Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MyStart by IncrediBar.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.08.2012, 20:37   #1
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Hallo ihr Lieben,

habe ein Problem mit MyStart. Dieser Mist taucht seit neustem bei mir auf. Hier im Forum habe ich schon einiges davon gefunden. Vielleicht findet sich ja jemand, der mir helfen kann. Ich wäre so dankbar=).

Liebe Grüße

Hier schon einmal die Daten aus OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2012 19:15:03 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Moritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,49 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 74,08% Memory free
6,33 Gb Paging File | 5,76 Gb Available in Paging File | 90,91% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 47,51 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive D: | 275,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: IBM | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.29 18:55:37 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
PRC - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.08.29 14:38:20 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.07.29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.06.13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.06.03 19:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010.06.03 13:59:18 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2010.05.12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010.04.26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.29 14:38:40 | 000,564,832 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012.08.29 14:38:35 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
MOD - [2012.08.29 14:38:20 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.07.29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
MOD - [2012.06.19 09:59:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d572db4771ac231d1b8d48f0dfce8434\System.ServiceProcess.ni.dll
MOD - [2012.06.19 09:44:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab0994687c88f164ad7c606b5b28ca70\System.Drawing.ni.dll
MOD - [2012.06.19 09:43:27 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a98e59f3c930e4b03745a4cccf5b098\PresentationFramework.ni.dll
MOD - [2012.06.19 01:18:25 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef25d83169e05d54f5cf285a75ce48ef\PresentationCore.ni.dll
MOD - [2012.05.14 09:59:18 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\7aebd724177da669c220511fa92cc397\System.Management.ni.dll
MOD - [2012.05.13 18:45:00 | 005,452,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\eea1b0b895dd62b859e13aec9244b2a3\System.Xml.ni.dll
MOD - [2012.05.13 18:43:39 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8e548491ad04913823c568e7d425e91\PresentationFramework.Luna.ni.dll
MOD - [2012.05.13 18:42:45 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e34280bfe8193d570438b8e98f822e\WindowsBase.ni.dll
MOD - [2012.05.13 18:42:25 | 007,966,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\481536081a21882832e89d4822ed859c\System.ni.dll
MOD - [2012.05.13 18:42:06 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8dc422cd4e42c96cba2bb2c042b78576\mscorlib.ni.dll
MOD - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
MOD - [2010.08.15 08:37:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.05.25 10:57:38 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2010.05.12 01:25:00 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll
MOD - [2010.05.12 01:25:00 | 000,061,952 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL
MOD - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010.05.12 01:25:00 | 000,044,544 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.07.29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.07.19 21:21:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.06.03 13:59:18 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.05.25 10:57:26 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010.05.12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.29 14:38:38 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010.10.07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010.06.01 13:51:58 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.06.01 13:51:56 | 000,993,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.05.19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010.05.12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010.05.12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010.03.17 22:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.07 21:05:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/08/15 16:18:21] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb178?a=6R8DbHQhri&i=26
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290412_4_vs&babsrc=SP_ss&mntrId=6ce77dbb0000000000000018de64f0c6
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={F95773B9-AB0F-4B77-A55C-1D9155D8B739}&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&lang=de&ds=AVG&pr=fr&d=2012-08-02 19:25:55&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8DbHQhri&i=26
IE - HKCU\..\SearchScopes\{EB259329-AD46-49E1-9C7A-295ABB3B777D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B3d1168d0-9989-408b-bdff-4deaf7908fde%7D&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&ds=AVG&v=12.2.5.32&lang=de&pr=fr&d=2012-08-02%2019%3A25%3A55&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\12.2.5.32\ [2012.08.29 14:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox [2012.08.25 23:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 21:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.17 13:29:35 | 000,000,000 | ---D | M]
 
