Windows security center virus

ypk5 · 13.03.2012, 18:06

Servus Leute
Mir gings wie etlichen anderen hier. War gerade am surfen als plötzlich ein weißer bildschirm erscheint und danach ein angebliches Fenster von windows security welches behauptet ich hätte illegale software und müsse innerhalb der nächsten 24h stunden 100€ überweisen.
Da der virus sämtliche funktionen gesperrt hat, habe ich meinen Laptop im abgesicherten modus mit Netzwerk gestartet.
Auf der suche nach hilfe hat mich google hierhergeführt.
Nun stellt sich mri allerdings die Frage was der nächste Schritt ist.
Ich habe einen OTL-scan gemacht und bin gerade bei einem vollständigen scan mit Malwarebytes.

Würde mich über baldige Hilfe freuen

markusg · 13.03.2012, 18:14

hi,
brich den Malwarebytes scan erst mal ab und poste die otl logs bitte.

ypk5 · 13.03.2012, 18:29

Code:

ATTFilter

OTL logfile created on: 13.03.2012 18:21:17 - Run 4
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 74,02% Memory free
7,23 Gb Paging File | 6,53 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 50,63 Gb Free Space | 34,01% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 64,07 Gb Free Space | 43,37% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Meyer M2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) --  File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {2F4FE910-44BD-4AE9-99F6-1D7D43904764}
IE - HKLM\..\SearchScopes\{2F4FE910-44BD-4AE9-99F6-1D7D43904764}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {2F4FE910-44BD-4AE9-99F6-1D7D43904764}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=0912A918-FF9E-4A27-B3D6-99A6A3479155&apn_sauid=D30EB67C-2B7F-4850-92E8-4322BD64F6B9
IE - HKCU\..\SearchScopes\{2F4FE910-44BD-4AE9-99F6-1D7D43904764}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_deDE343
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEE_deDE343&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={18381C14-A05B-4952-8E6F-9ED3987E1E22}&mid=6206b2f04ad747d1a79fd157752b0a38-8bd53c73f83d2ff7f9879fa7d04d182520aa2570&lang=de&ds=tt014&pr=sa&d=2012-02-11 17:27:43&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.shortnews.de/"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Meyer M2\Desktop\Marius\Installationen\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012.03.13 14:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.25 18:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.19 11:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Users\Meyer M2\Desktop\Marius\Programme\components [2011.05.02 12:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Users\Meyer M2\Desktop\Marius\Programme\plugins [2011.10.19 11:55:55 | 000,000,000 | ---D | M]
 
