38:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2012.06.07 01:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.07 01:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.07 01:37:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.07 01:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.07 00:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2012.06.07 00:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012.06.07 00:27:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Dateien
[2012.06.07 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Bücher
[2012.06.07 00:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.07 00:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.07 00:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.06.06 23:45:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WhiteLabelOffice
[2012.06.06 23:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\White Label Office 3
[2012.06.06 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.06.06 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2012.06.06 23:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.06 23:39:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.06.06 23:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.06 23:37:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2012.06.06 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.06.06 23:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.06 23:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.06.06 23:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.06.06 23:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.06.06 23:07:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.06.06 23:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search
[2012.06.06 23:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.06 23:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.06.06 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.06 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.06.06 23:03:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.06.06 23:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.06.06 23:03:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.06.06 23:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.06.06 22:58:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2012.06.06 22:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.06.06 22:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012.06.06 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012.06.06 22:30:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.06 22:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.06.06 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.06.06 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.06.06 22:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.06 22:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.06 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.06.06 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.06.06 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.06 22:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 22:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 22:04:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.06 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.06 21:52:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Toshiba
[2012.06.06 21:52:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.06 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.06 21:51:31 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.06.06 21:51:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.06.06 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2012.06.06 21:49:15 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.06.06 21:49:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.06 21:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.06 21:43:26 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012.06.06 21:43:26 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012.06.06 21:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012.06.06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.06.06 21:38:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.10 21:32:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.10 21:26:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.10 21:24:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.10 21:06:48 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.10 21:06:48 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.10 21:06:48 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.10 21:06:48 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.10 20:58:58 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:58:58 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 20:58:24 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 20:51:06 | 100,143,439 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.06.09 17:38:40 | 000,026,378 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.06.09 16:36:18 | 000,392,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 15:16:52 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.06.09 12:16:12 | 034,537,472 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.06.09 12:16:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.06.09 12:16:12 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.06.09 01:20:10 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012.06.09 01:12:59 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012.06.07 23:03:50 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.07 22:29:49 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\CX4300_5500_DX4400 Handbuch.lnk
[2012.06.07 22:21:32 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.06.07 22:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.06.07 21:42:28 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.07 12:14:00 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.06.07 10:25:03 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.06.07 10:25:03 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.06.07 10:25:03 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.06.07 10:08:52 | 000,000,000 | ---- | M] () -- C:\Windows\WinInit.ini
[2012.06.07 09:51:12 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.06.07 01:56:46 | 000,002,707 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.07 01:06:56 | 000,000,565 | ---- | M] () -- C:\Users\***\Desktop\Camcorder.lnk
[2012.06.07 01:01:38 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video.lnk
[2012.06.07 00:35:21 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ImageMixer.lnk
[2012.06.07 00:35:21 | 000,000,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.06.07 00:32:43 | 000,000,583 | ---- | M] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.06.07 00:32:23 | 000,001,372 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.06.07 00:18:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.06 23:48:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2012.06.06 23:40:47 | 000,000,363 | ---- | M] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.06.06 23:39:19 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.06 23:23:10 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.06 23:05:42 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.06 22:47:17 | 000,000,881 | ---- | M] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2012.06.06 22:43:00 | 000,000,104 | ---- | M] () -- C:\Users\***\Desktop\Window Mail.lnk
[2012.06.06 22:04:57 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 21:43:05 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.10 21:26:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.10 21:23:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.10 20:51:06 | 100,143,439 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.06.09 17:38:40 | 000,026,378 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.06.09 01:20:10 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012.06.09 01:12:59 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.06.08 23:31:07 | 034,537,472 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.06.08 23:31:07 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.06.08 23:31:07 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.06.07 23:03:47 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.07 22:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.06.07 22:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.06.07 22:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.06.07 22:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.06.07 22:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.06.07 22:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.06.07 22:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.06.07 22:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.06.07 22:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.06.07 22:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.06.07 22:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.06.07 22:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.06.07 22:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.06.07 22:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.06.07 22:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.06.07 22:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.06.07 22:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.06.07 22:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.06.07 22:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.06.07 22:30:13 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2012.06.07 22:30:13 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2012.06.07 22:30:13 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2012.06.07 22:30:13 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2012.06.07 22:30:13 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2012.06.07 22:30:13 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2012.06.07 22:30:13 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2012.06.07 22:30:13 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2012.06.07 22:30:13 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2012.06.07 22:30:13 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2012.06.07 22:30:13 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2012.06.07 22:30:13 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2012.06.07 22:30:13 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2012.06.07 22:29:49 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\CX4300_5500_DX4400 Handbuch.lnk
[2012.06.07 22:21:32 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.06.07 22:21:00 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.06.07 12:13:58 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.06.07 10:08:52 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2012.06.07 09:23:40 | 000,000,584 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.06.07 01:56:46 | 000,002,707 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.07 01:56:05 | 000,002,631 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.06.07 01:06:56 | 000,000,565 | ---- | C] () -- C:\Users\***\Desktop\Camcorder.lnk
[2012.06.07 01:01:38 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video.lnk
[2012.06.07 00:35:21 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ImageMixer.lnk
[2012.06.07 00:35:21 | 000,000,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.06.07 00:27:48 | 000,001,372 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.06.07 00:27:44 | 000,000,583 | ---- | C] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.06.07 00:18:19 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.06 23:40:47 | 000,000,363 | ---- | C] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.06.06 23:39:19 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.06 23:37:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.06.06 23:23:10 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.06 23:23:10 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.06 23:05:42 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.06 22:47:17 | 000,000,881 | ---- | C] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2012.06.06 22:43:00 | 000,000,104 | ---- | C] () -- C:\Users\***\Desktop\Window Mail.lnk
[2012.06.06 22:13:57 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.06 22:13:57 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.06 22:04:57 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 21:51:44 | 000,000,954 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.06 21:51:42 | 000,000,949 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.06 21:51:31 | 000,000,920 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.06.06 21:43:26 | 000,089,991 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012.06.06 21:43:26 | 000,030,578 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012.06.06 21:43:05 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[2012.06.06 21:38:03 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys

========== LOP Check ==========

[2012.06.06 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.06.07 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.06 22:05:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.06.06 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WhiteLabelOffice
[2012.06.10 20:55:04 | 000,016,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Zitat:

OTL Extras logfile created on: 10.06.2012 21:39:41 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 33,03% Memory free
4,21 Gb Paging File | 2,79 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 35,33 Gb Free Space | 47,60% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,26 Gb Free Space | 99,86% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FD41AB-3990-4CBE-A4D4-ED75B5783A91}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0AAE4BAD-0348-4CFE-B33C-8667BE70098C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BFDFC41-41FD-486B-9799-659F313786B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2C4EB0EE-54F3-424F-AD5B-2E548301BA35}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{334B7467-ADA6-4066-B48A-4303249F879D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{64468822-5D68-468D-BADC-8662408C8A22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6EEAF812-A131-4C2E-80AF-825E296CD577}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{74B84D4B-6641-4890-AE90-2213B3A6D571}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7C7FBD9B-97F3-4FF6-8FFB-8EA02563BD6F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9482993D-FD8B-4F93-A15E-47AB5F0779DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A01CE0AE-4BF2-4F3F-8667-AB893EF29E95}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A9A092E0-E1DD-4EA1-9EDE-0C09C8816CDD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AF5B5861-2636-4B33-B071-57ED3D39A9CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FA0EB838-5CAA-4EB5-9E76-D82E49920962}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{320D4FBD-53F7-476B-A4AF-E26A02645918}" = MAGIX Video easy HD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F2A2C4F-34FC-4B9C-A80F-14F8617AD61B}" = SymNet
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{45E8C241-5D1A-4E86-B5DA-3CCABD427417}" = Symantec Real Time Storage Protection Component
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDBF6D3-08D7-4B78-8C6C-FD9CC66CB369}" = MAGIX Speed burnR (MSI)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FF478E4A-AC94-4847-8036-1DB8EC19355A}" = MAGIX Screenshare
"AVG" = AVG 2012
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.1
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.06.2012 10:44:00 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 09.06.2012 12:06:21 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
0xc0000005, Fehleroffset 0x0001ca18, Prozess-ID 0xf3c, Anwendungsstartzeit 01cd46599c9da9db.

