Bundespolizei: Muss bezahlen um Laptop wieder richtig benutzen zu dürfen

sob · 15.03.2012, 12:49

Hallo,

ich habe ebenfalls das nun mittlerweile sehr beliebte Problem. Ich soll was bezahlen, weil ich mich auf pornografische Seiten rumgetrieben habe und angeblich noch Verbindungen zu terroristischen Aktivitäten aufweiße.

OTL Logfiles:

Code:

ATTFilter

OTL logfile created on: 15.03.2012 12:39:41 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Kaya\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,97% Memory free
3,74 Gb Paging File | 3,19 Gb Available in Paging File | 85,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 35,71 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
 
Computer Name: KAYA-PC | User Name: Kaya | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kaya\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kaya\AppData\Roaming\Mozilla\Firefox\Profiles\2po980xu.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko5.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14672
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 80 71 01 BC 73 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{485070BE-39EE-40BF-B6BC-16011495F578}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=be6ea7e3-7c68-40a3-834b-53b0e76c9622&apn_sauid=B3D2B1F8-928E-4E7F-A07A-4485B64D8011
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=14672"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU&o=14670&locale=de_DE&apn_uid=be6ea7e3-7c68-40a3-834b-53b0e76c9622&apn_ptnrs=T8&apn_sauid=B3D2B1F8-928E-4E7F-A07A-4485B64D8011&apn_dtid=YYYYYYYYDE&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.13 03:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.11 10:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaya\AppData\Roaming\mozilla\Extensions
[2012.03.10 21:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions
[2012.03.10 02:18:34 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011.08.12 21:53:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.10 21:01:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.17 20:52:48 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions\ffxtlbr@Facemoods.com
[2012.03.12 06:23:30 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Kaya\AppData\Roaming\mozilla\Firefox\Profiles\2po980xu.default\extensions\toolbar@ask.com
[2012.03.15 12:09:50 | 000,002,395 | ---- | M] () -- C:\Users\Kaya\AppData\Roaming\Mozilla\Firefox\Profiles\2po980xu.default\searchplugins\askcom.xml
[2011.11.24 23:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.24 23:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.10.31 21:21:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.07.08 08:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.17 20:52:49 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.08.10 10:59:13 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kaya\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SkypeM] C:\Users\Kaya\AppData\Local\Skype\Skype.exe (Twain Working Group)
O4 - HKCU..\Run: [Smart Projects] C:\Users\Kaya\AppData\Roaming\7C3E55.exe ()
O4 - Startup: C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr) - C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr ()
F3 - HKCU WinNT: Load - (C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr) - C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kaya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kaya\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2871B548-A531-4B4E-8ABC-009942909604}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70422D6-8B7F-43B1-92C9-AE3324CA9B9D}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 12:13:38 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Kaya\Desktop\OTL.exe
[2012.03.13 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\Kaya\Local Settings
[2012.03.10 21:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2012.03.10 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2012.03.10 21:31:30 | 000,000,000 | ---D | C] -- C:\Users\Kaya\AppData\Roaming\TuneUpMedia
[2012.03.10 21:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012.03.10 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Kaya\AppData\Roaming\OpenCandy
[2012.03.10 21:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012.03.10 21:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.03.10 21:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2012.03.10 21:25:48 | 013,844,192 | ---- | C] (DsNET Corp) -- C:\Users\Kaya\Desktop\aTube_Catcher_Setup-2.6.778.exe
[2012.03.10 21:16:32 | 000,000,000 | ---D | C] -- C:\Users\Kaya\AppData\Roaming\Jens Lorek
[2012.03.10 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2012.03.09 08:06:17 | 000,000,000 | ---D | C] -- C:\Users\Kaya\AppData\Roaming\PeaZip
[2012.03.08 22:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2012.03.08 22:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeaZip
[2012.03.08 22:07:05 | 004,932,057 | ---- | C] (Giorgio Tani                                                ) -- C:\Users\Kaya\Desktop\peazip-4.4.WINDOWS.exe
[2012.02.22 16:11:23 | 000,000,000 | ---D | C] -- C:\Users\Kaya\Desktop\Camera
[2012.02.16 15:31:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 15:31:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 15:31:40 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 15:31:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 15:31:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 15:31:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 15:31:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 15:31:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 15:31:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 15:31:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 15:31:36 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 13:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 13:47:10 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 13:47:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 13:47:04 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 12:13:41 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Kaya\Desktop\OTL.exe
[2012.03.15 12:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 12:08:22 | 1506,799,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.14 21:05:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3352874499-1472398077-3811153383-1000UA.job
[2012.03.14 18:17:27 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3352874499-1472398077-3811153383-1000Core.job
[2012.03.13 20:31:00 | 000,001,055 | ---- | M] () -- C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.9133048837833327.exe.lnk
[2012.03.13 20:31:00 | 000,001,049 | ---- | M] () -- C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8380237811902.exe.lnk
[2012.03.10 21:31:56 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2012.03.10 21:28:54 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012.03.10 21:28:52 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012.03.10 21:26:54 | 013,844,192 | ---- | M] (DsNET Corp) -- C:\Users\Kaya\Desktop\aTube_Catcher_Setup-2.6.778.exe
[2012.03.10 13:43:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.10 13:43:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 22:29:57 | 000,000,983 | ---- | M] () -- C:\Users\Kaya\Desktop\PeaZip.lnk
[2012.03.08 22:09:48 | 004,932,057 | ---- | M] (Giorgio Tani                                                ) -- C:\Users\Kaya\Desktop\peazip-4.4.WINDOWS.exe
[2012.03.06 21:37:39 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.06 21:37:39 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.06 21:37:39 | 000,388,518 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012.03.06 21:37:39 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.06 21:37:39 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012.03.06 21:37:39 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.06 21:37:38 | 001,992,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.01 15:58:08 | 015,724,895 | ---- | M] () -- C:\Users\Kaya\Desktop\EMA_SHINKAN_FJ12.pdf
[2012.02.16 16:10:24 | 000,001,154 | ---- | M] () -- C:\Users\Kaya\Desktop\Mozilla Firefox.lnk
[2012.02.16 16:00:51 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.13 20:31:00 | 000,001,055 | ---- | C] () -- C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.9133048837833327.exe.lnk
[2012.03.13 20:31:00 | 000,001,049 | ---- | C] () -- C:\Users\Kaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8380237811902.exe.lnk
[2012.03.10 21:31:56 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2012.03.10 21:28:54 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012.03.10 21:28:52 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012.03.08 22:29:57 | 000,000,983 | ---- | C] () -- C:\Users\Kaya\Desktop\PeaZip.lnk
[2012.03.01 15:58:07 | 015,724,895 | ---- | C] () -- C:\Users\Kaya\Desktop\EMA_SHINKAN_FJ12.pdf
[2012.02.16 16:10:24 | 000,001,154 | ---- | C] () -- C:\Users\Kaya\Desktop\Mozilla Firefox.lnk
[2011.10.06 15:40:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.03 12:32:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.06.03 12:32:42 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.06.03 12:32:42 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.11.21 04:24:28 | 000,040,487 | -HS- | C] () -- C:\Users\Kaya\AppData\Roaming\7C3E55.exe
 