[2009.09.02 13:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Extensions
[2012.03.08 14:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions
[2012.02.14 19:42:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.07 16:35:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.09 14:10:24 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010.11.24 15:21:31 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012.02.11 17:28:14 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\avg@toolbar
[2011.05.06 14:25:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\engine@conduit.com
[2011.05.02 12:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meyer M2\AppData\Roaming\mozilla\Firefox\Profiles\n4pdw7wj.default\extensions\nostmp
[2011.11.03 19:31:57 | 000,000,933 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\11-suche.xml
[2010.05.26 14:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\askcom.xml
[2010.08.02 23:50:24 | 000,000,881 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\conduit.xml
[2011.11.03 19:31:58 | 000,002,419 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 19:31:57 | 000,010,525 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\gmx-suche.xml
[2011.11.03 19:31:58 | 000,002,457 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\lastminute.xml
[2011.10.27 10:03:00 | 000,005,508 | ---- | M] () -- C:\Users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\searchplugins\webde-suche.xml
[2011.11.16 13:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.10 18:50:00 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\MEYER M2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N4PDW7WJ.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.02.25 18:52:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.25 18:52:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 15:38:15 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.25 18:52:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.25 18:52:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.25 18:52:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 18:52:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.25 18:52:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Meyer M2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [vasja] C:\Users\Meyer M2\AppData\Local\Temp\mor.exe (Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Meyer M2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Meyer M2\Desktop\Marius\Programme\ICQ\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Meyer M2\Desktop\Marius\Programme\ICQ\ICQ6.5\ICQ.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF2CE155-39DD-4B45-B1AF-A655579EC9C9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\MZVKBD3.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\KLOEHK.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Meyer M2\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Meyer M2\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13db4449-6989-11df-9c0e-001e33cfe3cb}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{392c2933-6e7a-11df-b719-001e33cfe3cb}\Shell\AutoRun\command - "" = D:\Programme\easySalesPro\USBStartmenue.exe
O33 - MountPoints2\{392c2933-6e7a-11df-b719-001e33cfe3cb}\Shell\configure\command - "" = D:\Programme\easySalesPro\USBStartmenue.exe
O33 - MountPoints2\{c046c41a-dde9-11df-93ef-001e33cfe3cb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Autostart.exe
O33 - MountPoints2\{c046c424-dde9-11df-93ef-001e33cfe3cb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Autostart.exe
O33 - MountPoints2\{d292e7c1-33fe-11df-a639-9b6f461851ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Autostart.exe
O33 - MountPoints2\{f2e76757-73fb-11df-b4a1-001e33cfe3cb}\Shell - "" = AutoRun
O33 - MountPoints2\{f2e76757-73fb-11df-b4a1-001e33cfe3cb}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{f6ed2d55-4658-11e0-aaa1-001e33cfe3cb}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ed2d55-4658-11e0-aaa1-001e33cfe3cb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fa379db4-99e3-11de-a7a1-c75ace160ac7}\Shell\AutoRun\command - "" = D:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 17:29:40 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Meyer M2\Desktop\esetsmartinstaller_enu.exe
[2012.03.13 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Meyer M2\AppData\Roaming\Malwarebytes
[2012.03.13 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.13 17:25:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.13 17:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.13 17:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.13 17:24:55 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Meyer M2\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.13 17:10:14 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Meyer M2\Desktop\OTL.exe
[2012.03.11 21:12:49 | 000,000,000 | -H-D | C] -- C:\Users\Meyer M2\Desktop\Neuer Ordner
[2012.03.08 17:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.03.08 17:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.03.03 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\Meyer M2\Desktop\F.O.O.L - Call To Krieg EP
[2012.02.25 17:49:32 | 003,889,424 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2012.02.25 17:48:41 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2012.02.25 17:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012.02.25 15:42:38 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012.02.25 14:19:41 | 000,000,000 | ---D | C] -- C:\Users\Meyer M2\AppData\Local\Akamai
[2012.02.25 14:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2012.02.13 12:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 17:29:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Meyer M2\Desktop\esetsmartinstaller_enu.exe
[2012.03.13 17:25:59 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.13 17:25:34 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Meyer M2\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.13 17:12:50 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.13 17:12:50 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.13 17:12:50 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.13 17:12:50 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.13 17:10:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Meyer M2\Desktop\OTL.exe
[2012.03.13 17:08:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.13 16:33:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.13 16:11:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.13 16:10:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 16:10:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 14:22:52 | 000,001,356 | ---- | M] () -- C:\Users\Meyer M2\AppData\Local\d3d9caps.dat
[2012.03.12 16:22:01 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Meyer M2.job
[2012.03.11 22:50:52 | 000,150,528 | ---- | M] () -- C:\Users\Meyer M2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 22:15:11 | 000,059,843 | ---- | M] () -- C:\Users\Meyer M2\Desktop\422374_301546793242803_100001624554872_836711_871071731_n.jpg
[2012.02.25 15:43:19 | 000,001,607 | ---- | M] () -- C:\Users\Meyer M2\Desktop\WolfTeam-DE.lnk
[2012.02.25 15:35:23 | 847,603,168 | ---- | M] () -- C:\Users\Meyer M2\Desktop\wolfteam_de_installer_20111102.exe
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.13 17:25:59 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.11 22:15:09 | 000,059,843 | ---- | C] () -- C:\Users\Meyer M2\Desktop\422374_301546793242803_100001624554872_836711_871071731_n.jpg
[2012.02.25 17:48:41 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2012.02.25 15:43:19 | 000,001,607 | ---- | C] () -- C:\Users\Meyer M2\Desktop\WolfTeam-DE.lnk
[2012.02.25 14:20:58 | 847,603,168 | ---- | C] () -- C:\Users\Meyer M2\Desktop\wolfteam_de_installer_20111102.exe
[2011.03.10 12:33:42 | 000,116,914 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe
[2010.12.08 15:10:46 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 15:10:46 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.11.07 10:12:41 | 000,001,356 | ---- | C] () -- C:\Users\Meyer M2\AppData\Local\d3d9caps.dat
[2010.11.06 00:18:00 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010.08.04 22:19:07 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
 