Error - 09.06.2012 12:08:51 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 09.06.2012 12:28:58 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
0xc0000005, Fehleroffset 0x0001ca18, Prozess-ID 0xe74, Anwendungsstartzeit 01cd465cdaca6eff.

Error - 09.06.2012 12:33:45 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 10.06.2012 14:48:12 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
0xc0000005, Fehleroffset 0x0001ca18, Prozess-ID 0xe00, Anwendungsstartzeit 01cd47396a5bde49.

Error - 10.06.2012 14:54:01 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 10.06.2012 15:01:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
0xc0000005, Fehleroffset 0x0001ca18, Prozess-ID 0xfac, Anwendungsstartzeit 01cd473b50da7269.

Error - 10.06.2012 15:06:45 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 10.06.2012 15:30:49 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.0.4535 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 614 Anfangszeit: 01cd473c286d8cd9 Zeitpunkt der
Beendigung: 60000

[ System Events ]
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09.06.2012 10:33:03 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =

Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Zitat:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-10 22:41:02
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03
Running: 6vk2oly2.exe; Driver: C:\Users\***\AppData\Local\Temp\kxlyrpog.sys

---- System - GMER 1.0.15 ----

SSDT 86D84A50 ZwAlertResumeThread
SSDT 86D84B30 ZwAlertThread
SSDT 86D83CA0 ZwAllocateVirtualMemory
SSDT 86D18738 ZwConnectPort
SSDT 86D859C0 ZwCreateMutant
SSDT 86D7A5B8 ZwCreateThread
SSDT 86D83B00 ZwFreeVirtualMemory
SSDT 86D84890 ZwImpersonateAnonymousToken
SSDT 86D84970 ZwImpersonateThread
SSDT 86D83A20 ZwMapViewOfSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8F895004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8F8950D4]
SSDT 86D85900 ZwOpenEvent
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8F894D76]
SSDT 86D83D70 ZwOpenProcessToken
SSDT 86D83760 ZwOpenThreadToken
SSDT 86D81330 ZwResumeThread
SSDT 86D84F28 ZwSetContextThread
SSDT 86D83850 ZwSetInformationProcess
SSDT 86D84E38 ZwSetInformationThread
SSDT 86D85820 ZwSuspendProcess
SSDT 86D84C78 ZwSuspendThread
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8F894E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8F894EBA]
SSDT 86D83940 ZwUnmapViewOfSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8F894F56]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87AAE000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87AF7000, 0x510, 0x40000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Viele Grüße. WB

kira · 11.06.2012, 05:37

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Wittenberg · 11.06.2012, 11:09

Hallo Kira!

Problem hat sich erledigt: es haben sich offenbar nur 2 Antiviren-Programme nicht so recht vertragen.

Trotzdem vielen Dank u. herzliche Grüße

kira · 11.06.2012, 15:56

Du hast Adware drauf und andere ernsthafte Probleme:

► ist dein Vista original?
► Frage dich, wieso hast Du nicht schon dein System aufgrüstet?!:

Zitat:

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)

SP1 und SP2 fehlen!
vlt schon ein Hintertürchen (Backdoor) wurde eingebaut?!
Ich würde an deiner Stelle statt nach Schädlingen und Fehler zu suchen, meine Daten sichern und dann einfach die Festplatte formatieren!

NtMapViewOfSection-Hook

Log-Analyse und Auswertung: NtMapViewOfSection-Hook