Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg

fritz95 · 27.11.2010, 18:56

Hi Leute. Hab gehört, dass ihr die Logs von Malwarebytes und OTL braucht, um mir sagen zu können, ob alles O.K. ist. Danke im Vorraus für eure Hilfe

Hier ist das von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5189

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.11.2010 20:03:12
mbam-log-2010-11-25 (20-03-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 318538
Laufzeit: 1 Stunde(n), 0 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Fritz\AppData\Local\UXSMV30.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dlewasiwitaf (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvacudegem (Trojan.Agent.U) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Fritz\AppData\Local\UXSMV30.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\Fritz\AppData\Local\Temp\65B6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Local\Temp\65D6.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Local\Temp\err.log2314462 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Roaming\Adobe\plugs\KB2359639.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Roaming\Adobe\plugs\KB2345131.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Roaming\Adobe\plugs\KB2427125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Local\Temp\0.0022797743124970404.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Fritz\AppData\Local\ejodokezezocoh.dll (Trojan.Agent.U) -> Delete on reboot.

Hier das erste von OLT:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.11.2010 20:53:46 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Fritz\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 156,75 Gb Free Space | 67,31% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 71,78 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: Fritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.25 20:53:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fritz\Downloads\OTL.exe
PRC - [2010.10.28 18:55:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.10.27 13:20:45 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.25 20:53:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fritz\Downloads\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010.11.03 11:45:12 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 11:45:12 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010.11.23 21:16:09 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.21 16:50:34 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura)
DRV:64bit: - [2010.04.26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.02 14:55:38 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.05.05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.07.24 11:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {70EE213A-F41A-4BA8-9682-2FFDFCC15149}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.28 18:55:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.28 18:55:19 | 000,000,000 | ---D | M]
 
[2010.04.14 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\mozilla\Extensions
[2010.11.25 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\nbkto5wg.default\extensions
[2010.10.11 14:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\nbkto5wg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.15 14:26:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\nbkto5wg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 22:02:31 | 000,001,056 | ---- | M] () -- C:\Users\Fritz\AppData\Roaming\Mozilla\FireFox\Profiles\nbkto5wg.default\searchplugins\icqplugin.xml
[2010.11.25 20:09:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.14 15:15:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.24 16:53:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.24 16:53:15 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.24 16:53:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.24 16:53:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.24 16:53:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [  Malwarebytes Anti-Malware   (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPPOLL] C:\Program Files (x86)\Topro\tppoll.exe ()
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Fritz\AppData\Local\Apps\2.0\MMR7PAMB.09P\8OBG5NCC.0YE\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [Dlewasiwitaf] C:\Users\Fritz\AppData\Local\UXSMV30.DLL File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKCU..\Run: [Yvacudegem] C:\Users\Fritz\AppData\Local\ejodokezezocoh.DLL File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.25 18:57:13 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Malwarebytes
[2010.11.25 18:57:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.25 18:57:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.25 18:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.25 18:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.25 18:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.11.25 17:52:12 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149}
[2010.11.17 13:44:25 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Amazon
[2010.11.17 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010.11.13 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BZFTrainer
[2010.11.05 23:33:04 | 000,000,000 | ---D | C] -- C:\Games
[2010.11.05 23:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Two Worlds Pinball
[2010.11.01 14:50:22 | 000,000,000 | ---D | C] -- C:\Users\Fritz\Desktop\profilbilder
[2010.10.31 20:35:58 | 000,000,000 | ---D | C] -- C:\Users\Fritz\Desktop\letzter flugtag 2010
[2010.10.27 12:45:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 12:45:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 12:45:41 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 12:45:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 12:45:40 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 12:45:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 12:45:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 12:44:44 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.25 20:08:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.25 20:07:59 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.25 19:16:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.25 18:57:06 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.25 18:30:20 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 18:30:20 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 18:23:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.25 18:06:46 | 000,001,231 | ---- | M] () -- C:\Users\Fritz\Desktop\Revo Uninstaller.lnk
[2010.11.23 21:16:09 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.22 13:23:59 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.22 13:23:59 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.22 13:23:59 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.22 13:23:59 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.22 13:23:59 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.19 19:28:07 | 000,155,737 | ---- | M] () -- C:\Users\Fritz\Desktop\P1040497.JPG
[2010.11.17 19:57:12 | 000,181,969 | ---- | M] () -- C:\Users\Fritz\Desktop\P1040630.JPG
[2010.11.13 14:36:47 | 000,001,920 | ---- | M] () -- C:\Users\Fritz\Desktop\BZF Trainer 2010.lnk
[2010.11.06 17:29:12 | 000,369,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.04 00:23:12 | 000,034,680 | ---- | M] () -- C:\Users\Fritz\Desktop\augen fliegen.pdf
[2010.10.31 20:42:58 | 000,199,936 | ---- | M] () -- C:\Users\Fritz\Desktop\P1040732.JPG
[2010.10.31 20:41:48 | 000,205,061 | ---- | M] () -- C:\Users\Fritz\Desktop\P1040702.JPG
[2010.10.27 19:22:41 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.25 18:57:06 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.25 18:06:46 | 000,001,231 | ---- | C] () -- C:\Users\Fritz\Desktop\Revo Uninstaller.lnk
[2010.11.17 19:56:20 | 000,205,061 | ---- | C] () -- C:\Users\Fritz\Desktop\P1040702.JPG
[2010.11.17 19:53:53 | 000,181,969 | ---- | C] () -- C:\Users\Fritz\Desktop\P1040630.JPG
[2010.11.17 14:54:01 | 000,155,737 | ---- | C] () -- C:\Users\Fritz\Desktop\P1040497.JPG
[2010.11.16 21:47:59 | 000,199,936 | ---- | C] () -- C:\Users\Fritz\Desktop\P1040732.JPG
[2010.11.13 14:36:47 | 000,001,920 | ---- | C] () -- C:\Users\Fritz\Desktop\BZF Trainer 2010.lnk
[2010.11.04 00:23:12 | 000,034,680 | ---- | C] () -- C:\Users\Fritz\Desktop\augen fliegen.pdf
[2010.08.26 12:10:50 | 001,523,712 | ---- | C] () -- C:\Windows\SysWow64\ToproVC.dll
[2010.08.26 12:10:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\camlib.dll
[2010.08.16 19:41:45 | 001,355,903 | ---- | C] () -- C:\Windows\UnInstallSiemensAdsl.dll
[2010.05.14 15:18:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.30 23:28:42 | 000,000,554 | ---- | C] () -- C:\Users\Fritz\AppData\Roaming\wklnhst.dat
[2010.04.14 11:42:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2010.04.14 11:32:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.04.14 11:32:00 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
< End of report >

