Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundesp. Trojaner auf Win7/64

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.08.2012, 12:39   #1
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Hallo zusammen!
Es tut mir fast leid, hier posten zu müssen, zumal ich nach einigen Stunden Forumlesens den Eindruck habe, als würdet ihr kaum mehr was anderes machen als Leuten ohne Ahnung zu helfen, den BP-Trojaner in den Griff zu kriegen ...
Ich hätte es auch wirklich lieber selbst gemacht, aber da ich nicht weiß wie man so ein odt-script erstellt und da es ein firmenrechner ist, der befallen ist und ich es daher schnell gelöst hätte, muss ich nun leider doch um eure Hilfe bitten.
Der Rechner ist soweit wieder benutzbar und die pup.radmin Datei wurde angeblich von Malwarebytes entfernt,
ich poste hier aber mal das log, in welchem der Fund noch ersichtlich ist und dann auch gleich das odt-log.
Für jede weitere Hilfe bin ich fürchterlich dankbar!

lg
PA



Zitat:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Brigitte :: BRIGITTE-PC [Administrator]

Schutz: Aktiviert

29.08.2012 10:36:39
mbam-log-2012-08-29 (10-36-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367036
Laufzeit: 31 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
G:\AlteFestplatte\Dokumente und Einstellungen\Privat\Desktop\Kreml.exe (PUP.Radmin) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2012 12:08:26 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Brigitte\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 73,91% Memory free
6,98 Gb Paging File | 5,96 Gb Available in Paging File | 85,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 172,69 Gb Total Space | 91,19 Gb Free Space | 52,80% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,65 Gb Free Space | 88,59% Space Free | Partition Type: FAT32
Drive G: | 292,97 Gb Total Space | 273,71 Gb Free Space | 93,43% Space Free | Partition Type: NTFS
 
