Bundespolizei Virus

yara787 · 18.08.2012, 09:49

Hallo,

ich habe seit dem 14.08 eine Bundespolizei Virus auf meinem Laptop.
Ich soll 2x 50€ über Ukash überweisen und dann zwei nummern eingeben damit der wieder freigeschaltet wird.
Habe versucht das System wiederherzustellen aber das hat nicht geklappt.
habe auch die anleitung auf folgender #Seite probiert, hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html kam aber leider nicht weiter, da unter dem Shell-Schlüssel lediglich explorer.exe zu finden war.
Der Laptop ist ein Asus Laptop mit Windows Vista.

Weiß jemand wie ich den Virus vom PC bekomme?

Im moment lasse ich malewarebytes und OTL laufen poste die ergebnsse dann in meiner nächsten antwort

hier ergebnisse OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.08.2012 11:15:56 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,15% Memory free
6,25 Gb Paging File | 5,73 Gb Available in Paging File | 91,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 75,89 Gb Free Space | 50,92% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 6,83 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 99,73% Space Free | Partition Type: FAT32
 
Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\*****\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={D084DD21-A591-473e-946F-AD93D7BB3289}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=w7V3UrGxDy3yD9LC2dOZQtYFtJI?q={searchTerms}
IE - HKCU\..\SearchScopes\{816BB19B-5ED0-4644-AA0F-E173E0C4D02A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=1a837ddb-b64e-4aa0-8fb5-4e83a42740d0&apn_sauid=1DBE5BB4-A663-4A01-8978-D5414571AF6F
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=1a837ddb-b64e-4aa0-8fb5-4e83a42740d0&apn_ptnrs=^AAA&apn_sauid=1DBE5BB4-A663-4A01-8978-D5414571AF6F&apn_dtid=^YYYYYY^YY^DE&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Tanja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 22:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 22:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 11:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 13:22:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 11:36:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 13:22:57 | 000,000,000 | ---D | M]
 
