Ihr windowssystem wurde aus sicherheitsgründen blockiert

bimmerfreak · 30.03.2012, 21:54

Habe mir den oben genannten virus eingefangen. wie gehe ich jetzt weiter vor? danke für die hilfe im vorraus.

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.03.2012 11:28:37 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Schatz und Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,09% Memory free
6,19 Gb Paging File | 5,26 Gb Available in Paging File | 84,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 113,01 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
Drive E: | 1,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: Schatz und Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B346597-5DB9-4BDD-A0C9-A09301000EC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7C5B4B00-1868-49DE-BAD4-DE329FE0B4F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{E940EBF6-2775-4F08-BB01-9858D0713A0A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18E86FDF-6945-4AA4-B8D4-D1753F7A424B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{2ADFBC11-741F-454D-90FF-061CE2B528BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{3CA2DE0B-780F-46EA-B2EC-3D4FAEBD5645}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{46B66A67-1641-4899-BC1B-8271D6AA7544}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7256E0FA-4B4B-4D4A-BBE1-A29156F77EDB}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{B3308504-3650-4667-9D6E-3773D4826CBA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D785E749-16B3-4A39-BD54-B8AB96CEC71E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{DE3E20E0-50B4-4D30-87BA-4F0CB6D29471}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{EA2EC944-1C10-4B09-9991-5BC52EA69D80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{17F1045E-697F-433A-A282-9E48C04894B2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{38D94D13-78F2-4B30-A748-E446ABF86A00}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{8B2E63FB-F24A-478C-A375-B2B3F38FE6B4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{C2FF50D0-29A3-4348-857C-A68FFB0EF180}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{43B02E96-7E3C-4F89-A83D-842F3A8EF18E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9700A35F-E8BE-4715-AB57-6F7944ACE47C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{9B06B295-85D5-4FEC-AE1D-AB93209CD3F7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D24407C0-092F-4B5B-90CE-E38E70DCB76B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F3D179F-BF30-4FC0-A244-009683B0E40F}" = Oracle 8.1.7 ODBC Driver for BMW Applications
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A56D0602-1968-4136-B925-B91007BEC614}" = Passware Kit Professional 11.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"1489-3350-5074-6281" = JDownloader 0.9
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"facemoods" = Facemoods Toolbar
"Google Desktop" = Google Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysadmV10" = Sysadm
"TISV10" = Tis
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 19:38:29 | Computer Name = Notebook | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.03.2012 21:52:58 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 29.03.2012 21:52:58 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.03.2012 05:13:35 | Computer Name = Notebook | Source = EventSystem | ID = 4609
Description = 
 
Error - 30.03.2012 05:14:44 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 31.12.2011 10:41:25 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.01.2012 10:11:00 | Computer Name = Notebook | Source = HTTP | ID = 15016
Description = 
 
Error - 04.01.2012 10:12:40 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.01.2012 18:45:47 | Computer Name = Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.01.2012 um 23:44:30 unerwartet heruntergefahren.
 
Error - 06.01.2012 18:45:49 | Computer Name = Notebook | Source = HTTP | ID = 15016
Description = 
 
Error - 06.01.2012 18:47:22 | Computer Name = Notebook | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022435F5ACC zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 06.01.2012 18:47:29 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 18:04:51 | Computer Name = Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2012 um 23:02:51 unerwartet heruntergefahren.
 
Error - 12.01.2012 18:04:53 | Computer Name = Notebook | Source = HTTP | ID = 15016
Description = 
 