Computer Name: BRIGITTE-PC | User Name: Brigitte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.29 12:06:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
PRC - [2012.08.11 16:40:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.12 09:30:48 | 018,499,968 | ---- | M] (VoipBuster) -- C:\Programme\VoipBuster.com\VoipBuster\VoipBuster.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.21 18:07:04 | 001,778,064 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2010.05.24 11:10:34 | 001,683,360 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.09.22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.05.11 10:45:18 | 000,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP UT\bin\hppusg.exe
PRC - [2003.12.24 17:35:28 | 000,150,528 | ---- | M] (shbox) -- C:\Programme\FreePDF\FreePDFA.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 13:09:38 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.13 12:42:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 12:42:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.15 06:01:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 03:25:08 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.05.15 03:24:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 03:24:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 03:24:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 03:24:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.24 11:10:38 | 000,098,720 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2010.05.24 11:10:32 | 064,661,408 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010.05.24 11:10:30 | 000,078,240 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2010.05.24 11:10:28 | 000,111,008 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.07.14 10:47:16 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.17 06:22:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.28 18:42:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.01 09:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.17 15:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 15:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 15:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 13:11:42 | 001,150,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.09.28 01:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 10 61 37 74 81 CB 01  [binary data]
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes,DefaultScope = {E715E333-1FDE-4337-AF57-5934897586E8}
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{047C3367-0651-41b0-B771-92782088329D}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{28630DF5-E5E6-46b1-8080-6D30FCC1F6A0}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{E715E333-1FDE-4337-AF57-5934897586E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{F9888BE3-8C2A-4429-8989-83CEAFC0DD67}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=AEE4A262-487D-4390-ABFC-D597BAC77D88&apn_sauid=4D55133E-67CD-4FBD-A78D-B24AB51831F0
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2010.11.11 12:55:50 | 000,000,850 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.11.199 NPI798149
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [FreePDFAssistent] C:\Programme\FreePDF\FreePDFA.exe (shbox)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe (VoipBuster)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4178EB7-C6E8-4E13-BFEA-E1F51D0BFFFB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.29 12:18:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.29 12:06:36 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2012.08.29 10:35:47 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2012.08.29 10:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.29 10:34:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 10:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.29 10:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.29 10:30:36 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\ransom_file_unlocker
[2012.08.29 10:05:06 | 000,000,000 | ---D | C] -- C:\archive_db
[2012.08.29 09:41:16 | 000,000,000 | ---D | C] -- C:\Backup
[2012.08.29 09:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.08.29 09:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.08.29 09:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012.08.29 09:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012.08.29 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012.08.21 06:19:08 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\berniiii
[2012.08.04 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\100NCD40
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.29 12:06:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2012.08.29 12:06:33 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 12:06:33 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 11:58:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.29 11:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.29 11:57:54 | 2811,535,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.29 11:41:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.29 11:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.29 09:29:15 | 000,657,592 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.29 09:29:15 | 000,618,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.29 09:29:15 | 000,130,982 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.29 09:29:15 | 000,107,198 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.28 22:57:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.18 12:35:57 | 000,473,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.13 09:45:20 | 000,000,102 | ---- | M] () -- C:\Windows\csclient.INI
[2012.08.13 09:34:50 | 000,000,107 | ---- | M] () -- C:\Windows\AMBERCS.INI
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 14:10:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.01.03 19:54:25 | 000,000,000 | ---- | C] () -- C:\Users\Brigitte\AppData\Local\{07C0B960-477F-47AD-9F37-DA4ABA75F3E7}
[2011.09.09 08:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\CSSVDT.INI
[2011.09.09 08:08:06 | 000,000,102 | ---- | C] () -- C:\Windows\csclient.INI
[2011.09.09 07:41:48 | 000,000,107 | ---- | C] () -- C:\Windows\AMBERCS.INI
[2011.07.24 17:56:44 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011.07.24 17:46:47 | 000,199,124 | ---- | C] () -- C:\Windows\hppins11.dat
[2011.07.24 17:46:47 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2011.06.20 16:16:18 | 000,007,680 | ---- | C] () -- C:\Users\Brigitte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 14:03:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.26 16:14:50 | 000,010,976 | ---- | C] () -- C:\Windows\ASTRINFO.INI
[2011.01.26 16:14:50 | 000,004,398 | ---- | C] () -- C:\Windows\HOROSKOP.INI
[2011.01.26 16:12:14 | 000,204,032 | ---- | C] () -- C:\Windows\PI.EXE
[2010.11.23 09:47:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.11.23 09:47:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.11.11 12:55:30 | 000,000,215 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2010.11.11 12:54:38 | 000,002,269 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010.11.11 12:52:13 | 000,199,121 | ---- | C] () -- C:\Windows\hppins11.dat.temp
[2010.11.11 12:52:13 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat.temp
[2010.11.11 10:57:39 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2010.11.11 10:51:25 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat
[2010.11.11 10:30:31 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.11.11 10:29:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.29 09:08:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.10.29 09:05:47 | 000,034,980 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.10.29 08:56:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.29 08:56:56 | 000,027,012 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012.04.09 10:51:17 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\AIMP3
[2012.04.09 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\GHISLER
[2011.01.30 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Medix
[2011.08.31 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\TeamViewer
[2012.06.30 14:22:49 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\VoipBuster
[2012.08.05 18:25:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.12 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Adobe
[2012.04.09 10:51:17 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\AIMP3
[2012.05.30 07:28:02 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Avira
[2012.04.09 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\GHISLER
[2011.05.18 09:18:03 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\HP
[2010.10.28 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Identities
[2010.11.12 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Macromedia
[2012.08.29 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Media Center Programs
[2011.01.30 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Medix
[2012.05.01 09:26:15 | 000,000,000 | --SD | M] -- C:\Users\Brigitte\AppData\Roaming\Microsoft
[2011.08.31 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\TeamViewer
[2011.01.27 10:42:59 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\vlc
[2012.06.30 14:22:49 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\VoipBuster
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012.07.22 15:50:20 | 000,000,174 | -HS- | M] () -- C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >

< End of report >
         
--- --- ---






OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2012 12:08:27 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Brigitte\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 73,91% Memory free
6,98 Gb Paging File | 5,96 Gb Available in Paging File | 85,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 172,69 Gb Total Space | 91,19 Gb Free Space | 52,80% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,65 Gb Free Space | 88,59% Space Free | Partition Type: FAT32
Drive G: | 292,97 Gb Total Space | 273,71 Gb Free Space | 93,43% Space Free | Partition Type: NTFS
 