[2012.08.27 13:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Extensions
[2012.08.28 22:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions
[2012.08.25 23:30:17 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com
[2012.05.09 21:22:48 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\toolbar@stumbleupon.com
[2010.08.19 22:05:48 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\conduit.xml
[2012.08.27 13:19:21 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\icqplugin.xml
[2012.08.25 23:30:03 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\MyStart Search.xml
[2012.08.25 23:46:25 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\Search_Results.xml
[2012.05.06 16:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.06 16:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2012.08.29 14:38:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\12.2.5.32
[2012.08.25 23:30:09 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAMME\WEB ASSISTANT\FIREFOX
[2012.07.19 21:21:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.06 16:52:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 14:38:11 | 000,003,769 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.09 21:19:28 | 000,002,351 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.05.06 16:52:22 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.05.06 16:52:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.06 16:52:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 23:46:25 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2012.05.06 16:52:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.06 16:52:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/410
 
O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Programme\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF255275-771E-48A4-A8AD-01DC9707E7AD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\cdbxpp.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaw.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaws.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.14 07:22:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.29 18:55:37 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
[2012.08.29 14:38:38 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012.08.28 22:13:51 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012.08.28 22:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012
[2012.08.28 22:13:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TuneUp Software
[2012.08.28 22:12:41 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2012
[2012.08.28 22:12:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.08.28 22:11:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.28 22:02:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.08.28 22:02:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Thunderbird
[2012.08.25 23:30:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\eType
[2012.08.25 23:30:09 | 000,000,000 | ---D | C] -- C:\Programme\Web Assistant
[2012.08.21 20:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Desktop\Österreich
[2012.08.19 15:21:50 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Download Assistant
[2012.08.19 13:23:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Application Data
[2012.08.02 19:25:50 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.29 19:12:51 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\Defogger.exe
[2012.08.29 19:06:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\defogger_reenable
[2012.08.29 19:02:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.29 18:55:37 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
[2012.08.29 18:45:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.29 18:00:34 | 105,217,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.08.29 14:38:38 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012.08.29 13:37:12 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.08.29 13:36:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.29 13:36:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.28 22:13:47 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.28 22:13:47 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012.08.25 23:30:20 | 000,000,450 | ---- | M] () -- C:\user.js
[2012.08.21 20:55:44 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.20 23:13:17 | 003,518,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.19 15:21:50 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Download Assistant.lnk
[2012.08.17 13:29:36 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012.08.02 19:09:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.29 19:12:51 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\Defogger.exe
[2012.08.29 19:06:42 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\defogger_reenable
[2012.08.28 23:12:04 | 001,371,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.08.28 22:13:47 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.28 22:13:47 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012.08.28 22:13:45 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012.lnk
[2012.08.25 23:30:18 | 000,000,450 | ---- | C] () -- C:\user.js
[2012.03.17 13:26:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.31 20:33:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.05.04 18:40:55 | 000,000,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\.recently-used.xbel
[2011.02.22 22:39:31 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.17 20:21:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010.09.19 16:12:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.08.15 09:27:51 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.08.29 14:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2012.07.04 21:32:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2012.05.09 21:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.08.27 13:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.07.04 21:22:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.08.15 16:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.06.18 21:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Merscom
[2012.08.29 18:00:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.05.09 19:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.08.15 16:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.08.28 22:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.08.15 16:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2012.08.28 22:11:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.04 21:27:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\AVG Secure Search
[2012.07.04 21:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\AVG2012
[2012.05.09 21:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Babylon
[2012.05.10 17:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.22 19:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\CheckPoint
[2012.05.09 19:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.25 23:34:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\eType
[2012.03.21 23:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\FreeAudioPack
[2011.05.04 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\gtk-2.0
[2012.03.21 23:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\ICQ
[2012.06.18 21:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Merscom
[2012.05.21 12:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\PDAppFlex
[2012.05.06 16:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\searchquband
[2012.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.09 21:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon
[2010.08.15 14:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TeamViewer
[2012.08.28 22:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Thunderbird
[2012.08.28 22:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TuneUp Software
[2012.06.19 22:11:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\YoudaGames
[2012.07.01 16:33:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job
[2012.08.29 13:37:12 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2012 19:15:03 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Moritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,49 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 74,08% Memory free
6,33 Gb Paging File | 5,76 Gb Available in Paging File | 90,91% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 47,51 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive D: | 275,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: IBM | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CE851D7-DD98-489A-9227-5BBE08E7064B}" = ThinkVantage Fingerprint Software
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.AccessR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.AccessR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.AccessR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.AccessR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.AccessR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Das Vermächtnis - Der Baum des Lebens_is1" = Das Vermächtnis - Der Baum des Lebens (1.00)
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.AccessR" = Microsoft Access 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 5" = TeamViewer 5
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.05.2012 12:23:24 | Computer Name = IBM | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 05.05.2012 12:23:24 | Computer Name = IBM | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 05.05.2012 12:23:24 | Computer Name = IBM | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
[ System Events ]
Error - 02.08.2012 14:20:31 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:21:01 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:21:31 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:22:01 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:22:31 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:23:01 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:23:31 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 14:24:01 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 02.08.2012 16:55:03 | Computer Name = IBM | Source = DCOM | ID = 10010
Description = Der Server "{7160A13D-73DA-4CEA-95B9-37356478588A}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 28.08.2012 11:53:23 | Computer Name = IBM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-29 21:22:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9SA00 rev.MB4IC60H
Running: bwe9nb8c.exe; Driver: C:\DOKUME~1\Moritz\LOKALE~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeKey [0xA86FE004]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeMultipleKeys [0xA86FE0D4]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xA86FDD76]
SSDT            \??\C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)                                                              ZwQueryValueKey [0xB9A62258]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xA86FDE1E]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xA86FDEBA]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xA86FDF56]