========== LOP Check ==========
 
[2010.06.09 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\DAEMON Tools Lite
[2011.09.15 19:23:39 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\DVDVideoSoft
[2010.07.09 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.10 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\FreeAudioPack
[2012.03.12 20:05:53 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\ICQ
[2010.10.07 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\Kalenderchen
[2010.06.02 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\Maytec
[2010.06.02 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\Maytec.net
[2010.10.06 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\OpenOffice.org
[2009.09.02 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\TeamViewer
[2010.05.31 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\temp
[2010.04.22 05:09:55 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\Template
[2010.11.21 11:13:56 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\Toshiba
[2010.08.05 21:03:56 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\TS3Client
[2011.12.27 15:35:12 | 000,000,000 | ---D | M] -- C:\Users\Meyer M2\AppData\Roaming\TuneUp Software
[2012.02.25 18:59:27 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2012 18:21:17 - Run 4
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 74,02% Memory free
7,23 Gb Paging File | 6,53 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 50,63 Gb Free Space | 34,01% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 64,07 Gb Free Space | 43,37% Space Free | Partition Type: NTFS
 
Computer Name: MEYERM2-PC | User Name: Meyer M2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3802202468-3237917644-3958045181-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05875CD0-5C14-402E-A357-2F81C977D481}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13234D93-FDF1-4E45-A966-0AFC24F7F663}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28F717A7-0F61-4BAB-BDED-DCD54DD7F709}" = rport=138 | protocol=17 | dir=out | app=system | 
"{31A6777F-ADC5-4F04-9B02-D77836E231C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4A497B7B-D7B7-43BC-8B04-8E45DFC64358}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4B73F909-E400-4C2E-A8DB-585CC32935C0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{531CB523-5F9C-4D11-923A-272E98E5E975}" = lport=138 | protocol=17 | dir=in | app=system | 
"{53D35B85-A36F-4636-BE4A-70558E80982D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7E85A7DF-B1CE-452E-AAFC-5FFFFE5DC6BF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{94F40AA9-54BA-4265-A1AD-B2DF2CAB2FD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9BA82526-3E38-4063-BA21-E543B5F0542A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C0AE94C-4BB2-4C41-AC39-05FABF7D976D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A3B08ADF-AA27-428B-8FEA-C8976A036E59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BFE0D412-949B-4D10-BE57-9E95866C268C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C40B8792-11B7-4FC9-A2E7-AC840A77E1AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D809419A-A313-4FCF-826C-24F4DFFB82FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DAB3BDEB-383D-4E48-871C-C601B2CCB5B4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FD01C17F-7833-4B92-83DA-AFBF3F2ACDA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BAD925-F621-44D0-BDF6-FD761197D3BB}" = protocol=17 | dir=in | app=c:\users\meyer m2\appdata\local\akamai\netsession_win.exe | 
"{0E9288C3-A779-4128-B3A8-3506EEAFE9C0}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{183D0D90-7FAD-4A73-B8D7-8EB46EE03577}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2042BA35-5785-483A-9B8F-3249667F3310}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{2A253770-3D8F-49C6-8917-9DD694CB3159}" = protocol=6 | dir=in | app=c:\users\meyer m2\desktop\marius\spiele\ls 11\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{2B1ADF98-9A8E-48FB-B552-041C11598250}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2BE4DA70-0242-4EA4-AB53-3BFEE742490C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2CA7903D-8261-46E3-B552-10E1F8AD1F08}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{382BA789-1CF7-406A-809F-172739C1BA89}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{3871A0D9-EDB3-4692-A3FA-5EF9FE98DC51}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{3C373F28-F1BD-40E3-9842-2A79762D72AD}" = protocol=17 | dir=in | app=c:\users\meyer m2\desktop\marius\spiele\ls 11\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{429C2FAC-4AAC-4ED8-8333-42E0CEAA84BF}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{43FF3CDA-6F51-4CA4-A226-05A82697862A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{65B3DD78-9B6F-4DFB-A720-63D520CF2DB2}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{6CFDC5E9-DBFF-4F38-8130-D78810A604D5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{6D588897-407B-4B80-9662-AECF3A4B5512}" = protocol=6 | dir=in | app=c:\users\meyer m2\desktop\marius\spiele\ls 11\landwirtschafts simulator 2011\game.exe | 
"{6DAD00F7-69EC-48B5-8E5B-426D9664579A}" = protocol=6 | dir=in | app=c:\users\meyer m2\appdata\local\akamai\netsession_win.exe | 
"{6FD48F23-0DBD-4AAF-AF37-90ACE8E7674D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{727B5123-8AB4-4171-AC16-BE0D4719A6FF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{738926C8-C355-4D28-A23D-E7252696FE19}" = protocol=17 | dir=in | app=c:\users\meyer m2\desktop\marius\spiele\ls 11\landwirtschafts simulator 2011\game.exe | 