Computer Name: BRIGITTE-PC | User Name: Brigitte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB4810B-7253-4FB4-A1EF-B522587131E8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{17F65DF4-AB3A-4BB8-9EB6-68AA520F372F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2ADD5DBD-4208-4315-A4C4-917C7B1A8A78}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3314921E-B1E1-45A4-BBAB-B7752175F020}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4470FB22-65A0-46EE-8D2E-F03E7AD52FE2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{44DA734C-6059-4A5E-A276-E7D4A39810D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{507E19E4-16B2-4431-8843-CDB2257126E0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5D628C72-16AA-4A77-AF52-67B89CE16739}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{672FF506-BF58-4429-B12B-D5E00F011BED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{932A9869-6CAF-4A8A-90B7-2DC036128707}" = rport=138 | protocol=17 | dir=out | app=system | 
"{94717264-DCD4-4B9A-8F95-076A9357CC6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A723950F-6E6D-487F-8085-C2CDE17F4761}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BD1E0BDC-67E6-4922-9EA5-AB43EC394988}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CE2AB2BD-DB24-4279-8F48-C425AD2AE8B5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E66D736F-162F-45CB-BC53-9C069F028880}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26C6AFBD-2B95-403A-AFBA-878301776BD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{281E22D0-5AC3-4CDD-A6D4-EF81D7B9B6F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3AC96BDD-82FF-494F-AE73-D03E128F7522}" = protocol=6 | dir=in | app=c:\program files\hp\hp ut\bin\hppusg.exe | 
"{3E6C3B62-DC95-4DE4-AA76-230C4614B0E8}" = protocol=17 | dir=in | app=c:\program files\medix\medix3\webmedix.exe | 
"{48ECDBE7-7B8A-4886-BD3B-8938A83E1EAE}" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"{5731CB85-8641-4CA5-A0B0-72E804F27D0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5D2C6B7D-E253-4160-A11E-79274D225314}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F3681BE-9852-484D-A53D-7A5C3C05E856}" = protocol=6 | dir=in | app=c:\program files\medix\autoupdate\maup.exe | 
"{69505E58-5942-4E82-ACBC-052B9D86203A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{72C5FB4D-BCD2-4D17-BCA3-1C461F80E623}" = dir=out | name=drucker | 
"{7752C3EC-329D-405A-946F-D20090748245}" = protocol=17 | dir=in | app=c:\program files\hp\hp ut\bin\hppusg.exe | 
"{92A9DA08-6F02-4BF1-952A-CB6FE8599ECC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9AD24725-C295-4FD1-8290-0581C440AA0F}" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"{A196BAAB-CD51-4CA5-ACD9-39913DEDBC99}" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"{A57C7C25-5146-45E5-BD13-C41430441BD0}" = protocol=6 | dir=in | app=c:\program files\medix\medix3\webmedix.exe | 
"{B184B5D5-65CB-4E2D-9D00-72282628B873}" = dir=in | name=drucker eingehend | 
"{E92F9A7F-2164-49CC-9197-3B6C0BFD9724}" = protocol=17 | dir=in | app=c:\program files\medix\autoupdate\maup.exe | 
"{F6013F0C-2DE5-443A-84AA-BAD12DDD441F}" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe | 
"TCP Query User{08D3B0A3-73ED-4DA9-BBC0-42A0D4AD31F8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{3054542E-3DA5-4A27-A084-6AE0A54C9653}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{43362DAA-C419-4E71-86A3-5216FF441158}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"TCP Query User{4549B7BC-910D-4445-8949-2147216F552E}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"TCP Query User{477070AD-F01A-4D38-8336-FF4313D6DD3B}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{8FE8FF1A-5A38-4F1B-BED0-9A5FC770787D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E4ECDB1E-7684-4313-A407-E4A084465B5A}C:\program files\hp\hp ut\bin\hppusg.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp ut\bin\hppusg.exe | 
"UDP Query User{00058336-945E-4DF5-B7EB-FF05B0729FE7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0502A31B-D3A2-4A4D-81C7-7F303A1A72C3}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"UDP Query User{099059CA-7550-4005-B8F9-B5F8243E2EFE}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{18E6B89A-F036-40C0-B5AA-454D5A32DA23}C:\program files\hp\hp ut\bin\hppusg.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp ut\bin\hppusg.exe | 
"UDP Query User{39EFC017-D005-4CD6-A368-7D78B219C81B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{6D81AA5C-5F45-4E69-B4C1-B1A31840A886}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{93C6442A-7826-4496-8A1F-FCD9D237E1E6}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{86BBD345-0CE6-4AB1-8ADE-FB12D86EAB90}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AFPL Ghostscript 8.00" = AFPL Ghostscript 8.00
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AIMP3" = AIMP3
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreePDF" = FreePDF 2.11
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Medix3" = Medix 3
"MedixAutoUpdate" = Medix AutoUpdate
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"telebankingMBS (C:_Program Files_ELBA5)" = telebankingMBS (C:\Program Files\ELBA5)
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.4
"VoipBuster_is1" = VoipBuster
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.08.2012 00:09:53 | Computer Name = Brigitte-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HP\digital
 imaging\{8eedb90e-6abc-42bb-ad4c-39dee05e3eea}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.08.2012 05:00:16 | Computer Name = Brigitte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001,
 Zeitstempel: 0x4f3e2d20  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003224d  ID des fehlerhaften
 Prozesses: 0xf88  Startzeit der fehlerhaften Anwendung: 0x01cd7f7b30aa0450  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 9f9e3da2-eb6e-11e1-bf19-20cf30b020e5
 