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Programme\CyberLink\PowerDVD9\000.fcl                                                                                     section is writeable [0xA78AA000, 0x2892, 0xE8000020]
.vmp2           C:\Programme\CyberLink\PowerDVD9\000.fcl                                                                                     entry point in ".vmp2" section [0xA78CD050]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                       avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                      wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                      wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 29.08.2012, 22:41   #2
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com





1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________

Alt 30.08.2012, 16:26   #3
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Vielen dank für deine Antwort=)...
Hier einmal die mbam-logdatei:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Moritz :: IBM [Administrator]

30.08.2012 16:36:07
mbam-log-2012-08-30 (16-36-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249750
Laufzeit: 48 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und hier adw:

# AdwCleaner v2.000 - Datei am 08/30/2012 um 17:28:06 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Moritz - IBM
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Moritz\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Web Assistant Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\DOKUME~1\Moritz\LOKALE~1\Temp\Searchqu.ini
Datei Gefunden : C:\DOKUME~1\Moritz\LOKALE~1\Temp\searchqutoolbar-manifest.xml
Datei Gefunden : C:\DOKUME~1\Moritz\LOKALE~1\Temp\SetupDataMngr_Searchqu.exe
Datei Gefunden : C:\DOKUME~1\Moritz\LOKALE~1\Temp\Uninstall.exe
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Programme\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\DOKUME~1\Moritz\LOKALE~1\Temp\avg@toolbar
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gefunden : C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\AVG Secure Search
Ordner Gefunden : C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\eType
Ordner Gefunden : C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\searchquband
Ordner Gefunden : C:\Programme\AVG Secure Search
Ordner Gefunden : C:\Programme\Conduit
Ordner Gefunden : C:\Programme\Gemeinsame Dateien\AVG Secure Search
Ordner Gefunden : C:\Programme\Web Assistant

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DSNR Labs
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb178?a=6R8DbHQhri&i=26
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={F95773B9-AB0F-4B77-A55C-1D9155D8B739}&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&lang=de&ds=AVG&pr=fr&d=2012-08-02 19:25:55&v=12.2.5.32&sap=nt

*************************

AdwCleaner[R1].txt - [8933 octets] - [30/08/2012 17:28:06]

########## EOF - C:\AdwCleaner[R1].txt - [8993 octets] ##########
__________________

Alt 30.08.2012, 20:35   #4
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Lasse SUPERAntiSpyware laufen: http://www.trojaner-board.de/51871-a...tispyware.html


dann:

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 22:22   #5
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



hier einmal der log von SaS:

Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/30/2012 at 11:18 PM

Application Version : 5.5.1012

Core Rules Database Version : 9154
Trace Rules Database Version: 6966

Scan type       : Complete Scan
Total Scan Time : 00:57:56

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 536
Memory threats detected   : 0
Registry items scanned    : 34853
Registry threats detected : 0
File items scanned        : 49426
File threats detected     : 25

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Moritz\Cookies\NRSRDLO4.txt [ /mediaplex.com ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\0QKX6L02.txt [ /unitymedia.de ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\HUGZAZAM.txt [ /tracking.quisma.com ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\1D885DTT.txt [ /avgtechnologies.112.2o7.net ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\8Q38WJSY.txt [ /www.zanox-affiliate.de ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\7E19FBTW.txt [ /fastclick.net ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\K3ELX5D2.txt [ /apmebf.com ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\Q2FO4TOD.txt [ /adfarm1.adition.com ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\EQJGWH32.txt [ /doubleclick.net ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\CVS1O10R.txt [ /zanox-affiliate.de ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\YTW3EK9R.txt [ /ad.dyntracker.de ]
	C:\Dokumente und Einstellungen\Moritz\Cookies\46KM0V5Q.txt [ /ad.yieldmanager.com ]
	.xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\MORITZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EIT2IL27.DEFAULT\COOKIES.SQLITE ]
         
habe gerade versucht den adwcleaner zu starten, allerdings hat mein avg den raus geschmissen, weil er den als bedrohung ansah.. is det normal??
danke nochmal für deine unterstützung


Alt 31.08.2012, 15:13   #6
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



AVG deaktivieren, nochmal versuchen.
__________________
--> MyStart by IncrediBar.com

Alt 31.08.2012, 18:29   #7
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



adw:

# AdwCleaner v2.000 - Datei am 08/31/2012 um 19:24:47 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Moritz - IBM
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Moritz\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Programme\Gemeinsame Dateien\AVG Secure Search

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [9062 octets] - [30/08/2012 17:28:06]
AdwCleaner[S2].txt - [723 octets] - [31/08/2012 19:24:47]

########## EOF - C:\AdwCleaner[S2].txt - [782 octets] ##########

Alt 31.08.2012, 23:57   #8
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Ist incredi noch da?
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 11:18   #9
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



jup, leider immer noch...

Alt 01.09.2012, 16:58   #10
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



In welchem Browser?


CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 17:25   #11
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



ist mozilla firefox

Inhalt aus OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.09.2012 18:14:53 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Moritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,49 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 79,26% Memory free
6,33 Gb Paging File | 5,86 Gb Available in Paging File | 92,57% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 47,23 Gb Free Space | 63,38% Space Free | Partition Type: NTFS
Drive D: | 275,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: IBM | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.01 18:12:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
PRC - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.06.03 19:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010.06.03 13:59:18 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2010.05.25 10:57:26 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010.05.12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010.04.26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
MOD - [2012.06.19 09:59:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d572db4771ac231d1b8d48f0dfce8434\System.ServiceProcess.ni.dll
MOD - [2012.06.19 09:44:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab0994687c88f164ad7c606b5b28ca70\System.Drawing.ni.dll
MOD - [2012.06.19 09:43:27 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a98e59f3c930e4b03745a4cccf5b098\PresentationFramework.ni.dll
MOD - [2012.06.19 01:18:25 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef25d83169e05d54f5cf285a75ce48ef\PresentationCore.ni.dll
MOD - [2012.05.14 09:59:18 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\7aebd724177da669c220511fa92cc397\System.Management.ni.dll
MOD - [2012.05.13 18:45:00 | 005,452,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\eea1b0b895dd62b859e13aec9244b2a3\System.Xml.ni.dll
MOD - [2012.05.13 18:43:39 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8e548491ad04913823c568e7d425e91\PresentationFramework.Luna.ni.dll
MOD - [2012.05.13 18:42:45 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e34280bfe8193d570438b8e98f822e\WindowsBase.ni.dll
MOD - [2012.05.13 18:42:25 | 007,966,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\481536081a21882832e89d4822ed859c\System.ni.dll
MOD - [2012.05.13 18:42:06 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8dc422cd4e42c96cba2bb2c042b78576\mscorlib.ni.dll
MOD - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
MOD - [2010.08.15 08:37:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.05.12 01:25:00 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll
MOD - [2010.05.12 01:25:00 | 000,061,952 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL
MOD - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010.05.12 01:25:00 | 000,044,544 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.31 19:12:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2010.10.19 15:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.10.19 15:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010.10.19 15:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.06.03 13:59:18 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.05.25 10:57:26 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010.05.12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.05.12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.08.29 14:38:38 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010.10.07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010.06.01 13:51:58 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.06.01 13:51:56 | 000,993,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.05.19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010.05.12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010.05.12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010.03.17 22:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.07 21:05:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/08/15 16:18:21] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{EB259329-AD46-49E1-9C7A-295ABB3B777D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={F95773B9-AB0F-4B77-A55C-1D9155D8B739}&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&lang=de&ds=AVG&pr=fr&d=2012-08-02 19:25:55&v=12.2.5.32&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.31 19:12:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.17 13:29:35 | 000,000,000 | ---D | M]
 