[2010.01.16 14:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions
[2012.07.25 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions
[2010.10.10 20:09:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.25 14:41:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.16 13:46:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.28 14:28:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.28 14:28:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012.06.22 11:55:40 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\uhuk6u3c.default\extensions\toolbar@ask.com
[2012.08.14 16:09:05 | 000,002,404 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\askcom.xml
[2010.05.28 15:45:41 | 000,000,881 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\conduit.xml
[2012.08.09 15:11:37 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-1.xml
[2011.08.19 12:22:44 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-10.xml
[2011.08.31 15:25:49 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-11.xml
[2011.09.08 19:05:23 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-12.xml
[2011.09.08 19:06:53 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-13.xml
[2011.11.12 13:06:00 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-14.xml
[2011.12.21 21:10:58 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-15.xml
[2012.02.04 10:52:20 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-16.xml
[2012.02.09 09:22:02 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-17.xml
[2012.02.21 18:23:48 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-18.xml
[2012.03.15 11:11:54 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-19.xml
[2010.10.10 19:58:04 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-2.xml
[2012.06.16 12:34:25 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-20.xml
[2012.06.23 15:34:06 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-21.xml
[2012.07.20 12:17:05 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-22.xml
[2012.07.26 13:25:04 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-23.xml
[2010.10.22 08:53:08 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-3.xml
[2010.10.29 15:26:56 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-4.xml
[2010.12.13 00:01:28 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-5.xml
[2010.12.16 20:30:44 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-6.xml
[2011.03.24 20:13:27 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-7.xml
[2011.05.02 10:28:48 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-8.xml
[2011.06.22 23:40:34 | 000,000,950 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin-9.xml
[2010.08.08 18:15:28 | 000,001,069 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\uhuk6u3c.default\searchplugins\icqplugin.xml
[2012.06.14 13:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.06.08 21:06:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 11:36:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.22 11:55:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 11:55:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 11:55:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 11:55:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 11:55:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 11:55:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Tanja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX HiQ = C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [Atovnaudik] C:\Users\Tanja\AppData\Roaming\Aswyes\ezyqy.exe File not found
O4 - HKCU..\Run: [FilterHost] C:\Users\Tanja\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [Windows Time] rundll32.exe ",EntryPoint File not found
O4 - HKCU..\Run: [zgxwwissblgbcwm] C:\ProgramData\zgxwwiss.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Users\Tanja\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tanja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tanja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tanja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D3B09B-10D6-4A91-92AB-1BCE17B31212}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{112bea2b-40c7-11e0-817f-00248c0f34c2}\Shell - "" = AutoRun
O33 - MountPoints2\{112bea2b-40c7-11e0-817f-00248c0f34c2}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{7d0c57c5-2d5f-11e0-9a89-00248c0f34c2}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0c57c5-2d5f-11e0-9a89-00248c0f34c2}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{e3b505af-59f0-11df-a5db-00248c0f34c2}\Shell - "" = AutoRun
O33 - MountPoints2\{e3b505af-59f0-11df-a5db-00248c0f34c2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e771240a-5c62-11df-b83d-00248c0f34c2}\Shell - "" = AutoRun
O33 - MountPoints2\{e771240a-5c62-11df-b83d-00248c0f34c2}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.18 11:02:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.18 11:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Malwarebytes
[2012.08.18 11:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.18 11:02:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.18 11:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.18 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\Tanja\Desktop\Malwarebytes' Anti-Malware
[2012.08.18 10:59:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2012.08.15 11:22:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.08.14 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\qdhwidiabsnalgx
[2012.08.14 16:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.08.14 16:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.08.14 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt
[2012.08.14 16:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\dm
[2012.08.13 15:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.13 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.13 15:23:55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.13 15:23:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.13 15:22:53 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.13 15:22:53 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.01 12:08:08 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Local\PDF24
[2012.08.01 12:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.08.01 12:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.07.30 09:14:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.07.30 09:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980056C3A61A5016562F3B707C
[2012.07.30 09:06:54 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Tyky
[2012.07.30 09:06:54 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Etwaax
[2012.07.30 09:06:54 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Aswyes
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.18 11:04:45 | 000,002,631 | ---- | M] () -- C:\Users\Tanja\Desktop\Microsoft Office Word 2007.lnk
[2012.08.18 11:02:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.18 11:02:10 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.18 10:58:36 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2012.08.18 10:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 10:31:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 10:31:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 10:31:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.15 11:39:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.14 22:00:48 | 000,000,051 | ---- | M] () -- C:\ProgramData\npvftigpdlkpaph
[2012.08.14 22:00:41 | 000,057,344 | ---- | M] () -- C:\ProgramData\zgxwwiss.exe
[2012.08.14 16:55:05 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2012.08.13 15:22:23 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.13 15:22:23 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.13 12:44:35 | 000,192,512 | ---- | M] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.11 09:54:01 | 000,006,944 | ---- | M] () -- C:\Users\Tanja\AppData\Local\d3d9caps.dat
[2012.08.09 12:46:27 | 000,015,634 | ---- | M] () -- C:\Users\Tanja\.recently-used.xbel
[2012.08.09 11:24:08 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.09 11:24:08 | 000,600,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.09 11:24:08 | 000,131,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.09 11:24:08 | 000,108,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.03 15:49:14 | 000,311,257 | ---- | M] () -- C:\Users\Tanja\Desktop\LVO_Ausbildung_und_Pruefung.pdf
[2012.08.01 12:06:43 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.29 12:45:17 | 000,249,002 | ---- | M] () -- C:\Users\Tanja\Desktop\Infos Referendariat.pdf
 
========== Files Created - No Company Name ==========
 
[2012.08.18 11:02:10 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.15 11:24:35 | 000,000,958 | ---- | C] () -- C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.14 22:00:48 | 000,057,344 | ---- | C] () -- C:\ProgramData\zgxwwiss.exe
[2012.08.14 22:00:42 | 000,000,051 | ---- | C] () -- C:\ProgramData\npvftigpdlkpaph
[2012.08.14 16:55:05 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2012.08.13 09:27:41 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\80000000.@
[2012.08.12 20:30:51 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\800000cb.@
[2012.08.09 16:49:51 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\00000001.@
[2012.08.09 12:46:27 | 000,015,634 | ---- | C] () -- C:\Users\Tanja\.recently-used.xbel
[2012.08.03 15:49:14 | 000,311,257 | ---- | C] () -- C:\Users\Tanja\Desktop\LVO_Ausbildung_und_Pruefung.pdf
[2012.08.01 12:06:43 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.29 12:45:17 | 000,249,002 | ---- | C] () -- C:\Users\Tanja\Desktop\Infos Referendariat.pdf
[2012.01.11 18:44:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\@
[2012.01.11 18:44:00 | 000,002,048 | -HS- | C] () -- C:\Users\Tanja\AppData\Local\{8f608a51-ab68-08e6-ed92-7a90c683023e}\@
[2010.09.18 18:54:45 | 000,248,197 | ---- | C] () -- C:\Users\Tanja\AppData\Local\cpdkaer_nav.dat.vir
[2010.09.18 18:54:45 | 000,004,618 | ---- | C] () -- C:\Users\Tanja\AppData\Local\cpdkaer_navps.dat.vir
[2010.09.18 18:54:45 | 000,003,565 | ---- | C] () -- C:\Users\Tanja\AppData\Local\cpdkaer.dat.vir
[2010.02.02 22:15:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.27 18:14:54 | 000,006,944 | ---- | C] () -- C:\Users\Tanja\AppData\Local\d3d9caps.dat
[2009.07.20 14:44:29 | 000,000,090 | ---- | C] () -- C:\Users\Tanja\AppData\Local\ogmas.bat
[2009.03.30 19:43:35 | 000,192,512 | ---- | C] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