========== LOP Check ==========
 
[2012.03.14 22:32:53 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\BitTorrent
[2012.01.31 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.08.12 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\DVDVideoSoft
[2011.08.12 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.10 21:16:32 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\Jens Lorek
[2012.03.10 21:28:58 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\OpenCandy
[2011.11.24 23:37:06 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\OpenOffice.org
[2012.03.09 08:06:20 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\PeaZip
[2012.03.12 07:57:34 | 000,000,000 | ---D | M] -- C:\Users\Kaya\AppData\Roaming\TuneUpMedia
[2012.03.14 18:17:27 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352874499-1472398077-3811153383-1000Core.job
[2012.03.14 21:05:04 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352874499-1472398077-3811153383-1000UA.job
[2011.12.27 13:29:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2012 12:39:41 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Kaya\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,97% Memory free
3,74 Gb Paging File | 3,19 Gb Available in Paging File | 85,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 35,71 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
 
Computer Name: KAYA-PC | User Name: Kaya | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.4
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"conduitEngine" = Conduit Engine 
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"facemoods" = Facemoods Toolbar
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"IsoBuster_is1" = IsoBuster 2.8.5
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.93
"SHOUTcast Source" = SHOUTcast Source (remove only)
"TuneUpMedia" = TuneUp Companion 2.4.2
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.10.2011 17:26:33 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3391992
 
Error - 14.10.2011 17:26:33 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3391992
 
Error - 14.10.2011 17:26:34 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.10.2011 17:26:34 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3393006
 
Error - 14.10.2011 17:26:34 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3393006
 
Error - 14.10.2011 17:26:35 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.10.2011 17:26:35 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3394020
 
Error - 14.10.2011 17:26:35 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3394020
 
Error - 14.10.2011 17:26:36 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.10.2011 17:26:36 | Computer Name = Kaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3395018
 
[ System Events ]
Error - 15.03.2012 07:30:16 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:30:16 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:32:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:32:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:32:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:37:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:37:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:37:22 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:39:30 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.03.2012 07:39:30 | Computer Name = Kaya-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

Ich hoffe, dass sie mir helfen können. Kenne mich nämlich nicht so gut mit PCs aus.

markusg · 15.03.2012, 13:27

wieso ist bei dir diese seite gesperrt?
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
woher stammt deine windows kopie? original?

sob · 15.03.2012, 13:33

Ehrlich gesagt, habe ich keine Ahnung. Dieser Laptop wurde gebraucht gekauft. Ist es denn ein Fake?

markusg · 15.03.2012, 13:40

hi
wir machen dein win soweit flott, aber du musst dir dringend ne eigene windows kopie kaufen, dein windows ist nicht legal da drauf gekommen
windows 7 gibts teilweise für rund 60 €
und wie gesagt, da du nie weist was an solchen versionen gedreht wurde solltest du dir ne eigene version hohlen.
bzw sag mir erst mal wie das gerät genau heißt

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr) - C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr ()
F3 - HKCU WinNT: Load - (C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr) - C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr ()
O4 - HKCU..\Run: [Smart Projects] C:\Users\Kaya\AppData\Roaming\7C3E55.exe ()
O4 - HKCU..\Run: [SkypeM] C:\Users\Kaya\AppData\Local\Skype\Skype.exe (Twain Working Group)
 :Files
C:\Users\Kaya\AppData\Roaming\7C3E55.exe
C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr) - C:\Users\Kaya\LOCALS~1\Temp\mslxajnu.scr
C:\Users\Kaya\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

sob · 15.03.2012, 14:15

Ich hab nen Toshiba. Und könntest du mir vllt. eine Win 7 Version empfehlen?

Textdokument? Auf dem Desktop sind 2 mit dem Namen "desktop.ini".

Code:

ATTFilter

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Code:

ATTFilter

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Der Upload hat leider nicht ganz so richtig geklappt geklappt, fürchte ich. Ich krieg diese Meldung "Datei nicht gefunden oder keine Leseberechtigung".. Aber den ZIP Ordner habe ich trotzdem bekommen.

Krieg auch von Avira die Meldung, dass Malware gefunden wurde.

markusg · 15.03.2012, 16:29

hi,
dann mal weiter hiermit :-)

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

sob · 15.03.2012, 22:33

Danke,
ich habs nach dem tut gemacht. Dennoc habe ich leider nun ein Problem. Ich kann keine Programme öffnen. Es kommt dann eine Meldund, die besagt: Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Bin mit meinem Handy online, denn firefox und co. kann ich auch nicht offnen.

Lg

markusg · 16.03.2012, 10:34

starte mal neu, dann gehts wieder. dann das log posten bitte

sob · 16.03.2012, 18:37

Jo, gemacht, danke. Aber weißt du, wo das Log von combofix gespeichert wird?

markusg · 18.03.2012, 18:26

auf c: müsste es liegen, combofix.txt oder evtl. log.txt

15.03.2012, 13:27	#2
markusg /// Malware-holic	Bundespolizei: Muss bezahlen um Laptop wieder richtig benutzen zu dürfen wieso ist bei dir diese seite gesperrt? O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com woher stammt deine windows kopie? original? __________________ __________________

Bundespolizei: Muss bezahlen um Laptop wieder richtig benutzen zu dürfen

Log-Analyse und Auswertung: Bundespolizei: Muss bezahlen um Laptop wieder richtig benutzen zu dürfen