[2012.08.27 13:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Extensions
[2012.08.28 22:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions
[2012.08.25 23:30:17 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com
[2012.05.09 21:22:48 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\toolbar@stumbleupon.com
[2010.08.19 22:05:48 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\conduit.xml
[2012.08.27 13:19:21 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\icqplugin.xml
[2012.08.25 23:30:03 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\MyStart Search.xml
[2012.08.25 23:46:25 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\Search_Results.xml
[2012.05.06 16:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.06 16:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2012.08.31 19:12:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.06 16:52:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 19:12:07 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.05.06 16:52:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.06 16:52:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.06 16:52:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.06 16:52:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/410
 
O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Programme\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.14 07:22:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 16:34:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Moritz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.29 18:55:37 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
[2012.08.29 14:38:38 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012.08.28 22:13:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TuneUp Software
[2012.08.28 22:12:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.08.28 22:11:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.28 22:02:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.08.28 22:02:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Thunderbird
[2012.08.21 20:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Desktop\Österreich
[2012.08.19 15:21:50 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Download Assistant
[2012.08.19 13:23:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Moritz\Application Data
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 18:12:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Moritz\Desktop\OTL.exe
[2012.09.01 17:45:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 16:33:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2012.09.01 15:00:29 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.01 15:00:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.01 15:00:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.01 14:58:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.01 12:13:53 | 105,493,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.08.31 23:22:43 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.08.31 19:14:34 | 000,511,265 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\adwcleaner.exe
[2012.08.31 14:15:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 4489ae7e-d217-49ee-b218-d8ebcf632d9d.job
[2012.08.30 22:15:47 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c6d22d3c-2675-4cbf-ab3f-5379af8f02bd.job
[2012.08.30 16:34:25 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Moritz\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.29 19:21:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\bwe9nb8c.exe
[2012.08.29 19:12:51 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\Defogger.exe
[2012.08.29 19:06:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\defogger_reenable
[2012.08.29 14:38:38 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012.08.21 20:55:44 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.20 23:13:17 | 003,518,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.19 15:21:50 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Download Assistant.lnk
[2012.08.17 13:29:36 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012.08.02 19:09:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.01 13:37:45 | 001,371,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.08.31 19:14:33 | 000,511,265 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\adwcleaner.exe
[2012.08.30 22:15:47 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 4489ae7e-d217-49ee-b218-d8ebcf632d9d.job
[2012.08.30 22:15:46 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c6d22d3c-2675-4cbf-ab3f-5379af8f02bd.job
[2012.08.29 19:21:52 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\bwe9nb8c.exe
[2012.08.29 19:12:51 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\Defogger.exe
[2012.08.29 19:06:42 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\defogger_reenable
[2012.03.17 13:26:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.31 20:33:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.05.04 18:40:55 | 000,000,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\.recently-used.xbel
[2011.02.22 22:39:31 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.17 20:21:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010.09.19 16:12:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.08.15 09:27:51 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Moritz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.07.04 21:32:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2012.07.04 21:22:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.08.15 16:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.06.18 21:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Merscom
[2012.09.01 12:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.05.09 19:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.08.15 16:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.08.28 22:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.08.15 16:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2012.08.28 22:11:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.04 21:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\AVG2012
[2012.05.10 17:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.22 19:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\CheckPoint
[2012.05.09 19:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.21 23:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\FreeAudioPack
[2011.05.04 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\gtk-2.0
[2012.03.21 23:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\ICQ
[2012.06.18 21:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Merscom
[2012.05.21 12:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\PDAppFlex
[2012.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.09 21:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon
[2010.08.15 14:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TeamViewer
[2012.08.28 22:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Thunderbird
[2012.08.28 22:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TuneUp Software
[2012.06.19 22:11:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\YoudaGames
[2012.09.01 16:33:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job
[2012.09.01 15:00:29 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012.08.31 14:15:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 4489ae7e-d217-49ee-b218-d8ebcf632d9d.job
[2012.08.30 22:15:47 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c6d22d3c-2675-4cbf-ab3f-5379af8f02bd.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.08.19 17:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Adobe
[2012.07.04 21:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\AVG2012
[2012.05.10 17:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.22 19:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\CheckPoint
[2012.05.09 19:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.12.22 00:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\CyberLink
[2011.02.22 22:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\DivX
[2012.03.21 23:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\FreeAudioPack
[2012.07.15 17:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Google
[2011.05.04 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\gtk-2.0
[2012.03.21 23:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\ICQ
[2010.08.14 08:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Identities
[2010.08.15 15:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\InstallShield
[2011.01.17 12:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Intel
[2010.08.15 09:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Macromedia
[2012.05.06 15:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Malwarebytes
[2012.06.18 21:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Merscom
[2012.08.19 13:23:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Microsoft
[2010.08.15 15:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla
[2012.05.21 12:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\PDAppFlex
[2012.08.31 23:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Skype
[2011.06.23 01:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\skypePM
[2012.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.09 21:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon
[2010.08.25 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Sun
[2010.08.15 14:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TeamViewer
[2012.08.28 22:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Thunderbird
[2012.08.28 22:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\TuneUp Software
[2010.08.15 08:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\WinRAR
[2012.06.19 22:11:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\YoudaGames
 
< %APPDATA%\*.exe /s >
[2012.08.19 15:18:49 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
 
< %SYSTEMDRIVE%\*.exe >
[2012.05.09 19:03:47 | 002,500,792 | ---- | M] () -- C:\AdobeDownloadAssistant.exe
[2012.05.09 21:19:06 | 000,886,136 | ---- | M] (R&E Media) -- C:\OdfAddInForOfficeSetup-de_4.0.5309.exe
 
< MD5 for: AGP440.SYS  >
[2007.10.29 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2007.10.29 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.22 15:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\DRIVERS\WIN\IMSM\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2007.10.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2007.10.29 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.08.14 08:57:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.08.14 08:57:32 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.08.14 08:57:32 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
<           >

< End of report >
         
--- --- ---

Alt 02.09.2012, 10:01   #12
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
MOD - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 
SRV - [2012.08.29 14:38:32 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) 
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) 
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) 
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) 
DRV - File not found [Kernel | System | Stopped] -- -- (Changer) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\URLSearchHook: - No CLSID value found 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\SearchScopes\{EB259329-AD46-49E1-9C7A-295ABB3B777D}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={F95773B9-AB0F-4B77-A55C-1D9155D8B739}&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&lang=de&ds=AVG&pr=fr&d=2012-08-02 19:25:55&v=12.2.5.32&sap=ku&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. 
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Programme\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found 
O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-1390067357-113007714-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2010.08.14 07:22:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () 
MsConfig - State: "startup" - 2 

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2012.08.29 19:21:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Desktop\bwe9nb8c.exe 
 
[2012.08.25 23:30:17 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com 
[2012.08.25 23:30:03 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\MyStart Search.xml 
[2010.08.19 22:05:48 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\conduit.xml 
[2012.08.27 13:19:21 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\icqplugin.xml 
[2012.08.25 23:46:25 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\Search_Results.xml 
[2012.05.06 16:52:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.05.06 16:52:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml 
[2012.05.06 16:52:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.05.06 16:52:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.05.06 16:52:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml 
[2010.09.19 16:12:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat 

:Files
C:\Users\Moritz\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Moritz\AppData\Local\Temp\*.exe
C:\Users\Moritz\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 11:22   #13
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



All processes killed
========== OTL ==========
Service vToolbarUpdater12.2.6 stopped successfully!
Service vToolbarUpdater12.2.6 deleted successfully!
C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EB259329-AD46-49E1-9C7A-295ABB3B777D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB259329-AD46-49E1-9C7A-295ABB3B777D}\ not found.
HKU\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: "https://isearch.avg.com/search?cid={F95773B9-AB0F-4B77-A55C-1D9155D8B739}&mid=cf7aa820f81447d0950cd15198801935-4facaca91274da536b81c674f64a30a965825ed9&lang=de&ds=AVG&pr=fr&d=2012-08-02 19:25:55&v=12.2.5.32&sap=ku&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-113007714-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Dokumente und Einstellungen\Moritz\Desktop\bwe9nb8c.exe moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\MyStart Search.xml moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Mozilla\Firefox\Profiles\eit2il27.default\searchplugins\Search_Results.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\WINDOWS\system32\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Moritz\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Moritz\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Moritz\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Dokumente und Einstellungen\Moritz\Anwendungsdaten\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
C:\Dokumente und Einstellungen\Moritz\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Moritz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 2201912 bytes
->Temporary Internet Files folder emptied: 33177 bytes

User: Moritz
->Temp folder emptied: 1251786308 bytes
->Temporary Internet Files folder emptied: 1718742 bytes
->Java cache emptied: 618215 bytes
->FireFox cache emptied: 50311744 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 56970 bytes

User: NetworkService
->Temp folder emptied: 2132840 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2932109 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69396434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.318,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09022012_121513

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 02.09.2012, 14:27   #14
t'john
/// Helfer-Team
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 15:38   #15
Liisa
 
MyStart by IncrediBar.com - Standard

MyStart by IncrediBar.com



der läuft gut, allerdings is mystart imma noch da=(..

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Moritz :: IBM [Administrator]

02.09.2012 15:56:48
mbam-log-2012-09-02 (15-56-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 247948
Laufzeit: 40 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v2.000 - Datei am 09/02/2012 um 16:39:58 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Moritz - IBM
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Moritz\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Programme\Gemeinsame Dateien\AVG Secure Search

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [9905 octets] - [30/08/2012 17:28:06]
AdwCleaner[S2].txt - [850 octets] - [31/08/2012 19:24:47]
AdwCleaner[R2].txt - [774 octets] - [02/09/2012 16:39:58]

########## EOF - C:\AdwCleaner[R2].txt - [833 octets] ##########

Antwort

Themen zu MyStart by IncrediBar.com
avg secure search, avg security toolbar, cdburnerxp, dankbar, document, driver./avg, fontcache, forum, gefunde, google earth, incredibar.com, javaws.exe, lenovo, liebe, lieben, mystart, mystart by incredibar.com, problem, remote control, secure search, taucht, vtoolbarupdater, windows internet



Ähnliche Themen: MyStart by IncrediBar.com


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 06.05.2013 (11)
  3. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  5. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 14.10.2012 (17)
  6. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  7. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  8. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  9. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  10. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. MySTart by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  12. MyStart incredibar
    Log-Analyse und Auswertung - 23.07.2012 (1)
  13. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  14. Mystart Incredibar
    Log-Analyse und Auswertung - 16.07.2012 (7)
  15. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  16. Mystart by incredibar
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  17. mystart.incredibar.com
    Log-Analyse und Auswertung - 07.06.2012 (9)

Zum Thema MyStart by IncrediBar.com - Hallo ihr Lieben, habe ein Problem mit MyStart. Dieser Mist taucht seit neustem bei mir auf. Hier im Forum habe ich schon einiges davon gefunden. Vielleicht findet sich ja jemand, - MyStart by IncrediBar.com...
Archiv
Du betrachtest: MyStart by IncrediBar.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.