--- --- ---

-OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2012 11:15:56 - Run 1
-	OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\****\Desktop
-	Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
-	Internet Explorer (Version = 9.0.8112.16421)
-	Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
-	 
-	3,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,15% Memory free
-	6,25 Gb Paging File | 5,73 Gb Available in Paging File | 91,73% Paging File free
-	Paging file location(s): ?:\pagefile.sys [binary data]
-	 
-	%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
-	Drive C: | 149,04 Gb Total Space | 75,89 Gb Free Space | 50,92% Space Free | Partition Type: NTFS
-	Drive D: | 139,28 Gb Total Space | 6,83 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
-	Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 99,73% Space Free | Partition Type: FAT32
-	 
-	Computer Name: *****-PC | User Name: Tanja | Logged in as Administrator.
-	Boot Mode: SafeMode with Networking | Scan Mode: Current user
-	Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
-	 
-	========== Extra Registry (SafeList) ==========
-	 
-	 
-	========== File Associations ==========
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
-	.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
-	.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
-	 
-	[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
-	.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
-	 
-	========== Shell Spawning ==========
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
-	batfile [open] -- "%1" %*
-	cmdfile [open] -- "%1" %*
-	comfile [open] -- "%1" %*
-	cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
-	exefile [open] -- "%1" %*
-	helpfile [open] -- Reg Error: Key error.
-	hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
-	inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
-	piffile [open] -- "%1" %*
-	regfile [merge] -- Reg Error: Key error.
-	scrfile [config] -- "%1"
-	scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
-	scrfile [open] -- "%1" /S
-	txtfile [edit] -- Reg Error: Key error.
-	Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
-	Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
-	Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
-	Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
-	Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
-	Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
-	Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
-	Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
-	Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
-	Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
-	Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
-	 
-	========== Security Center Settings ==========
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
-	"cval" = 0
-	"UacDisableNotify" = 0
-	"InternetSettingsDisableNotify" = 0
-	"AutoUpdateDisableNotify" = 0
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
-	"DisableMonitoring" = 1
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
-	"DisableMonitoring" = 1
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
-	"DisableMonitoring" = 1
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
-	"AntiVirusOverride" = 0
-	"AntiSpywareOverride" = 0
-	"FirewallOverride" = 0
-	"VistaSp1" = Reg Error: Unknown registry data type -- File not found
-	"VistaSp2" = Reg Error: Unknown registry data type -- File not found
-	 
-	========== Firewall Settings ==========
-	 
-	========== Authorized Applications List ==========
-	 
-	 
-	========== HKEY_LOCAL_MACHINE Uninstall List ==========
-	 
-	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
-	"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
-	"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
-	"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
-	"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
-	"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
-	"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
-	"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
-	"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
-	"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
-	"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
-	"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
-	"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
-	"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
-	"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
-	"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
-	"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
-	"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
-	"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
-	"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
-	"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
-	"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
-	"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
-	"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
-	"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
-	"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
-	"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
-	"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
-	"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
-	"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
-	"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
-	"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
-	"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
-	"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
-	"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
-	"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
-	"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
-	"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
-	"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
-	"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
-	"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
-	"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
-	"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
-	"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
-	"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
-	"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
-	"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
-	"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
-	"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
-	"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
-	"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
-	"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
-	"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
-	"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
-	"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
-	"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
-	"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
-	"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
-	"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
-	"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
-	"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
-	"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
-	"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
-	"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
-	"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
-	"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
-	"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
-	"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
-	"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
-	"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
-	"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
-	"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
-	"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
-	"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = 
-	"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
-	"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