Error - 26.08.2012 03:54:28 | Computer Name = Brigitte-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HP\digital
 imaging\{8eedb90e-6abc-42bb-ad4c-39dee05e3eea}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.08.2012 12:45:51 | Computer Name = Brigitte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xc18  Startzeit der fehlerhaften Anwendung: 0x01cd8472f91f3e60  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: a8e06609-f066-11e1-98eb-20cf30b020e5
 
Error - 27.08.2012 13:19:49 | Computer Name = Brigitte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xc14  Startzeit der fehlerhaften Anwendung: 0x01cd84776eb44aae  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 679028ae-f06b-11e1-9b02-20cf30b020e5
 
Error - 29.08.2012 03:25:13 | Computer Name = Brigitte-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 04:21:56 | Computer Name = Brigitte-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 04:25:43 | Computer Name = Brigitte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066507  ID des fehlerhaften
 Prozesses: 0xb80  Startzeit der fehlerhaften Anwendung: 0x01cd85bf8bdc8864  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 1f2e81eb-f1b3-11e1-8336-20cf30b020e5
 
Error - 29.08.2012 05:14:18 | Computer Name = Brigitte-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 05:58:07 | Computer Name = Brigitte-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ System Events ]
Error - 29.08.2012 04:22:55 | Computer Name = Brigitte-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.08.2012 04:23:16 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 29.08.2012 05:13:23 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 29.08.2012 05:14:18 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 29.08.2012 05:15:18 | Computer Name = Brigitte-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.08.2012 05:15:39 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 29.08.2012 05:57:10 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 29.08.2012 05:58:07 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 29.08.2012 05:59:03 | Computer Name = Brigitte-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.08.2012 05:59:27 | Computer Name = Brigitte-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
 
< End of report >
         
--- --- ---

Geändert von PhilAndroid (29.08.2012 um 12:45 Uhr)

Alt 30.08.2012, 00:11   #2
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes,DefaultScope = {E715E333-1FDE-4337-AF57-5934897586E8} 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{047C3367-0651-41b0-B771-92782088329D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{28630DF5-E5E6-46b1-8080-6D30FCC1F6A0}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{E715E333-1FDE-4337-AF57-5934897586E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\SearchScopes\{F9888BE3-8C2A-4429-8989-83CEAFC0DD67}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=AEE4A262-487D-4390-ABFC-D597BAC77D88&apn_sauid=4D55133E-67CD-4FBD-A78D-B24AB51831F0 
IE - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O7 - HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.08.28 22:57:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 

 
:Files

C:\Users\Brigitte\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Brigitte\AppData\Local\Temp\*.exe
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 30.08.2012, 12:24   #3
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Super, danke für deine Hilfe!
Hier das OTL File:


