Spyware verlangt Geld und Sperrt mein PC

joeflow · 29.11.2011, 20:55

Hallo zusammen,

ich bin am verzweifeln. Seit tagen komme ich nicht mehr an meinen Pc ran weil ein fenster kommplett alles blockiert.

> Achtung, aus sicherheitsgründen wurde ihr windows system blockiert

die wollen Geld von mir ! ;

Ihr seid meine letze hoffnung. Es mögen viele das Problem hier schon geschilderthaben, aber ich seteh kurz vor meiner Prüfung und muss dringend lernen ...

Ich hab euch als Hilfe mit OTL.exe meine Platte scannen lassen.

resultat :

OTL logfile created on: 29.11.2011 20:30:57 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,33 Gb Available Physical Memory | 22,01% Memory free
3,00 Gb Paging File | 1,43 Gb Available in Paging File | 47,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,95 Gb Free Space | 69,58% Space Free | Partition Type: NTFS
Drive D: | 40,65 Gb Total Space | 0,11 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 1,80 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive F: | 996,19 Mb Total Space | 958,40 Mb Free Space | 96,21% Space Free | Partition Type: NTFS

Computer Name: GO-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.29 20:29:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.08 16:25:30 | 002,462,528 | ---- | M] (Polenter - Software Solutions) -- C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.27 07:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.04.01 10:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011.04.01 10:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011.03.30 15:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.26 06:33:07 | 000,084,480 | ---- | M] (Driver-Soft Inc. ) -- C:\Users\GO\AppData\Roaming\Microsoft\svhcost.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.16 05:41:02 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.05.20 14:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.09.11 11:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.03.12 15:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2008.12.09 19:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.10.21 21:57:12 | 000,663,552 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2008.10.21 21:51:02 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.06.10 19:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2004.08.03 23:57:58 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.13 19:52:47 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.13 19:49:39 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011.10.13 19:48:17 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.13 19:47:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.13 19:47:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.13 19:46:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.13 19:46:02 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.03.30 15:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 15:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 15:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 15:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 15:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 15:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2010.07.02 08:54:58 | 002,607,872 | ---- | M] () -- C:\Program Files\IMinent Toolbar\tbcore3.dll
MOD - [2010.07.02 08:54:58 | 000,305,920 | ---- | M] () -- C:\Program Files\IMinent Toolbar\tbhelper.dll
MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.10 19:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

========== Win32 Services (SafeList) ==========

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.12.09 19:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.21 21:51:02 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.20 14:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2010.01.05 18:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.01.05 07:47:18 | 000,487,168 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2008.10.09 12:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2006.05.01 17:59:26 | 001,903,646 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctxS51.sys -- (ctxS51)
DRV - [2003.12.18 13:57:48 | 000,380,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PRISMA00.sys -- (PRISM_A00)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=7e9d6c24-1e42-4c4a-940e-6a5ee3c77b63&lcid=1031&ref=homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.08.07 17:28:09 | 000,000,000 | ---D | M]

[2011.08.14 13:22:51 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml

O1 HOSTS File: ([2011.11.06 22:48:17 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CF2E37B-D401-482E-8D9E-0B7952BE8D78}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.29 20:28:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.11.29 20:26:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2011.11.29 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011.11.29 20:12:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011.11.28 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2011.11.23 20:00:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.11.12 00:41:16 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.06 22:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.06 22:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.06 22:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.06 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.06 22:09:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2011.11.06 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Vodafone
[2011.11.06 22:08:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011.11.06 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Bytemobile
[2011.11.06 22:07:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.11.06 22:07:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011.11.06 22:07:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.11.06 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011.11.06 22:07:09 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2011.11.06 22:06:43 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2011.11.06 22:06:42 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2011.11.06 22:06:32 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011.11.06 22:06:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.11.06 22:06:32 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011.11.06 22:06:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011.11.06 22:06:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011.11.06 22:06:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011.11.06 14:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.06 14:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.11.06 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2
[2011.11.06 13:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop-Reminder 2
[2011.11.06 13:43:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CDAD57DC-1FEF-45F3-A83B-47F55B0B5889}

========== Files - Modified Within 30 Days ==========

[2011.11.29 20:29:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.11.29 20:25:59 | 000,029,738 | ---- | M] () -- C:\Users\Administrator\Desktop\OTL.zip
[2011.11.29 20:11:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 20:11:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 20:06:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.11.29 20:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.29 20:06:28 | 1207,607,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.28 22:17:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036478326-2443024755-430630678-1000Core.job
[2011.11.28 22:16:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4036478326-2443024755-430630678-1000Core.job
[2011.11.28 22:07:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036478326-2443024755-430630678-1000UA.job
[2011.11.28 22:07:35 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4036478326-2443024755-430630678-1000UA.job
[2011.11.13 20:35:49 | 000,295,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.08 21:34:29 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.08 21:34:29 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.08 21:34:29 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.08 21:34:29 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.06 22:56:01 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 22:48:17 | 000,000,878 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2011.11.06 22:48:17 | 000,000,878 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.11.06 13:43:55 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Desktop-Reminder 2.lnk

========== Files Created - No Company Name ==========

[2011.11.29 20:25:56 | 000,029,738 | ---- | C] () -- C:\Users\Administrator\Desktop\OTL.zip
[2011.11.06 22:56:01 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 22:07:33 | 000,001,413 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.11.06 22:00:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011.11.06 13:43:55 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Desktop-Reminder 2.lnk
[2011.10.11 19:15:49 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2011.10.11 19:15:49 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJX.BIN
[2011.10.11 19:15:49 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2011.10.11 19:15:49 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2011.10.11 19:15:49 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2011.10.11 19:15:49 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2011.10.11 19:14:25 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.10.11 19:14:25 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.10.11 19:14:09 | 000,565,248 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.10.11 19:14:09 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.10.11 19:14:09 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.10.11 19:14:09 | 000,245,760 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.10.11 19:14:09 | 000,241,664 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.10.11 19:14:09 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.10.11 19:14:08 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.07.06 21:41:18 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2011.07.06 21:41:17 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,295,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.26 16:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.04.23 14:02:10 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe
[2003.12.18 13:57:48 | 000,380,736 | ---- | C] () -- C:\Windows\System32\drivers\PRISMA00.sys
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll

< End of report >

OTL Extras logfile created on: 29.11.2011 20:30:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,33 Gb Available Physical Memory | 22,01% Memory free
3,00 Gb Paging File | 1,43 Gb Available in Paging File | 47,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,95 Gb Free Space | 69,58% Space Free | Partition Type: NTFS
Drive D: | 40,65 Gb Total Space | 0,11 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 1,80 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive F: | 996,19 Mb Total Space | 958,40 Mb Free Space | 96,21% Space Free | Partition Type: NTFS

Computer Name: GO-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{288487BA-D8C5-4C81-BD89-C7E49DD48E18}" = Desktop-Reminder 2
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC06B562-763A-4839-8422-F9C00BEF63E3}" = Iminent
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"aTube Catcher" = aTube Catcher
"AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.0.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Creatix V.9X DSP Data Fax Modem" = Creatix V.9X DSP Data Fax Modem
"Desktop-Reminder 2" = Desktop-Reminder 2
"facemoods" = Facemoods Toolbar
"IMBoosterARP" = Iminent
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2011 18:05:12 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20.11.2011 08:12:47 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20.11.2011 09:02:26 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = GetProcessOwner

Error - 21.11.2011 17:03:09 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 22.11.2011 15:01:17 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 22.11.2011 17:16:33 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = GetProcessOwner

Error - 23.11.2011 14:26:36 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 23.11.2011 14:45:22 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 24.11.2011 15:16:51 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 25.11.2011 17:41:22 | Computer Name = GO-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 24.11.2011 15:16:32 | Computer Name = GO-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 24.11.2011 15:16:59 | Computer Name = GO-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 25.11.2011 17:41:07 | Computer Name = GO-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 25.11.2011 17:41:30 | Computer Name = GO-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 26.11.2011 04:18:21 | Computer Name = GO-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 26.11.2011 04:18:42 | Computer Name = GO-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 27.11.2011 11:21:29 | Computer Name = GO-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 27.11.2011 11:21:52 | Computer Name = GO-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 29.11.2011 15:06:43 | Computer Name = GO-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 29.11.2011 15:07:04 | Computer Name = GO-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

< End of report >

cosinus · 30.11.2011, 16:46

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

joeflow · 01.12.2011, 12:07

Danke für die schnelle Antwort.

dashier ist nach dem scannen raus gekommen :

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.12.2011 11:58:37
mbam-log-2011-12-01 (11-58-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 317186
Laufzeit: 2 Stunde(n), 48 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\RECYCLER\s-1-5-21-3540729635-3677701961-4216683945-1006\Dd1\install_flash_player_10_2.exe (Trojan.Dropper) -> No action taken.

cosinus · 02.12.2011, 09:25

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Spyware verlangt Geld und Sperrt mein PC

Log-Analyse und Auswertung: Spyware verlangt Geld und Sperrt mein PC