"{845ED82A-5431-4C5C-A5C0-83B5C3F9F4C4}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{852BFFAC-2402-411B-8DB5-65582DCD220C}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{8621497B-93B2-426B-8BA4-10FA81978E42}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{88B598AB-9FD4-45A3-93BB-ED5DFE3EACEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{89DB5AD1-9E2E-4872-BFCF-268B852751D9}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{91CCE8FE-92DF-4BDD-B65F-11CA55679FC4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9AAEDD34-4F7A-4BE5-B723-641C135BFAC1}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{A3B68000-101C-4294-B3DE-BB09D1861BAB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{A937AFB4-B74C-4E76-8179-7F3425895858}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B1687A9B-B0D7-40E2-A787-6BB6797BFD45}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{B575893A-54DD-436A-AB90-877AEFDCC534}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B5A75C03-2ADE-4C94-832B-5C7935830917}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C4C1BA28-C3F9-4F22-A56F-4587286C40DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C72C890F-5B00-4CD9-8433-F3829C7516EC}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{CE4D9744-7CC9-4067-A41F-47E6C728CBE6}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{D6F2CEBB-50E0-44C5-9C07-C3501B1246A9}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E89E1BD5-8438-4BA0-A0B0-110FD1A6EB98}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{EE62C346-2C09-4B58-9DD0-AC00C151B0FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F3C5F065-3CA2-4D2F-B62D-05420279ACC8}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{F6A67280-77AA-4FBB-9AE1-B2B277477B68}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FF86A219-084F-45D0-8467-843AF6CE3181}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"TCP Query User{1D28B68C-133F-444B-8B7B-834505BCD28D}D:\programme\easysalespro\system\firebirdonthefly\bin\fbserver.exe" = protocol=6 | dir=in | app=d:\programme\easysalespro\system\firebirdonthefly\bin\fbserver.exe | 
"TCP Query User{1FB0CB37-4240-464A-A8F7-0138951F9C0F}C:\users\meyer m2\desktop\marius\installationen\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\meyer m2\desktop\marius\installationen\icq\icq6.5\icq.exe | 
"TCP Query User{234EBCD7-138F-40CB-94F2-A902141077BE}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{42C2D920-9E3D-474D-A54F-5A34C7F8447D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{49A25B27-A500-4237-A1E2-263D4E6FC74F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{951EFC3D-85EB-4949-A5C9-80CA31C4C19A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{AF23FB30-FE32-4EB4-B75A-05B32B7B04AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C0376D69-2D4A-4754-87AC-FF824F22FEBB}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{49BF0D9D-3272-484D-941F-546A473855A8}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{6CD4D771-2DC5-4D6D-979C-D92F4DA621BC}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{8D87E19C-1789-4A6F-9E8D-F3EDAA1DBB4B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8FCCBB0A-F3DD-4BE6-9CCB-C00F2FC01F1C}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{98518ACE-7B7E-4910-B4D8-F07F8B6C0BAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D4EC8559-CF5F-4F4C-93E9-9D556FC8703B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{D6030B32-CEA4-4E6E-A834-8AD0452A09AA}C:\users\meyer m2\desktop\marius\installationen\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\meyer m2\desktop\marius\installationen\icq\icq6.5\icq.exe | 
"UDP Query User{FBE4C3E0-55DC-4EE0-BBF5-C086823497FC}D:\programme\easysalespro\system\firebirdonthefly\bin\fbserver.exe" = protocol=17 | dir=in | app=d:\programme\easysalespro\system\firebirdonthefly\bin\fbserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{92C72ECF-B4BE-11D4-82B0-00A0C936A230}" = Dave Mirra Freestyle BMX
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DA14BB02-69C2-47A7-8D96-59472F5A9C52}" = Painkiller Black
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FDBE4583-26AB-4DBE-8263-07836871002D}" = Zoo Tycoon2  - Marine Mania Demo
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlueJ_is1" = BlueJ 3.0.2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"facemoods" = Facemoods Toolbar
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.14.305
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7.305
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.3.622
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"GXTranscoder v2" = GXTranscoder v2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"Picasa2" = Picasa 2
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Quick Search Box" = Google-Schnellsuchfeld
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.1.26
"Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"Vidalia" = Vidalia 0.2.9
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"WolfTeam-DE" = WolfTeam-DE
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Zoo Tycoon 2" = Zoo Tycoon 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2012 14:37:44 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:37:44 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:06 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:06 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:08 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:08 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:09 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 14:38:10 | Computer Name = MeyerM2-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.02.2012 17:02:06 | Computer Name = MeyerM2-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\DivXControlPanelApplet.cpl".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.02.2012 17:02:06 | Computer Name = MeyerM2-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\DivXControlPanelApplet.cpl".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 09.01.2010 13:36:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.01.2010 15:16:49 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.01.2010 15:16:49 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.01.2010 15:16:49 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.01.2010 15:16:50 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 09.01.2010 15:18:35 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 09.01.2010 15:23:57 | Computer Name = MeyerM2-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001E33CFE3CB wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 09.01.2010 15:29:25 | Computer Name = MeyerM2-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001E33CFE3CB wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 10.01.2010 12:14:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 11.01.2010 09:31:24 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

markusg · 13.03.2012, 18:32

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\Meyer M2\AppData\Local\Temp\mor.exe (Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421)
 :Files
C:\Users\Meyer M2\AppData\Local\Temp\mor.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

ypk5 · 13.03.2012, 18:47

So Computer wurde neu gestartet. Bin nicht mehr im abgesicherten modus und es scheint alles okay zu sein, da der virus nicht mehr erscheint.
Upload hat funktioniert

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Meyer M2\AppData\Local\Temp\mor.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Gast
->Flash cache emptied: 2229 bytes
 
User: ***
->Flash cache emptied: 12973 bytes
 
User: ***
->Flash cache emptied: 1141732 bytes
 
User: Public
 
Total Flash Files Cleaned = 1,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 1456544 bytes
->Temporary Internet Files folder emptied: 50336100 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4075363 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 98320 bytes
->Temporary Internet Files folder emptied: 58145775 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57662663 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 265865455 bytes
->Temporary Internet Files folder emptied: 165995634 bytes
->Java cache emptied: 166899 bytes
->FireFox cache emptied: 73163763 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81047610 bytes
RecycleBin emptied: 7291526364 bytes
 
Total Files Cleaned = 7.677,00 mb
 
 
OTL by OldTimer - Version 3.2.36.3 log created on 03132012_183510

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 13.03.2012, 18:49

danke für den upload.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

ypk5 · 13.03.2012, 19:22

Code:

ATTFilter

ComboFix 12-03-13.01 - *** 13.03.2012  18:59:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3581.2355 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-03-13 18:10 . 2012-03-13 18:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-13 17:35 . 2012-03-13 17:43	--------	d-----w-	C:\_OTL
2012-03-13 16:26 . 2012-03-13 16:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-03-13 16:25 . 2012-03-13 16:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-13 16:25 . 2012-03-13 16:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-13 16:25 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-13 14:55 . 2012-03-13 14:55	--------	d-----w-	c:\users\***\AppData\Roaming\TuneUp Software
2012-03-13 14:51 . 2012-03-13 14:51	--------	d-----w-	c:\users\***\AppData\Local\Mozilla
2012-03-13 13:35 . 2012-03-13 15:12	--------	d-----w-	c:\users\***\AppData\Roaming\tor
2012-03-13 13:35 . 2012-03-13 13:35	--------	d-----w-	c:\users\***\AppData\Roaming\Vidalia
2012-03-13 13:33 . 2012-03-13 13:35	--------	d-----w-	c:\users\***\AppData\Local\VirtualStore
2012-03-13 10:38 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{53C2367C-501B-41D2-9305-6EA0BEE884F6}\mpengine.dll
2012-03-08 16:02 . 2012-03-08 16:02	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-02-25 16:49 . 2011-08-01 16:24	3889424	----a-w-	c:\windows\system32\GameMon.des
2012-02-25 16:48 . 2005-01-01 09:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2012-02-25 16:48 . 2003-07-17 18:17	5174	----a-w-	c:\windows\system32\nppt9x.vxd
2012-02-25 16:48 . 2012-02-25 16:48	--------	d-----w-	c:\program files\Common Files\INCA Shared
2012-02-25 14:42 . 2012-02-25 14:42	--------	d-----w-	C:\AeriaGames
2012-02-25 13:19 . 2012-02-25 13:21	--------	d-----w-	c:\users\***\AppData\Local\Akamai
2012-02-25 13:18 . 2012-03-13 17:37	--------	d-----w-	c:\program files\Common Files\Akamai
2012-02-13 11:56 . 2012-03-13 13:36	--------	d-----w-	c:\programdata\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-11 09:54	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-09 10:59 . 2012-02-11 16:28	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-02-09 10:59 . 2012-02-11 16:28	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-01-30 20:45 . 2010-07-14 11:48	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2012-01-30 20:45 . 2010-07-14 11:48	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2011-12-15 14:15 . 2011-12-15 14:15	1207568	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-25 17:52 . 2011-05-02 11:23	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 14:38	1869152	----a-w-	c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-02 122368]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-08 352976]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-13 928096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-08-26 13:27	103824	----a-w-	c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"DAEMON Tools Lite"="c:\users\***\Desktop\Marius\Programme\Deamon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"jswtrayutil"="c:\program files\Jumpstart\jswtrayutil.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3802202468-3237917644-3958045181-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 14:20]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 14:20]
.
2012-03-12 c:\windows\Tasks\Norton Security Scan for Meyer M2.job
- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-25 23:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube Download - c:\users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Meyer M2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Meyer M2\AppData\Roaming\Mozilla\Firefox\Profiles\n4pdw7wj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shortnews.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Steam - c:\users\Meyer M2\Desktop\Marius\Programme\Steam\Steam.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-13 19:10
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????O??l?????W???W???W?( W?P  
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3802202468-3237917644-3958045181-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,69,6a,9c,fb,dd,60,29,06,85,8e,30,a7,f2,9c,3d,8f,78,c6,13,f6,21,10,
   1b,90,19,54,de,6b,02,71,4f,5e,d7,7f,b6,14,84,61,51,e4,1d,b5,84,26,70,22,76,\
"??"=hex:39,7a,eb,27,38,62,be,4f,24,bc,9d,2f,4e,1f,11,3a
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-13  19:14:40
ComboFix-quarantined-files.txt  2012-03-13 18:14
.
Vor Suchlauf: 11 Verzeichnis(se), 57.403.510.784 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 58.347.405.312 Bytes frei
.
- - End Of File - - 30FBD4A4D4C4B1F8E05C0B0E5B419509

markusg · 13.03.2012, 19:36

hi
malwarebytes öffnen, logdateien, alle bisherigen berichte posten.
öffnen, aktualisieren, update einspielen.
dann komplett scan bitte, log posten

ypk5 · 14.03.2012, 13:05

scan ist fertig

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.13.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: *** [Administrator]

Schutz: Deaktiviert

13.03.2012 19:38:52
mbam-log-2012-03-13 (19-38-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431798
Laufzeit: 4 Stunde(n), 13 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\03132012_183510\C_Users\***\AppData\Local\Temp\mor.exe (Spyware.Zbot.ES) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 14.03.2012, 14:10

Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

wenn fertig, bitte melden

ypk5 · 14.03.2012, 14:23

sobald ich auf updates suchen klicke kommt eine fehlermeldung.
Und zwar ein unbekannter Fehler Code8000FFFF

markusg · 14.03.2012, 18:16

ist deine windows version legal?

ypk5 · 14.03.2012, 18:21

ja sonst würde ich kaum hier um hilfe bitten ^^
Ich bin auf systemsteuerung, danach auf windwos update und habe dann die einstellungen die du mir gegeben hast eingerichtet.
Aber wenn ich nach updates suche kommt immer,dass die suche fehlgeschlagen ist aufgrund von diesem unbekannten fehler

markusg · 14.03.2012, 18:25

folgendes aus der windows hilfe
1.Klicken Sie auf Start, klicken Sie auf Ausführen, geben Sie Cmd in dem Feld Öffnen ein, unnd drücke strg+alt+enter um die eingabeaufforderung als admin zu starten
2.Geben Sie an der Eingabeaufforderung net stop wuauserv ein, und drücken Sie dann die EINGABETASTE.
3.Geben Sie rmdir /s %windir%\softwaredistribution\wuredir ein, und drücken Sie dann die EINGABETASTE.
klicke bei der nachfrage auf ja
4.Geben Sie net start wuauserv ein.
5.Verwenden Sie die Windows Update-Website erneut um Updates zu installieren.

ypk5 · 14.03.2012, 18:33

Habe ich versucht allerdings kommt sowohl bei der ersten eingabe als auch bei der zweiten eingabe zugriff verweigert.

13.03.2012, 18:14	#2
markusg /// Malware-holic	Windows security center virus hi, brich den Malwarebytes scan erst mal ab und poste die otl logs bitte. __________________ __________________

14.03.2012, 18:16	#12
markusg /// Malware-holic	Windows security center virus ist deine windows version legal? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Windows security center virus

Log-Analyse und Auswertung: Windows security center virus