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{047C3367-0651-41b0-B771-92782088329D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{047C3367-0651-41b0-B771-92782088329D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{28630DF5-E5E6-46b1-8080-6D30FCC1F6A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28630DF5-E5E6-46b1-8080-6D30FCC1F6A0}\ not found.
Registry key HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E715E333-1FDE-4337-AF57-5934897586E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E715E333-1FDE-4337-AF57-5934897586E8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9888BE3-8C2A-4429-8989-83CEAFC0DD67}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9888BE3-8C2A-4429-8989-83CEAFC0DD67}\ not found.
HKU\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4163303588-3965261705-1514697977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\System32\SET1F44.tmp deleted successfully.
C:\Windows\System32\SET2B94.tmp deleted successfully.
C:\Windows\System32\SET4348.tmp deleted successfully.
C:\Windows\System32\SET626C.tmp deleted successfully.
C:\Windows\System32\SET78AD.tmp deleted successfully.
C:\Windows\System32\SET80B.tmp deleted successfully.
C:\Windows\System32\SETA516.tmp deleted successfully.
C:\Windows\System32\SETB3B6.tmp deleted successfully.
C:\Windows\System32\SETCC74.tmp deleted successfully.
C:\Windows\System32\SETD0DD.tmp deleted successfully.
C:\Windows\System32\SETDC9C.tmp deleted successfully.
C:\Windows\System32\SETDF49.tmp deleted successfully.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
========== FILES ==========
C:\Users\Brigitte\AppData\Local\{07C0B960-477F-47AD-9F37-DA4ABA75F3E7} moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Brigitte\AppData\Local\Temp\1fvwautoupd.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\ApnStub.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Brigitte\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Brigitte\Desktop\cmd.bat deleted successfully.
C:\Users\Brigitte\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1014267 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Brigitte
->Temp folder emptied: 397418613 bytes
->Temporary Internet Files folder emptied: 178843998 bytes
->Flash cache emptied: 183941 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 329759783 bytes
RecycleBin emptied: 380974553 bytes
 
Total Files Cleaned = 1.229,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08302012_110833

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Hier das Malwarebytes Log:


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Brigitte :: BRIGITTE-PC [Administrator]

Schutz: Aktiviert

30.08.2012 11:22:48
mbam-log-2012-08-30 (11-22-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357827
Laufzeit: 44 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         



Und hier haben wir die ADW Notiz:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 12:18:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Brigitte - BRIGITTE-PC
# Boot Mode : Normal
# Running from : C:\Users\Brigitte\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Brigitte\AppData\LocalLow\AskToolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2826 octets] - [30/08/2012 12:18:05]

########## EOF - C:\AdwCleaner[R1].txt - [2954 octets] ##########
         


Und voilá, das ADW File nach dem Delete!


Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/30/2012 at 12:20:45
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Brigitte - BRIGITTE-PC
# Boot Mode : Normal
# Running from : C:\Users\Brigitte\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Brigitte\AppData\LocalLow\AskToolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2955 octets] - [30/08/2012 12:18:05]
AdwCleaner[S1].txt - [2822 octets] - [30/08/2012 12:20:45]

########## EOF - C:\AdwCleaner[S1].txt - [2950 octets] ##########
         

Falls was fehlt sag bitte bescheid!

danke und lg
PA
__________________

Alt 30.08.2012, 20:44   #4
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 20:29   #5
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Ist erledigt!


Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.08.2012 13:32:32

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, G:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.08.2012 13:35:00

C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5 -> h11a\h11e.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5 -> h11a\h11c.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5 -> h11a\h11a.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5 -> h11a\h11b.class 	gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5 -> h11a\h11d.class 	gefunden: Exploit.Java.Blacole!E2
G:\RECYCLER\S-1-5-18\Df18\110809115031\z4barSpInstall.exe 	gefunden: Trojan.Win32.AdInstaller.AMN!E1

Gescannt	609050
Gefunden	6

Scan Ende:	01.09.2012 13:02:44
Scan Zeit:	23:27:44
         
Ach ja, der Rechner läuft übrigens wieder einwandfrei, das hat er aber schon die ganze Zeit wieder getan.
Soweit ich es bis jetzt feststellen konnte haben auch die eigenen Dateien, also Fotos, Bilder ect. nichts abgekriegt.
Ich könnte nicht feststellen, ob der PC überhaupt noch irgend ein Problem hat, aber deswegen bin ich ja auch hier. =)


Alt 02.09.2012, 10:29   #6
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
--> Bundesp. Trojaner auf Win7/64

Alt 04.09.2012, 13:39   #7
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Hallo!
So, bin endlich dazu gekommen!
Warum sollte ich den Browser schließen bevor der Online Scanner deinstalliert wird? Oder war damit schlicht das 'purchase or 30 days free trial' fenster gemeint?
Na, wie dem auch sei, hier ist das Log!
Danke fürs anschauen und viel Freude damit!

lg
PA



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e6e446692b4d544fb3cad0bc69ae29f8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-04 11:34:33
# local_time=2012-09-04 01:34:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 8437354 8437354 0 0
# compatibility_mode=5893 16776574 100 94 8480972 98384876 0 0
# compatibility_mode=8192 67108863 100 0 447 447 0 0
# scanned=167535
# found=1
# cleaned=1
# scan_time=4788
C:\_OTL\MovedFiles\08302012_110833\C_Users\Brigitte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24d002b6-6b220cb5	a variant of Java/Exploit.CVE-2012-1723.BH trojan (deleted - quarantined)	00000000000000000000000000000000	C
         

Alt 04.09.2012, 19:36   #8
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.09.2012, 16:35   #9
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Tut mir leid dass das so lange dauert, hab momentan keine Zeit um mich um den Rechner zu kümmern, werd mich vorraussichtlich morgen drum kümmern!
Danke für deine Geduld!

Alt 09.09.2012, 23:29   #10
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Alles klar.
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.09.2012, 20:13   #11
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



bitte den thread noch nicht schließen, ich bin auf jeden Fall noch dabei! Da es nicht mein Rechner ist um den es geht gestaltet sich das alles immer etwas schwierig, aber es wird nicht mehr lang dauern!
lg
PA

Alt 22.09.2012, 18:53   #12
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Alles klar.
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.10.2012, 13:40   #13
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Hallo,
nach einem knappen Monat bin ich jetzt tatsächlich mal wieder zum Rechner gekommen, also weiter gehts!


Code:
ATTFilter
PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.


Internet Explorer 8.0 ist aktuell
Flash (11,4,402,278) ist aktuell.
Java (1,7,0,7) ist aktuell.
Adobe Reader 9,5,2,0 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version: 10,1,3
         

Auf diesem PC gibts leider allerdings nur den IE8, und ich darf auch keinen alternativen Browser draufgeben, da der Besitzer es nicht möchte. Ich hab das Plugin trotzdem mal deaktiviert, oder soll ich es besser gleich deinstallieren? Beim Plugin Check wird dasselbe angezeigt.

Alt 05.10.2012, 22:52   #14
t'john
/// Helfer-Team
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.10.2012, 18:19   #15
PhilAndroid
 
Bundesp. Trojaner auf Win7/64 - Standard

Bundesp. Trojaner auf Win7/64



Ist schon erledigt!
Danke für deine Hilfe!!
Werd mir die 'Lektüre' mal zu Gemüte führen, sieht aus als sollte ich mich mal mit sowas befassen, wurde bisher immer eher ignoriert ... =P
Jetzt werd ich mich hier wohl still und heimlich noch ne Weile rumtreiben, ist ein guter Ort!

Antwort

Themen zu Bundesp. Trojaner auf Win7/64
32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, bho, browser, converter, desktop, document, error, excel, fehler, firefox, flash player, format, google earth, helper, hewlett packard, iexplore.exe, install.exe, kaspersky, langs, logfile, ntdll.dll, pup.radmin, realtek, registry, rundll, scan, senden, svchost.exe, trojaner, udp



Ähnliche Themen: Bundesp. Trojaner auf Win7/64


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. GVU Trojaner Win7
    Log-Analyse und Auswertung - 18.08.2013 (9)
  3. GUV Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (27)
  4. GVU-Trojaner auf Win7 x64
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (5)
  5. GVU-Trojaner auf Win7
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  7. BKA Trojaner 1.13 Win7
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  8. GVU Win7 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (4)
  9. GVU Trojaner auf Win7 Pro x64
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (12)
  10. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  11. GVU Trojaner auf Win7 :-(
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (10)
  12. GVU Trojaner - Win7
    Log-Analyse und Auswertung - 06.08.2012 (12)
  13. gvu trojaner win7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  14. GVU-Trojaner, Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  15. BKA Trojaner 3.02 und 1.03 auf Win7
    Log-Analyse und Auswertung - 30.03.2012 (1)
  16. BKA Trojaner win7 pro 64 Bit
    Log-Analyse und Auswertung - 14.11.2011 (30)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema Bundesp. Trojaner auf Win7/64 - Hallo zusammen! Es tut mir fast leid, hier posten zu müssen, zumal ich nach einigen Stunden Forumlesens den Eindruck habe, als würdet ihr kaum mehr was anderes machen als Leuten - Bundesp. Trojaner auf Win7/64...
Archiv
Du betrachtest: Bundesp. Trojaner auf Win7/64 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.