Error - 12.01.2012 18:06:23 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.03.2012 11:28:37 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Schatz und Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,09% Memory free
6,19 Gb Paging File | 5,26 Gb Available in Paging File | 84,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 113,01 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
Drive E: | 1,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: Schatz und Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schatz und Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Programme\BisonCam\BsMnt.exe ()
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\BisonCam\BsMnt.exe ()
MOD - C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (resetWinService) -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120329.033\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120329.033\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120329.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120317.002\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1306020.00A\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1306020.00A\symefa.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1306020.00A\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1306020.00A\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1306020.00A\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1306020.00A\ccsetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1306020.00A\symds.sys (Symantec Corporation)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=_vG_AwERnH3ElTLfFsKjWXCSD-A?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50000
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.03.17 08:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.03.30 11:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 17:15:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.06.28 11:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schatz und Christian\AppData\Roaming\mozilla\Extensions
[2011.08.24 15:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schatz und Christian\AppData\Roaming\mozilla\Firefox\Profiles\od7b2n2o.default\extensions
[2012.01.08 20:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SCHATZ UND CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OD7B2N2O.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2012.03.19 17:15:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.20 21:44:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.20 21:44:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.20 21:44:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.28 16:44:48 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.20 21:44:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.20 21:44:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.20 21:44:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{C9452637-A0B2-5E70-A45C-21C084180890}] "C:\Users\Schatz und Christian\AppData\Roaming\Yfziex\apop.exe" File not found
O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SkypePM] C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\SCHATZ~1\AppData\Local\Temp\wpbt0.dll (The tale ofHyboria on a quest to avenge the murder of his father and the slaughter)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Schatz und Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 11:26:24 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Schatz und Christian\Desktop\OTL.exe
[2012.03.30 10:56:06 | 000,000,000 | ---D | C] -- C:\Users\Schatz und Christian\AppData\Local\NPE
[2012.03.23 08:17:41 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\symtdiv.sys
[2012.03.23 08:17:41 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\symnets.sys
[2012.03.23 08:17:40 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\symefa.sys
[2012.03.23 08:17:40 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\srtsp.sys
[2012.03.23 08:17:40 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\symds.sys
[2012.03.23 08:17:40 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\ironx86.sys
[2012.03.23 08:17:40 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\ccsetx86.sys
[2012.03.23 08:17:40 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1306020.00A\srtspx.sys
[2012.03.23 08:17:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1306020.00A
[2012.03.22 00:19:18 | 000,000,000 | ---D | C] -- C:\Users\Schatz und Christian\AppData\Local\CrashDumps
[2012.03.17 01:25:49 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.03.17 01:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.03.17 01:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.03.17 01:25:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012.03.17 01:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.03.17 01:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012.03.17 01:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.03.17 01:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012.03.17 01:09:53 | 118,962,048 | ---- | C] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NIS-TW-30-19-5-0-145-GE.exe
[2012.03.17 01:07:01 | 002,563,800 | ---- | C] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NPE.exe
[2012.03.17 00:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.03.17 00:54:36 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NPE25.exe
[2012.03.17 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.15 04:01:20 | 000,000,000 | ---D | C] -- C:\b78a3959f3f12f5160f0709419d147e7
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 11:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 11:29:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.03.30 11:28:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.30 11:28:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.30 11:28:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.30 11:28:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.30 11:26:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Schatz und Christian\Desktop\OTL.exe
[2012.03.30 11:23:05 | 000,100,068 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.30 11:22:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 11:22:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 11:22:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 11:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 11:21:50 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 10:54:56 | 000,100,068 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.30 01:18:43 | 000,423,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.29 10:54:14 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.03.29 10:53:56 | 002,132,117 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1306020.00A\Cat.DB
[2012.03.29 10:52:46 | 000,008,727 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1306020.00A\VT20120301.009
[2012.03.27 04:19:14 | 000,093,696 | ---- | M] () -- C:\Users\Schatz und Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.26 22:03:22 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.03.26 22:03:22 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.03.26 22:03:22 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.03.20 06:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1306020.00A\isolate.ini
[2012.03.17 19:59:17 | 115,257,517 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.17 01:20:05 | 118,962,048 | ---- | M] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NIS-TW-30-19-5-0-145-GE.exe
[2012.03.17 01:07:06 | 002,563,800 | ---- | M] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NPE.exe
[2012.03.17 00:54:45 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\Users\Schatz und Christian\Desktop\NPE25.exe
[2012.03.11 14:32:03 | 000,000,680 | ---- | M] () -- C:\Users\Schatz und Christian\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.03.30 11:21:50 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.29 10:52:46 | 002,132,117 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\Cat.DB
[2012.03.29 10:52:46 | 000,008,727 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\VT20120301.009
[2012.03.23 08:17:41 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symnetv.cat
[2012.03.23 08:17:41 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symnetv.inf
[2012.03.23 08:17:40 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symds.cat
[2012.03.23 08:17:40 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\ccsetx86.cat
[2012.03.23 08:17:40 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symnet.cat
[2012.03.23 08:17:40 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symefa.cat
[2012.03.23 08:17:40 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\srtspx.cat
[2012.03.23 08:17:40 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\srtsp.cat
[2012.03.23 08:17:40 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\iron.cat
[2012.03.23 08:17:40 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symefa.inf
[2012.03.23 08:17:40 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symds.inf
[2012.03.23 08:17:40 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symnet.inf
[2012.03.23 08:17:40 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\srtspx.inf
[2012.03.23 08:17:40 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\srtsp.inf
[2012.03.23 08:17:40 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\ccsetx86.inf
[2012.03.23 08:17:40 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\iron.inf
[2012.03.23 08:17:29 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\symvtcer.dat
[2012.03.23 08:17:29 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1306020.00A\isolate.ini
[2012.03.17 01:25:49 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.03.17 01:25:49 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.03.17 01:25:38 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.02.07 15:36:16 | 000,000,264 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.07 15:35:41 | 000,001,144 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.07 15:35:11 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.09.29 03:03:25 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.08.16 15:16:01 | 000,102,717 | ---- | C] () -- C:\Users\Schatz und Christian\AppData\Roaming\mdbu.bin
[2011.07.04 03:00:21 | 000,000,680 | ---- | C] () -- C:\Users\Schatz und Christian\AppData\Local\d3d9caps.dat
[2011.06.28 11:54:00 | 000,093,696 | ---- | C] () -- C:\Users\Schatz und Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.10.28 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Schatz und Christian\AppData\Roaming\538D1
[2011.10.28 18:33:18 | 000,000,000 | ---D | M] -- C:\Users\Schatz und Christian\AppData\Roaming\D1106
[2011.07.23 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Schatz und Christian\AppData\Roaming\Epson
[2012.02.11 17:11:28 | 000,000,000 | ---D | M] -- C:\Users\Schatz und Christian\AppData\Roaming\Passware
[2011.12.06 20:38:13 | 000,000,000 | ---D | M] -- C:\Users\Schatz und Christian\AppData\Roaming\QuickScan
[2012.03.29 23:53:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.30 11:29:59 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.30.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Schatz und Christian :: NOTEBOOK [Administrator]

31.03.2012 00:08:22
mbam-log-2012-03-31 (00-08-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189472
Laufzeit: 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> 3528 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.Agent) -> Daten: C:\Users\SCHATZ~1\AppData\Local\Temp\wpbt0.dll -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{C9452637-A0B2-5E70-A45C-21C084180890} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\Schatz und Christian\AppData\Roaming\Yfziex\apop.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Löschen bei Neustart.
C:\Users\Schatz und Christian\AppData\Local\Temp\wpbt0.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\AppData\Local\Temp\cgs8h0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\AppData\Local\Temp\cgs8h2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\AppData\Local\Temp\cgs8h3.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\AppData\Local\Temp\MEhtUqWy.exe.part (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schatz und Christian\AppData\Local\Temp\mor.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 31.03.2012, 16:25

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\SCHATZ~1\AppData\Local\Temp\wpbt0.dll (The tale ofHyboria on a quest to avenge the murder of his father and the slaughter)
O4 - HKCU..\Run: [SkypePM] C:\Users\Schatz und Christian\AppData\Local\Skype\SkypePM.exe ()
[2012.03.17 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.30 11:29:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 :Files
C:\Users\SCHATZ~1\AppData\Local\Temp\wpbt0.dll
C:\Users\Schatz und Christian\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

bimmerfreak · 01.04.2012, 16:30

"Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen."

Hat geklappt, hoffe ich...

markusg · 01.04.2012, 19:52

danke

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

bimmerfreak · 03.04.2012, 17:44

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-04-03.02 - Schatz und Christian 03.04.2012  17:20:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1577 [GMT 2:00]
ausgeführt von:: c:\users\Schatz und Christian\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\users\Schatz und Christian\Taskmgr.exe
c:\windows\system32\odbcad32.exe
c:\windows\system32\WinIo.sys
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-03 bis 2012-04-03  ))))))))))))))))))))))))))))))
.
.
2012-04-03 15:30 . 2012-04-03 15:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-01 15:16 . 2012-04-01 15:28	--------	d-----w-	C:\_OTL
2012-03-30 21:48 . 2012-03-30 21:48	--------	d-----w-	c:\users\Schatz und Christian\AppData\Roaming\Malwarebytes
2012-03-30 21:48 . 2012-03-30 21:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-30 21:48 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 08:56 . 2012-03-30 08:57	--------	d-----w-	c:\users\Schatz und Christian\AppData\Local\NPE
2012-03-21 22:19 . 2012-03-29 23:19	--------	d-----w-	c:\users\Schatz und Christian\AppData\Local\CrashDumps
2012-03-19 15:15 . 2012-03-19 15:15	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 15:15 . 2012-03-19 15:15	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 23:25 . 2012-03-26 20:04	--------	d-----w-	c:\program files\Symantec
2012-03-16 23:25 . 2012-03-26 20:03	141944	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-16 23:25 . 2012-03-17 17:40	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-03-16 23:25 . 2012-03-29 08:54	--------	d-----w-	c:\windows\system32\drivers\NIS
2012-03-16 23:25 . 2012-03-16 23:25	--------	d-----w-	c:\program files\Norton Internet Security
2012-03-16 23:24 . 2012-03-16 23:24	--------	d-----w-	c:\program files\NortonInstaller
2012-03-15 02:01 . 2012-03-15 02:01	--------	d-----w-	C:\b78a3959f3f12f5160f0709419d147e7
2012-03-13 03:57 . 2010-02-18 14:11	190464	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-03-13 03:57 . 2010-02-18 11:52	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 15:15 . 2011-06-28 09:26	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-28 08:55 . 2011-06-28 21:44	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-27 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"BsMnt"="c:\program files\BisonCam\BsMnt.exe" [2008-11-03 217088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-28 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 08:54]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 08:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyServer = http=127.0.0.1:50000
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Schatz und Christian\AppData\Roaming\Mozilla\Firefox\Profiles\od7b2n2o.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50000
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-SysadmV10 - c:\windows\unin0407.exe
AddRemove-TISV10 - c:\windows\unin0407.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-04-03 17:33
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe
c:\windows\system32\PSIService.exe
c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-03  17:37:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-03 15:37
.
Vor Suchlauf: 11 Verzeichnis(se), 116.397.875.200 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 116.303.245.312 Bytes frei
.
- - End Of File - - 956C4D9FF8B6CE8FBB5B15E46481AAAA

--- --- ---

markusg · 03.04.2012, 20:33

öffne malwarebytes, aktualisierung. updaten
dann vollständiger scan, funde löschen log posten

bimmerfreak · 05.04.2012, 13:50

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.05.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Schatz und Christian :: NOTEBOOK [Administrator]

05.04.2012 10:58:33
mbam-log-2012-04-05 (10-58-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352456
Laufzeit: 2 Stunde(n), 20 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 05.04.2012, 14:30