--- --- ---

Und das zweite von OLT (Danke nochmal

)OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.11.2010 20:53:46 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Fritz\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 156,75 Gb Free Space | 67,31% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 71,78 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: Fritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4D72C47A-8A8C-49C4-BFAC-34EC5D65183B}" = Siemens ADSL Router USB Driver
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{6FCB49E0-C0FF-11D7-A015-00055DF4E7AC}" = USB PC Camera Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BlueJ_is1" = BlueJ 3.0.2
"BZFTrainer2010_is1" = BZFTrainer2010_1.2.0.0
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"FSX  Sirocco GTX  132 ft. Motoryacht" = FSX  Sirocco GTX  132 ft. Motoryacht
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 Premium D" = MAGIX Music Maker 15 Premium 15.0.1.8 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"pc-profi-Chart_de2010_is1" = pc-profi-Chart_de2010
"Revo Uninstaller" = Revo Uninstaller 1.90
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2010 15:43:27 | Computer Name = Notebook | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.11.2010 07:34:02 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.11.2010 07:34:02 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.11.2010 09:34:21 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = Programm BZFTrainer2010.exe, Version 1.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1268    Startzeit: 01cb8336f8d1c1ae    Endzeit: 6    Anwendungspfad: 
C:\Program Files (x86)\BZFTrainer\BZFTrainer2010.exe    Berichts-ID: a976db0f-ef2a-11df-9f48-b59bebc96bd0
 
 
Error - 13.11.2010 17:03:33 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel:
 0x46fadb14  Name des fehlerhaften Moduls: multiplayer.dll, Version: 10.0.61637.0,
 Zeitstempel: 0x46fadb58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0007bf66  ID des fehlerhaften
 Prozesses: 0x8bc  Startzeit der fehlerhaften Anwendung: 0x01cb834b55b53b7a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Microsoft Flight
 Simulator X\fsx.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft
 Games\Microsoft Flight Simulator X\multiplayer.dll  Berichtskennung: 78ea0d58-ef69-11df-9f48-b59bebc96bd0
 
Error - 13.11.2010 20:44:51 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.11.2010 20:44:51 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.11.2010 11:14:34 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.11.2010 11:14:34 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.11.2010 11:29:15 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel:
 0x46fadb14  Name des fehlerhaften Moduls: fsui.dll, Version: 10.0.61637.0, Zeitstempel:
 0x46fadb59  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0007d302  ID des fehlerhaften Prozesses:
 0x5b0  Startzeit der fehlerhaften Anwendung: 0x01cb840ed8c67ac1  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Microsoft Flight
 Simulator X\fsui.dll  Berichtskennung: efc92455-f003-11df-ba50-af39e11b65d2
 
[ Media Center Events ]
Error - 17.09.2010 08:32:31 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 14:32:27 - Fehler beim Herstellen der Internetverbindung.  14:32:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.09.2010 09:32:38 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 15:32:38 - Fehler beim Herstellen der Internetverbindung.  15:32:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.09.2010 09:32:54 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 15:32:44 - Fehler beim Herstellen der Internetverbindung.  15:32:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.09.2010 10:33:24 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 16:33:24 - Fehler beim Herstellen der Internetverbindung.  16:33:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.09.2010 10:33:43 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 16:33:30 - Fehler beim Herstellen der Internetverbindung.  16:33:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.09.2010 07:12:35 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:12:35 - Fehler beim Herstellen der Internetverbindung.  13:12:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.09.2010 07:12:46 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 13:12:40 - Fehler beim Herstellen der Internetverbindung.  13:12:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2010 08:28:51 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 14:28:51 - Fehler beim Herstellen der Internetverbindung.  14:28:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2010 08:29:06 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 14:28:56 - Fehler beim Herstellen der Internetverbindung.  14:28:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2010 09:33:45 | Computer Name = Notebook | Source = MCUpdate | ID = 0
Description = 15:33:32 - MCEClientUX konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ OSession Events ]
Error - 28.06.2010 10:34:13 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2010 17:10:48 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2010 17:11:06 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.10.2010 14:44:06 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2010 14:44:12 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 23.10.2010 14:51:34 | Computer Name = Notebook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 23.10.2010 14:51:35 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2010 19:47:58 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.10.2010 06:19:07 | Computer Name = Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.10.2010 06:19:07 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.10.2010 06:19:12 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.10.2010 06:34:17 | Computer Name = Notebook | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
 
Error - 24.10.2010 06:52:31 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

--- --- ---

cosinus · 27.11.2010, 21:04

Hallo und

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
O4 - HKCU..\Run: [Dlewasiwitaf] C:\Users\Fritz\AppData\Local\UXSMV30.DLL File not found
O4 - HKCU..\Run: [Yvacudegem] C:\Users\Fritz\AppData\Local\ejodokezezocoh.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\Shell - "" = AutoRun
O33 - MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
[2010.11.25 17:52:12 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149}
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

fritz95 · 27.11.2010, 21:47

Hi, vielen Dank für die Willkommensgrüße

Ebenfalls Danke für deine seeehr schnelle Hilfe. Hat scheinabr alles gefunzt

Hier is das Log:

All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dlewasiwitaf not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yvacudegem not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149}\chrome\content folder moved successfully.
C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149}\chrome folder moved successfully.
C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fritz
->Temp folder emptied: 168344555 bytes
->Temporary Internet Files folder emptied: 57309645 bytes
->Java cache emptied: 2650677 bytes
->FireFox cache emptied: 103055196 bytes
->Flash cache emptied: 98305 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121737270 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 509085788 bytes

Total Files Cleaned = 918,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11272010_213541

Files\Folders moved on Reboot...
C:\Users\Fritz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 27.11.2010, 22:01