-	"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C92FB469-D5B7-48C6-B171-785E1126F099}" = 
-	"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
-	"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
-	"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
-	"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
-	"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
-	"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
-	"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
-	"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
-	"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
-	"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
-	"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
-	"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
-	"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
-	"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
-	"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
-	"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
-	"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
-	"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
-	"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
-	"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
-	"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
-	"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
-	"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
-	"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
-	"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
-	"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
-	"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
-	"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
-	"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
-	"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
-	"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
-	"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
-	"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
-	"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
-	"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
-	"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
-	"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
-	"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
-	"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
-	"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
-	"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
-	"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
-	"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
-	"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
-	"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
-	"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
-	"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
-	"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
-	"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
-	"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
-	"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
-	"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
-	"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
-	"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
-	"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
-	"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
-	"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
-	"76322c23820ae7473cdebbff3eceb262" = Cars
-	"7-Zip" = 7-Zip 4.65
-	"Adobe AIR" = Adobe AIR
-	"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
-	"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
-	"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
-	"Avira AntiVir Desktop" = Avira Free Antivirus
-	"AVMFBox" = AVM FRITZ!Box Dokumentation
-	"Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung
-	"CANONIJPLM100" = PIXMA Extended Survey Program
-	"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
-	"DAEMON Tools Lite" = DAEMON Tools Lite
-	"DivX Setup.divx.com" = DivX-Setup
-	"dm-Fotowelt" = dm-Fotowelt
-	"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
-	"E.M. Multilayer Image Processing SDK 1.30_is1" = E.M. Multilayer Image Processing SDK 1.30
-	"eMule" = eMule
-	"ENTERPRISE" = Microsoft Office Enterprise 2007
-	"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
-	"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.4.628
-	"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
-	"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
-	"Google Chrome" = Google Chrome
-	"Google Desktop" = Google Desktop
-	"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
-	"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
-	"ISOBURN" = ISOBURN 1.8
-	"Lernen durch Wiederholung_is1" = Lernen durch Wiederholung 6.2.3
-	"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
-	"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
-	"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
-	"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
-	"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
-	"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
-	"MozillaMaintenanceService" = Mozilla Maintenance Service
-	"NSS" = Norton Security Scan
-	"ogmas" = Favorit
-	"Picasa 3" = Picasa 3
-	"SynTPDeinstKey" = Synaptics Pointing Device Driver
-	"Uninstall_is1" = Uninstall 1.0.0.1
-	"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
-	"VISPRO" = Microsoft Office Visio Professional 2007
-	"VLC media player" = VLC media player 1.0.3
-	"WinGimp-2.0_is1" = GIMP 2.6.8
-	 
-	========== HKEY_CURRENT_USER Uninstall List ==========
-	 
-	[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
-	"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
-	"Dropbox" = Dropbox
-	"Facebook Plug-In" = Facebook Plug-In
-	"Live Security Platinum" = Live Security Platinum
-	"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
-	 
-	========== Last 20 Event Log Errors ==========
-	 
-	[ Application Events ]
-	Error - 21.10.2011 09:38:07 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 22.10.2011 04:03:22 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 22.10.2011 04:03:22 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 22.10.2011 04:04:19 | Computer Name = Tanja-PC | Source = WinMgmt | ID = 10
-	Description = 
-	 
-	Error - 23.10.2011 04:30:12 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 23.10.2011 04:30:12 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 23.10.2011 04:31:05 | Computer Name = Tanja-PC | Source = WinMgmt | ID = 10
-	Description = 
-	 
-	Error - 23.10.2011 08:53:16 | Computer Name = Tanja-PC | Source = WinMgmt | ID = 10
-	Description = 
-	 
-	Error - 23.10.2011 08:57:00 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	Error - 23.10.2011 08:57:00 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
-	Description = 
-	 
-	[ System Events ]
-	Error - 18.08.2012 04:50:56 | Computer Name = Tanja-PC | Source = EventLog | ID = 6008
-	Description = Das System wurde zuvor am 18.08.2012 um 10:35:21 unerwartet heruntergefahren.
-	 
-	Error - 18.08.2012 04:51:08 | Computer Name = Tanja-PC | Source = DCOM | ID = 10005
-	Description = 
-	 
-	Error - 18.08.2012 04:51:21 | Computer Name = Tanja-PC | Source = DCOM | ID = 10005
-	Description = 
-	 
-	Error - 18.08.2012 04:51:21 | Computer Name = Tanja-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
-	Description = 
-	 
-	Error - 18.08.2012 04:51:25 | Computer Name = Tanja-PC | Source = DCOM | ID = 10005
-	Description = 
-	 
-	Error - 18.08.2012 04:52:13 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7001
-	Description = 
-	 
-	Error - 18.08.2012 04:52:13 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7003
-	Description = 
-	 
-	Error - 18.08.2012 04:52:13 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7003
-	Description = 
-	 
-	Error - 18.08.2012 04:52:13 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7026
-	Description = 
-	 
-	Error - 18.08.2012 04:52:13 | Computer Name = Tanja-PC | Source = DCOM | ID = 10005
-	Description = 
-	 
-	 
-	< End of report >