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

bimmerfreak · 06.04.2012, 22:17

ABBYY FineReader 9.0 Sprint ABBYY 22.07.2011 174,6MB 9.01.513.58212unbekannt
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 27.06.2011 14,0MB unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 27.06.2011 10.0.12.36notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 04.12.2011 11.1.102.55notwendig
Adobe Reader 9 - Deutsch Adobe Systems Incorporated 08.12.2008 232MB 9.0.0notwendig
Adobe Shockwave Player Adobe Systems, Inc. 27.06.2011 17,8MB 11notwendig
Azurewave Wireless LAN RaLink 08.12.2008 1,93MB 1.00.0000unbekannt
Bison Webcam Bison Webcam 14.12.2008 5,39MB 7.96.701.12aunnötig
CCleaner Piriform 05.04.2012 4,46MB 3.17
Compatibility Pack für 2007 Office System Microsoft Corporation 14.02.2012 168,6MB 12.0.6612.1000notwendig
Corel MediaOne Corel Corporation 14.12.2008 164,5MB 2.00.0000unnötig
CyberLink MakeDisc CyberLink Corp. 27.06.2011 102,6MB 3.0.2601unnötig
CyberLink MediaShow CyberLink Corp. 14.12.2008 312MB 4.1.2318unnötig
CyberLink PhotoNow CyberLink Corp. 14.12.2008 21,7MB 1.1.5615unnötig
CyberLink PowerDirector CyberLink Corp. 14.12.2008 422MB 7.0.2209bunnötig
CyberLink PowerDVD 8 CyberLink Corp. 14.12.2008 91,8MB 8.0.2217unnötig
CyberLink PowerProducer CyberLink Corp. 14.12.2008 298MB 5.1111unnötig
CyberLink YouCam CyberLink Corp. 14.12.2008 73,8MB 2.0.2305unnötig
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 22.07.2011 128,4MB 2.2.0.0notwendig
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 22.07.2011 0,36MB 1.00.0000notwendig
Epson Event Manager SEIKO EPSON CORPORATION 22.07.2011 38,8MB 2.40.0001notwendig
EPSON Scan Seiko Epson Corporation 22.07.2011 15,6MB notwendig
EPSON SX218 Series Handbuch 22.07.2011 7,65MB notwendig
EPSON SX218 Series Printer Uninstall SEIKO EPSON Corporation 22.07.2011 7,65MB notwendig
Google Chrome Google Inc. 05.04.2012 180,3MB 18.0.1025.151unnötig
Google Desktop Google 28.06.2011 61,7MB 5.9.1005.12335notwendig
Google Earth Google 28.10.2011 92,8MB 6.1.0.5001notwendig
Google Toolbar for Internet Explorer Google Inc. 15.03.2012 10,6MB 7.3.2710.138unnötig
Java(TM) 6 Update 30 Sun Microsystems, Inc. 08.12.2008 96,9MB 6.0.300notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 29.03.2012 11,5MB 1.60.1.1000
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 03.07.2011 37,0MBnotwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 29.06.2011 37,0MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.07.2011 120,3MB 4.0.30319notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.07.2011 24,5MB 4.0.30319notwendig
Microsoft Silverlight Microsoft Corporation 15.02.2012 13,2MB 4.1.10111.0notwendig
Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 08.12.2008 0,32MB 3.1.0000notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 08.12.2008 1,74MB 3.1.0000notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.02.2012 0,29MB 8.0.61001notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.02.2012 0,58MB 9.0.30729notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13.02.2012 0,58MB 9.0.30729.6161notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.03.2012 11,1MB 10.0.40219notwendig
Microsoft Works Microsoft Corporation 11.02.2012 545MB 9.7.0621notwendig
Mozilla Firefox 11.0 (x86 de) Mozilla 18.03.2012 36,1MB 11.0notwendig
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 08.12.2008 1,28MB 4.20.9848.0unbekannt
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 08.12.2008 1,28MB 4.20.9849.0unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.12.2008 1,29MB 4.20.9870.0unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.06.2011 1,34MB 4.20.9876.0unbekannt
Nero 8 Essentials Nero AG 08.12.2008 1.889MB 8.3.124notwendig
Norton Internet Security Symantec Corporation 16.03.2012 75,7MB 19.6.2.10notwendig
NVIDIA Drivers NVIDIA Corporation 02.04.2012 unbekannt
Passware Kit Professional 11.1 Passware 10.02.2012 80,5MB 11.1.4002notwendig
Picasa 2 Google, Inc. 27.06.2011 35,3MB 2.0unbekannt
PMB Sony Corporation 22.07.2011 259MB 5.2.00.03250notwendig
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 08.12.2008 1,67MB 1.00.0000notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.12.2008 9,29MB 6.0.1.5730notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 08.12.2008 1,50MB 6.0.6000.20111notwendig
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 08.12.2008 65,3MB 9.0.0unnötig
Synaptics Pointing Device Driver Synaptics 08.12.2008 14,1MB 11.1.7.0unnötig
VLC media player 1.1.10 VideoLAN 04.07.2011 81,6MB 1.1.10notwendig
Windows Live Anmelde-Assistent Microsoft Corporation 11.02.2012 1,93MB 5.000.818.6unbekannt
Windows Live Fotogalerie Microsoft Corporation 08.12.2008 21,0MB 12.0.1347.0718unbekannt
Windows Live installer Microsoft Corporation 08.12.2008 1,71MB 12.0.1471.1025unnötig
Windows Live Mail Microsoft Corporation 08.12.2008 22,6MB 12.0.1606.1023unnötig
Windows Live Messenger Microsoft Corporation 08.12.2008 30,0MB 8.5.1302.1018unnötig
Windows Live Writer Microsoft Corporation 08.12.2008 17,1MB 12.0.1370.0325unnötig
WinRAR 4.01 (32-Bit) win.rar GmbH 03.08.2011 4,03MB 4.01.0notwendig
X10 Hardware(TM) 27.06.2011 12,00KB unbekannt

03.04.2012, 20:33	#6
markusg /// Malware-holic	Ihr windowssystem wurde aus sicherheitsgründen blockiert öffne malwarebytes, aktualisierung. updaten dann vollständiger scan, funde löschen log posten __________________ --> Ihr windowssystem wurde aus sicherheitsgründen blockiert

Ihr windowssystem wurde aus sicherheitsgründen blockiert

Log-Analyse und Auswertung: Ihr windowssystem wurde aus sicherheitsgründen blockiert