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

fritz95 · 27.11.2010, 22:22

Hier ist die Datei:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L500D
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 192):
0x0325B000 \SystemRoot\system32\ntoskrnl.exe
0x03212000 \SystemRoot\system32\hal.dll
0x00BB7000 \SystemRoot\system32\kdcom.dll
0x00CFC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D09000 \SystemRoot\system32\PSHED.dll
0x00D1D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EA1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F45000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F54000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBE000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x00E0F000 \SystemRoot\System32\drivers\partmgr.sys
0x00E24000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E2D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E39000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E4E000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E55000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E65000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E7F000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E88000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E93000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01127000 \SystemRoot\system32\drivers\fileinfo.sys
0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113B000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013E2000 \SystemRoot\System32\drivers\pcw.sys
0x013F3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014CA000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0148B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01648000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x016C2000 \SystemRoot\System32\Drivers\spldr.sys
0x016CA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01704000 \SystemRoot\System32\Drivers\mup.sys
0x01716000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0171F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01759000 \SystemRoot\system32\DRIVERS\disk.sys
0x0176F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0179F000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01490000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0162A000 \SystemRoot\System32\Drivers\Null.SYS
0x01633000 \SystemRoot\System32\Drivers\Beep.SYS
0x0163A000 \SystemRoot\System32\drivers\vga.sys
0x015BC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017DF000 \SystemRoot\System32\drivers\watchdog.sys
0x017EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015EA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01199000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00DD7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x014BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03893000 \SystemRoot\system32\drivers\afd.sys
0x0391D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03962000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0396B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03991000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x039A7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x039B6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039D1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03800000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03851000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0385D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03868000 \SystemRoot\System32\drivers\discache.sys
0x03AA2000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AD1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03AF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B19000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C10000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04227000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0431B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04361000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0461C000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x04749000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04756000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0478F000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04799000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x047A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04600000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04385000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043A3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043B2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04611000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04613000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03B2E000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x03B35000 \SystemRoot\system32\DRIVERS\avmaura.sys
0x03B52000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03B62000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03B9C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04618000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A3B000 \SystemRoot\system32\DRIVERS\ks.sys
0x03A7E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04E38000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04E92000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04EA7000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04ED7000 \SystemRoot\system32\drivers\portcls.sys
0x04F14000 \SystemRoot\system32\drivers\drmk.sys
0x04F36000 \SystemRoot\system32\drivers\ksthunk.sys
0x05600000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x057DF000 \SystemRoot\System32\drivers\Dxapi.sys
0x04F3C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x057EB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04F59000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04F65000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04F70000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04F83000 \SystemRoot\System32\Drivers\usbvideo.sys
0x057F9000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x04FB1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x04FBF000 \SystemRoot\system32\drivers\luafv.sys
0x04FE2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x04E00000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E21000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05EFE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05F51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05F64000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05F7C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x05E00000 \SystemRoot\system32\drivers\HTTP.sys
0x05EC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05EE6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0663A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06688000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x066AB000 \SystemRoot\system32\drivers\peauth.sys
0x06751000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0675C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06789000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0679B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06C07000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C6E000 \SystemRoot\System32\DRIVERS\srv.sys
0x76E70000 \Windows\System32\ntdll.dll
0x47D30000 \Windows\System32\smss.exe
0xFF190000 \Windows\System32\apisetschema.dll
0xFF8D0000 \Windows\System32\autochk.exe
0xFF100000 \Windows\System32\difxapi.dll
0xFEEF0000 \Windows\System32\ole32.dll
0xFEEA0000 \Windows\System32\Wldap32.dll
0xFECC0000 \Windows\System32\setupapi.dll
0xFEC90000 \Windows\System32\imm32.dll
0xFEC40000 \Windows\System32\ws2_32.dll
0xFEAC0000 \Windows\System32\urlmon.dll
0xFEAB0000 \Windows\System32\nsi.dll
0xFE9E0000 \Windows\System32\usp10.dll
0xFE8B0000 \Windows\System32\wininet.dll
0xFE780000 \Windows\System32\rpcrt4.dll
0x77040000 \Windows\System32\psapi.dll
0xFE6E0000 \Windows\System32\msvcrt.dll
0xFD950000 \Windows\System32\shell32.dll
0x77030000 \Windows\System32\normaliz.dll
0xFD8B0000 \Windows\System32\clbcatq.dll
0xFD7D0000 \Windows\System32\oleaut32.dll
0x76D50000 \Windows\System32\kernel32.dll
0xFD750000 \Windows\System32\shlwapi.dll
0xFD740000 \Windows\System32\lpk.dll
0xFD630000 \Windows\System32\msctf.dll
0xFD610000 \Windows\System32\sechost.dll
0xFD5F0000 \Windows\System32\imagehlp.dll
0xFD580000 \Windows\System32\gdi32.dll
0xFD4E0000 \Windows\System32\comdlg32.dll
0xFD280000 \Windows\System32\iertutil.dll
0xFD1A0000 \Windows\System32\advapi32.dll
0x76C50000 \Windows\System32\user32.dll
0xFD160000 \Windows\System32\wintrust.dll
0xFD0F0000 \Windows\System32\KernelBase.dll
0xFD0D0000 \Windows\System32\devobj.dll
0xFCF60000 \Windows\System32\crypt32.dll
0xFCF20000 \Windows\System32\cfgmgr32.dll
0xFCE80000 \Windows\System32\comctl32.dll
0xFCE70000 \Windows\System32\msasn1.dll
0x76650000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
428 csrss.exe
508 C:\Windows\System32\wininit.exe
528 csrss.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
908 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1012 C:\Windows\System32\atiesrxx.exe
320 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\atieclxx.exe
1308 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\spoolsv.exe
1532 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1552 C:\Windows\System32\svchost.exe
1684 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1724 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
1800 C:\Windows\System32\svchost.exe
1836 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
1872 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1880 C:\Windows\System32\conhost.exe
1028 C:\Windows\System32\TODDSrv.exe
1796 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1984 C:\Program Files\TOSHIBA\TECO\TecoService.exe
1948 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2440 C:\Windows\System32\SearchIndexer.exe
2728 C:\Windows\System32\dwm.exe
2752 C:\Windows\System32\taskhost.exe
2764 C:\Windows\explorer.exe
3052 C:\Windows\System32\svchost.exe
204 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
844 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
580 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
284 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2196 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2316 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2496 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2596 C:\Program Files\TOSHIBA\TECO\TEco.exe
3096 C:\Program Files\Microsoft Security Essentials\msseces.exe
3172 C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
3312 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3324 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3436 C:\Program Files (x86)\ICQ7.2\ICQ.exe
3544 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
3648 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3736 C:\Users\Fritz\AppData\Local\Apps\2.0\MMR7PAMB.09P\8OBG5NCC.0YE\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe
3752 WmiPrvSE.exe
3196 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3224 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
680 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3332 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3348 C:\Program Files (x86)\Topro\tppoll.exe
2084 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4048 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
2516 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4400 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4696 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5024 C:\Windows\servicing\TrustedInstaller.exe
5104 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4204 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
4248 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
2772 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
4824 C:\Windows\System32\svchost.exe
4476 C:\Windows\System32\audiodg.exe
2820 C:\Windows\System32\taskeng.exe
5000 <unknown>
3904 <unknown>
2812 C:\Windows\System32\svchost.exe
4872 C:\Users\Fritz\Desktop\MBRCheck.exe
2552 C:\Windows\System32\conhost.exe
3112 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`51700000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 00400018

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

cosinus · 27.11.2010, 22:37

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

fritz95 · 28.11.2010, 00:41

Hi, hier wär die Log-Datei von Malwarebytes. Die von SUPERAntiSpyware kommt bald...

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5202

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.11.2010 00:39:48
mbam-log-2010-11-28 (00-39-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 311100
Laufzeit: 1 Stunde(n), 50 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

fritz95 · 28.11.2010, 04:24

Und hier die Log-Datei von SUPERAntiSpyware (Dankeschön

)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/28/2010 at 03:52 AM

Application Version : 4.46.1000

Core Rules Database Version : 5920
Trace Rules Database Version: 3733

Scan type : Complete Scan
Total Scan Time : 03:03:45

Memory items scanned : 790
Memory threats detected : 0
Registry items scanned : 14253
Registry threats detected : 0
File items scanned : 173387
File threats detected : 36

Adware.Tracking Cookie
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@ad.adnet[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@ad2.adfarm1.adition[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@adservercentral[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@doubleclick[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@ar.atwola[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@msnportal.112.2o7[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@content.yieldmanager[4].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@statse.webtrendslive[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@mediaplex[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@tradedoubler[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@adtech[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@atwola[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@imrworldwide[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@webmasterplan[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@bs.serving-sys[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@zanox-affiliate[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@www.zanox-affiliate[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@serving-sys[3].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@zanox[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@apmebf[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@atdmt.combing[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@tracking.quisma[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@tracking.hannoversche[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@adserver.traffictrack[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@adfarm1.adition[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@sevenoneintermedia.112.2o7[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@eas.apm.emediate[2].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@free-3d-marine-screensaver.softonic[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@2o7[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@content.yieldmanager[5].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@ad.zanox[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@bluestreak[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@atdmt[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@ad.yieldmanager[1].txt
C:\Users\Fritz\AppData\Roaming\Microsoft\Windows\Cookies\fritz@www.adservercentral[1].txt

Trojan.Agent/Gen-Krpytik
C:\USERS\FRITZ\DOWNLOADS\RAAB_BUTTONS\RAAB_BUTTONS.EXE

cosinus · 28.11.2010, 13:16

Sieht ok aus, da wurden nur Cookies gefunden und ein Fehlalarm war dabei.
Noch Probleme oder weitere Funde in der Zwischenzeit?

fritz95 · 28.11.2010, 13:34

Nein bis jetzt nichts. Der PC is auch nicht langsamer als vor dem Virusbefall. Scheint überstanden zu sein

cosinus · 28.11.2010, 13:39

Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

27.11.2010, 22:37	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ --> Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg

28.11.2010, 13:16	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg Sieht ok aus, da wurden nur Cookies gefunden und ein Fehlalarm war dabei. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg

Plagegeister aller Art und deren Bekämpfung: Gestern Security Tool a. d. Rechner gehabt, mit Malwarebytes entfernt. Ist jetzt der ganze Virus weg