--- --- ---

t'john · 19.08.2012, 18:32

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Web Search 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={D084DD21-A591-473e-946F-AD93D7BB3289} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_de 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=w7V3UrGxDy3yD9LC2dOZQtYFtJI?q={searchTerms} 
IE - HKCU\..\SearchScopes\{816BB19B-5ED0-4644-AA0F-E173E0C4D02A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=1a837ddb-b64e-4aa0-8fb5-4e83a42740d0&apn_sauid=1DBE5BB4-A663-4A01-8978-D5414571AF6F 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "google.de" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=1a837ddb-b64e-4aa0-8fb5-4e83a42740d0&apn_ptnrs=^AAA&apn_sauid=1DBE5BB4-A663-4A01-8978-D5414571AF6F&apn_dtid=^YYYYYY^YY^DE&&q=" 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found 

O4 - HKCU..\Run: [Atovnaudik] C:\Users\Tanja\AppData\Roaming\Aswyes\ezyqy.exe File not found 
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found 
O4 - HKCU..\Run: [Windows Time] rundll32.exe ",EntryPoint File not found 
O4 - HKCU..\Run: [zgxwwissblgbcwm] C:\ProgramData\zgxwwiss.exe () 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{112bea2b-40c7-11e0-817f-00248c0f34c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{112bea2b-40c7-11e0-817f-00248c0f34c2}\Shell\AutoRun\command - "" = G:\Install.exe 
O33 - MountPoints2\{7d0c57c5-2d5f-11e0-9a89-00248c0f34c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{7d0c57c5-2d5f-11e0-9a89-00248c0f34c2}\Shell\AutoRun\command - "" = H:\autorun.exe 
O33 - MountPoints2\{e3b505af-59f0-11df-a5db-00248c0f34c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{e3b505af-59f0-11df-a5db-00248c0f34c2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O33 - MountPoints2\{e771240a-5c62-11df-b83d-00248c0f34c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{e771240a-5c62-11df-b83d-00248c0f34c2}\Shell\AutoRun\command - "" = G:\pushinst.exe 
[2012.08.14 22:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\qdhwidiabsnalgx 
[2012.08.14 16:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp 
[2012.08.14 16:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\hps 

[2012.07.30 09:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980056C3A61A5016562F3B707C 
[2012.08.14 22:00:48 | 000,000,051 | ---- | M] () -- C:\ProgramData\npvftigpdlkpaph 
[2012.08.14 22:00:41 | 000,057,344 | ---- | M] () -- C:\ProgramData\zgxwwiss.exe 

[2009.07.20 14:44:29 | 000,000,090 | ---- | C] () -- C:\Users\Tanja\AppData\Local\ogmas.bat 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 
 
[2012.08.18 10:31:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.08.18 10:31:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.08.18 10:31:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.15 11:39:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.13 09:27:41 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\80000000.@ 
[2012.08.12 20:30:51 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\800000cb.@ 
[2012.08.09 16:49:51 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\U\00000001.@ 
[2012.01.11 18:44:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8f608a51-ab68-08e6-ed92-7a90c683023e}\@ 
[2012.01.11 18:44:00 | 000,002,048 | -HS- | C] () -- C:\Users\Tanja\AppData\Local\{8f608a51-ab68-08e6-ed92-7a90c683023e}\@ 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 29.09.2012, 21:03

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Bundespolizei Virus

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus