• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Und jetzt versuch bitte nochmal OTL, lad aber eine neue Version.

Ok, hier ist das:

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 19:49:58
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Janis - JANIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Janis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchTheWeb.xml
File Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\searchplugins\SearchTheWeb.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Janis\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Janis\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Janis\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\prefs.js

C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_5_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "70fd172f00000000000000235a6166e6");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "70fd172f00000000000000235a6166e6");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15511");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:56:43");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("greasemonkey.scriptvals.71f8f12556abe601d230ac099af2e207/Sharecash survey bypasser, metho[...]
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",
Deleted [l.1764] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",

*************************

AdwCleaner[R1].txt - [21103 octets] - [04/10/2012 17:56:18]
AdwCleaner[S1].txt - [21534 octets] - [04/10/2012 19:49:58]

########## EOF - C:\AdwCleaner[S1].txt - [21595 octets] ##########

Und OTL? Geht es jetzt?

OTL geht jetzt, ja

Hier ist der Log:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 10/4/2012 10:59:32 PM - Run 1
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Janis\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1013.95 Mb Total Physical Memory | 392.39 Mb Available Physical Memory | 38.70% Memory free
2.27 Gb Paging File | 1.52 Gb Available in Paging File | 67.01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.64 Gb Total Space | 14.29 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
 
Computer Name: JANIS-PC | User Name: Janis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
PRC - [2012/07/11 17:59:56 | 002,637,624 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2012/07/11 17:51:24 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2012/03/06 16:43:46 | 006,475,264 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
PRC - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2012/03/06 16:43:38 | 005,186,048 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/05 22:54:42 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Hama\Common\RaRegistry.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/11 17:55:56 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2012/05/14 20:45:22 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/14 17:53:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 17:52:29 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/14 17:41:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/03/06 16:58:52 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.196.0__6d6a20262490fcdc\bcmwlrmt.dll
MOD - [2011/10/07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/06/10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/21 22:51:37 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\macromed\flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 21:49:20 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Janis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/03/06 16:43:37 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/05 22:54:54 | 000,167,576 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S6000KNT.sys -- (S6000KNT)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/03/29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/02/24 15:06:00 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 CA C0 59 9D FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 20:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2012/10/04 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions
[2012/04/19 15:47:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/10 10:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/14 16:05:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\firefox\profiles\bw776v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/05 00:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\~
CHR - Extension: Google-Suche = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WonTube Video Converter = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfigjmcmfpplbaglfnfhdeoammgbegk\1.0.7_0\
CHR - Extension: Apple Logo In Space = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljlognecgfcofnehmmjmpjclelokgac\1_0\
CHR - Extension: AdBlock = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Download Youtube Chrome = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpciaebjcjaeeodcmalemehhnpilainh\1.7_0\
CHR - Extension: Fast save = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjfpblpicbbkbihfhlijecbiadiehaa\1.1_0\
CHR - Extension: Google Mail = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/03 17:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe (ExtraLabs Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MP3 Skype Recorder] C:\Programme\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FECF99-3B43-4B79-86CF-19CD04F12C59}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D919A74-7B99-489D-A36B-D638B135663D}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECCD3BF-6684-4A29-98B1-59BDF8643224}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\PROGRA~2\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/04 22:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 22:25:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2012/10/03 21:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 19:00:48 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
[2012/10/03 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Local\temp
[2012/10/03 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Gothic 2Soundtrack
[2012/10/03 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\GOTHIC 1+2+3  Original Soundtrack
[2012/10/03 11:28:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 11:28:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 11:28:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 11:20:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 11:19:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/02 17:34:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/10/01 21:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector
[2012/10/01 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\GadgetBox
[2012/09/30 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\ps3emu
[2012/09/29 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Chariots of Fire
[2012/09/20 23:00:03 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2012/09/18 21:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/17 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
[2012/09/14 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\flash-disinfector-
[2012/09/13 23:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/12 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Virtual Dub
[2012/09/10 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/09/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\crack il
[2012/09/10 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Janis\stick musik
[2012/09/10 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/09/10 16:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012/09/10 16:45:14 | 000,562,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2012/09/10 16:45:14 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012/09/10 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT7x Driver
[2012/09/10 16:43:52 | 000,776,480 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2012/09/10 16:43:52 | 000,102,688 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2012/09/10 16:43:50 | 001,590,560 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2012/09/10 16:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hama
[2012/09/09 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Janis\Documents\Skype Call Recordings
[2012/09/09 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Recorder
[2012/09/09 14:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Skype Recorder
[2012/09/07 17:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2012/09/07 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2012/09/07 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Cinema 4D & Sony Vegas
[2012/09/06 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/05 09:52:20 | 000,000,000 | R--D | C] -- C:\Users\Janis\sound
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/04 23:10:57 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/10/04 23:02:09 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 22:51:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 22:25:35 | 000,000,358 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/04 22:06:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 22:05:19 | 094,072,832 | ---- | M] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 21:54:44 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/04 19:57:14 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:57:14 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 19:51:42 | 797,401,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 19:44:02 | 000,002,067 | ---- | M] () -- C:\Users\Janis\Desktop\Gothic II spielen.lnk
[2012/10/04 17:54:51 | 000,513,501 | ---- | M] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/04 17:42:08 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/10/03 17:49:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 12:16:11 | 000,144,058 | ---- | M] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:25:22 | 000,108,243 | ---- | M] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:36 | 000,082,984 | ---- | M] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:54 | 000,127,538 | ---- | M] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | M] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 23:10:18 | 000,441,673 | ---- | M] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/26 20:28:39 | 003,812,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/24 18:58:59 | 001,544,593 | ---- | M] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/18 22:05:10 | 000,048,463 | ---- | M] () -- C:\energyreport.html
[2012/09/18 19:37:19 | 000,057,538 | ---- | M] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | M] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/13 23:03:58 | 000,696,002 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/13 23:03:58 | 000,653,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 23:03:58 | 000,148,494 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/13 23:03:58 | 000,121,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 20:20:19 | 000,256,507 | ---- | M] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 16:47:53 | 000,001,916 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:36 | 000,008,122 | ---- | M] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:57 | 000,000,153 | ---- | M] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:16 | 000,228,227 | ---- | M] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:41 | 008,018,917 | ---- | M] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | M] () -- C:\Users\Janis\Tunatic.lnk
 
========== Files Created - No Company Name ==========
 
[2012/10/04 20:19:04 | 094,072,832 | ---- | C] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 19:44:02 | 000,002,067 | ---- | C] () -- C:\Users\Janis\Desktop\Gothic II spielen.lnk
[2012/10/04 17:54:56 | 000,513,501 | ---- | C] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 12:16:00 | 000,144,058 | ---- | C] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/03 11:28:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 11:28:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 11:28:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 11:28:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 11:28:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/01 21:25:21 | 000,108,243 | ---- | C] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:35 | 000,082,984 | ---- | C] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:53 | 000,127,538 | ---- | C] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | C] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 22:48:48 | 000,441,673 | ---- | C] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/24 18:58:55 | 001,544,593 | ---- | C] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/22 19:44:37 | 004,037,598 | ---- | C] () -- C:\Users\Janis\Desktop\1045When_You_Say_Nothing_At_All_Instrumental.mp3
[2012/09/18 22:05:10 | 000,048,463 | ---- | C] () -- C:\energyreport.html
[2012/09/18 19:37:46 | 000,057,538 | ---- | C] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | C] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/14 18:31:06 | 000,002,993 | ---- | C] () -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012/09/11 20:20:17 | 000,256,507 | ---- | C] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 20:58:35 | 000,999,999 | ---- | C] () -- C:\Users\Janis\Desktop\patch_mp.ff
[2012/09/10 20:23:39 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012/09/10 16:47:53 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:49 | 000,008,122 | ---- | C] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:56 | 000,000,153 | ---- | C] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:22 | 000,228,227 | ---- | C] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:17 | 008,018,917 | ---- | C] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | C] () -- C:\Users\Janis\Tunatic.lnk
[2012/09/06 11:24:44 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/08/28 23:51:07 | 000,007,618 | ---- | C] () -- C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
[2012/08/28 18:28:34 | 000,001,896 | ---- | C] () -- C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
[2012/08/28 18:28:34 | 000,001,824 | ---- | C] () -- C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
[2012/07/17 15:30:15 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2012/07/01 00:35:20 | 000,000,204 | ---- | C] () -- C:\Windows\iplayer.INI
[2012/06/28 17:26:14 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2012/06/28 17:17:48 | 000,000,000 | -H-- | C] () -- C:\Windows\popcreg.dat
[2012/06/03 16:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012/05/06 18:26:58 | 000,141,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/20 21:49:46 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/03/14 00:21:51 | 000,005,120 | ---- | C] () -- C:\Users\Janis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 20:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/03/13 03:17:10 | 000,004,873 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012/03/10 15:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/10 15:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/10 15:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/10 15:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/10 15:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/10 15:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/07 00:41:56 | 000,696,002 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/03/07 00:41:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/03/07 00:41:56 | 000,148,494 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/03/07 00:41:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/03/06 16:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/03/06 16:33:23 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/26 18:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 18:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 18:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 18:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 18:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 18:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 18:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 18:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 18:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 18:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/12/07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/07/16 15:18:29 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\.minecraft
[2012/05/14 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\AVG2012
[2012/07/28 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Canneverbe Limited
[2012/09/02 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/30 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\dclogs
[2012/08/28 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Dev-Cpp
[2012/03/08 02:38:16 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\GrabPro
[2012/06/13 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\JGoodies
[2012/03/06 16:41:51 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Leadertech
[2012/09/07 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MAXON
[2012/03/13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MOVAVI
[2012/07/03 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MP3SkypeRecorder
[2012/10/04 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Orbit
[2012/03/08 02:38:24 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\ProgSense
[2012/03/22 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Publish Providers
[2012/07/27 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony
[2012/03/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony Creative Software Inc
[2012/09/06 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\tmp
[2012/08/12 00:37:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\TS3Client
[2012/10/03 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\uTorrent
[2012/06/13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft
[2012/03/23 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/15 12:59:16 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/10/04 22:55:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/01/17 15:46:55 | 000,000,000 | ---D | M] -- C:\6f4fa04be47527fb0856c464b66d7966
[2012/05/13 00:50:00 | 000,000,000 | ---D | M] -- C:\8aa953f02b455675f2af12
[2012/01/23 17:36:13 | 000,000,000 | ---D | M] -- C:\97eaaf4b7917584c9904a1aa2671ea5f
[2012/05/14 22:08:24 | 000,000,000 | ---D | M] -- C:\a3c3cc5760d8e7d9b184239e
[2012/03/06 22:44:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012/07/17 18:59:28 | 000,000,000 | ---D | M] -- C:\bPlayer2
[2012/02/03 15:44:00 | 000,000,000 | ---D | M] -- C:\CanoScan
[2012/10/04 22:55:22 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/04 16:30:30 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb
[2012/08/28 11:35:33 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/18 17:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente
[2012/10/04 22:56:21 | 000,000,000 | ---D | M] -- C:\Downloads
[2012/07/15 21:08:31 | 000,000,000 | ---D | M] -- C:\Fraps
[2012/06/16 19:47:22 | 000,000,000 | ---D | M] -- C:\GAMIGO
[2012/01/17 17:26:52 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 18:06:12 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/01/18 20:23:53 | 000,000,000 | ---D | M] -- C:\p
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/04 19:50:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/04 19:50:00 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/09/08 23:50:56 | 000,000,000 | R--D | M] -- C:\Programme
[2012/10/04 21:56:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/06 14:02:25 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/02/02 17:34:52 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012/10/04 23:05:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/06 14:28:03 | 000,000,000 | ---D | M] -- C:\thief 2 missionen
[2012/06/05 18:14:12 | 000,000,000 | ---D | M] -- C:\ThiefG
[2012/09/20 22:59:32 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/04 11:26:16 | 000,000,000 | ---D | M] -- C:\VueScan
[2012/10/04 22:50:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012/10/03 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\CrashDumps
[2012/10/04 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\ElevatedDiagnostics
[2012/10/04 23:18:37 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\temp

< End of report >
         

--- --- ---

Bestehen noch Probleme?

Nein,

Also die Dateien werden jetz nicht mehr erstellt. Bis jetzt zumindest. Also es hat auf jede Fall geholfen.
Danke nochmal dafür

Hat das jetz alle Viren gelöscht oder nur die in dem Roaming Ordner?

AdwCleaner öffnen > Uninstall

Windows-Taste+R > Combofix /Uninstall > Enter drücken



Tool-Bereinigung mit OTC
Bitte lade Dir OTC von OldTimer herunter.

• Speichere es auf Deinem Desktop.
• Doppelklick auf OTC.exe um das Programm auszuführen.
• Eine Datei* sollte nun heruntergeladen werden.
  *Das ist eine Datei mit einer Liste von Helferprogrammen, die dann automatisch von Deinem System entfernt werden.
• OTC fragt eventuell nach einem Neustart.
  Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTC und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind.





Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Die Dateien sind wieder erstellt worden

Wann genau? Was hast Du gemacht?

Es sind zwei Dateien erstellt worden.
Und zwar beide am 05.10.2012 um 22.10
Ich habe gar nichts gemacht außer sie bei den Prozessen wieder zu beenden.
aus dem Roaming Ordner habe ich sie nicht gelöscht

Poste mal ein frisches OTL Logfile bitte.

Habs nochmal gemacht:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 10/7/2012 8:48:42 PM - Run 2
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Janis\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1013.95 Mb Total Physical Memory | 655.46 Mb Available Physical Memory | 64.64% Memory free
2.27 Gb Paging File | 1.55 Gb Available in Paging File | 68.24% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.64 Gb Total Space | 12.44 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
 
Computer Name: JANIS-PC | User Name: Janis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
PRC - [2012/03/06 16:43:46 | 006,475,264 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
PRC - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2012/03/06 16:43:38 | 005,186,048 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/05 22:54:42 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Hama\Common\RaRegistry.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/14 20:45:22 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/14 17:53:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 17:52:29 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/14 17:41:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/03/06 16:58:52 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.196.0__6d6a20262490fcdc\bcmwlrmt.dll
MOD - [2011/10/07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/06/10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/21 22:51:37 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\macromed\flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 21:49:20 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Janis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/03/06 16:43:37 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/05 22:54:54 | 000,167,576 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S6000KNT.sys -- (S6000KNT)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/03/29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/02/24 15:06:00 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 CA C0 59 9D FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 20:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2012/10/04 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions
[2012/04/19 15:47:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/10 10:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/14 16:05:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\firefox\profiles\bw776v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/05 00:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\~
CHR - Extension: Google-Suche = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WonTube Video Converter = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfigjmcmfpplbaglfnfhdeoammgbegk\1.0.7_0\
CHR - Extension: Apple Logo In Space = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljlognecgfcofnehmmjmpjclelokgac\1_0\
CHR - Extension: AdBlock = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Download Youtube Chrome = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpciaebjcjaeeodcmalemehhnpilainh\1.7_0\
CHR - Extension: Fast save = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjfpblpicbbkbihfhlijecbiadiehaa\1.1_0\
CHR - Extension: Google Mail = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/03 17:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe (ExtraLabs Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MP3 Skype Recorder] C:\Programme\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKCU..\Run: [WINSXS32] C:\Users\Janis\AppData\Roaming\BCAD.exe (Ufasoft)
O4 - Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FECF99-3B43-4B79-86CF-19CD04F12C59}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D919A74-7B99-489D-A36B-D638B135663D}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECCD3BF-6684-4A29-98B1-59BDF8643224}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\PROGRA~2\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/06 16:03:11 | 000,342,016 | ---- | C] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\BCAD.exe
[2012/10/05 22:10:28 | 000,342,016 | ---- | C] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\A303.exe
[2012/10/05 22:04:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/10/04 22:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 22:25:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2012/10/03 21:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 19:00:48 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
[2012/10/03 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Local\temp
[2012/10/03 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Gothic 2Soundtrack
[2012/10/03 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\GOTHIC 1+2+3  Original Soundtrack
[2012/10/03 11:28:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 11:28:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 11:28:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 11:20:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 11:19:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/02 17:34:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector
[2012/10/01 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\GadgetBox
[2012/09/30 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\ps3emu
[2012/09/29 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Chariots of Fire
[2012/09/20 23:00:03 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2012/09/18 21:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/17 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
[2012/09/14 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\flash-disinfector-
[2012/09/13 23:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/12 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Virtual Dub
[2012/09/10 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/09/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\crack il
[2012/09/10 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Janis\stick musik
[2012/09/10 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/09/10 16:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012/09/10 16:45:14 | 000,562,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2012/09/10 16:45:14 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012/09/10 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT7x Driver
[2012/09/10 16:43:52 | 000,776,480 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2012/09/10 16:43:52 | 000,102,688 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2012/09/10 16:43:50 | 001,590,560 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2012/09/10 16:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hama
[2012/09/09 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Janis\Documents\Skype Call Recordings
[2012/09/09 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Recorder
[2012/09/09 14:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Skype Recorder
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/07 20:51:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/07 20:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/10/07 20:02:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 17:12:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 13:08:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/10/07 11:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 16:03:11 | 000,342,016 | ---- | M] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\BCAD.exe
[2012/10/06 11:49:18 | 000,155,015 | ---- | M] () -- C:\Users\Janis\Desktop\9281_4348066031184_1120896764_n.jpg
[2012/10/05 22:20:20 | 000,002,107 | ---- | M] () -- C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
[2012/10/05 22:14:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 22:14:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 22:10:28 | 000,342,016 | ---- | M] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\A303.exe
[2012/10/05 22:09:15 | 000,000,358 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/05 22:08:55 | 797,401,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 18:17:21 | 015,139,783 | ---- | M] () -- C:\Users\Janis\Desktop\Archie_-_Leto_(Radio_Edit)_www.soundsLARGE.com.mp3
[2012/10/04 23:28:40 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/10/04 22:05:19 | 094,072,832 | ---- | M] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 21:54:44 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/04 17:54:51 | 000,513,501 | ---- | M] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 17:49:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 12:16:11 | 000,144,058 | ---- | M] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:25:22 | 000,108,243 | ---- | M] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:36 | 000,082,984 | ---- | M] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:54 | 000,127,538 | ---- | M] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | M] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 23:10:18 | 000,441,673 | ---- | M] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/26 20:28:39 | 003,812,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/24 18:58:59 | 001,544,593 | ---- | M] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/18 22:05:10 | 000,048,463 | ---- | M] () -- C:\energyreport.html
[2012/09/18 19:37:19 | 000,057,538 | ---- | M] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | M] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/13 23:03:58 | 000,696,002 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/13 23:03:58 | 000,653,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 23:03:58 | 000,148,494 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/13 23:03:58 | 000,121,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 20:20:19 | 000,256,507 | ---- | M] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 16:47:53 | 000,001,916 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:36 | 000,008,122 | ---- | M] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:57 | 000,000,153 | ---- | M] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:16 | 000,228,227 | ---- | M] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:41 | 008,018,917 | ---- | M] () -- C:\Users\Janis\c scan 1.jdr
 
========== Files Created - No Company Name ==========
 
[2012/10/06 11:49:05 | 000,155,015 | ---- | C] () -- C:\Users\Janis\Desktop\9281_4348066031184_1120896764_n.jpg
[2012/10/05 18:17:53 | 015,139,783 | ---- | C] () -- C:\Users\Janis\Desktop\Archie_-_Leto_(Radio_Edit)_www.soundsLARGE.com.mp3
[2012/10/04 23:28:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/10/04 23:23:49 | 000,002,107 | ---- | C] () -- C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
[2012/10/04 20:19:04 | 094,072,832 | ---- | C] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 17:54:56 | 000,513,501 | ---- | C] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 12:16:00 | 000,144,058 | ---- | C] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/03 11:28:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 11:28:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 11:28:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 11:28:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 11:28:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/01 21:25:21 | 000,108,243 | ---- | C] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:35 | 000,082,984 | ---- | C] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:53 | 000,127,538 | ---- | C] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | C] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 22:48:48 | 000,441,673 | ---- | C] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/24 18:58:55 | 001,544,593 | ---- | C] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/22 19:44:37 | 004,037,598 | ---- | C] () -- C:\Users\Janis\Desktop\1045When_You_Say_Nothing_At_All_Instrumental.mp3
[2012/09/18 22:05:10 | 000,048,463 | ---- | C] () -- C:\energyreport.html
[2012/09/18 19:37:46 | 000,057,538 | ---- | C] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | C] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/14 18:31:06 | 000,002,993 | ---- | C] () -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012/09/11 20:20:17 | 000,256,507 | ---- | C] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 20:58:35 | 000,999,999 | ---- | C] () -- C:\Users\Janis\Desktop\patch_mp.ff
[2012/09/10 20:23:39 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012/09/10 16:47:53 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:49 | 000,008,122 | ---- | C] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:56 | 000,000,153 | ---- | C] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:22 | 000,228,227 | ---- | C] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:17 | 008,018,917 | ---- | C] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | C] () -- C:\Users\Janis\Tunatic.lnk
[2012/08/28 23:51:07 | 000,007,618 | ---- | C] () -- C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
[2012/08/28 18:28:34 | 000,001,896 | ---- | C] () -- C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
[2012/08/28 18:28:34 | 000,001,824 | ---- | C] () -- C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
[2012/07/17 15:30:15 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2012/07/01 00:35:20 | 000,000,204 | ---- | C] () -- C:\Windows\iplayer.INI
[2012/06/28 17:26:14 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2012/06/28 17:17:48 | 000,000,000 | -H-- | C] () -- C:\Windows\popcreg.dat
[2012/06/03 16:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012/05/06 18:26:58 | 000,141,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/20 21:49:46 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/03/14 00:21:51 | 000,005,120 | ---- | C] () -- C:\Users\Janis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 20:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/03/13 03:17:10 | 000,004,873 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012/03/10 15:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/10 15:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/10 15:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/10 15:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/10 15:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/10 15:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/07 00:41:56 | 000,696,002 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/03/07 00:41:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/03/07 00:41:56 | 000,148,494 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/03/07 00:41:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/03/06 16:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/03/06 16:33:23 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/26 18:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 18:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 18:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 18:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 18:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 18:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 18:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 18:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 18:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 18:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/12/07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/07/16 15:18:29 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\.minecraft
[2012/05/14 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\AVG2012
[2012/07/28 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Canneverbe Limited
[2012/09/02 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/30 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\dclogs
[2012/08/28 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Dev-Cpp
[2012/03/08 02:38:16 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\GrabPro
[2012/06/13 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\JGoodies
[2012/03/06 16:41:51 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Leadertech
[2012/09/07 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MAXON
[2012/03/13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MOVAVI
[2012/07/03 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MP3SkypeRecorder
[2012/10/05 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Orbit
[2012/03/08 02:38:24 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\ProgSense
[2012/03/22 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Publish Providers
[2012/07/27 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony
[2012/03/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony Creative Software Inc
[2012/09/06 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\tmp
[2012/08/12 00:37:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\TS3Client
[2012/10/03 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\uTorrent
[2012/06/13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft
[2012/03/23 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/15 12:59:16 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/10/04 22:55:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/10/05 22:04:33 | 000,000,000 | ---D | M] -- C:\32788R22FWJFW
[2012/01/17 15:46:55 | 000,000,000 | ---D | M] -- C:\6f4fa04be47527fb0856c464b66d7966
[2012/05/13 00:50:00 | 000,000,000 | ---D | M] -- C:\8aa953f02b455675f2af12
[2012/01/23 17:36:13 | 000,000,000 | ---D | M] -- C:\97eaaf4b7917584c9904a1aa2671ea5f
[2012/05/14 22:08:24 | 000,000,000 | ---D | M] -- C:\a3c3cc5760d8e7d9b184239e
[2012/03/06 22:44:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012/07/17 18:59:28 | 000,000,000 | ---D | M] -- C:\bPlayer2
[2012/02/03 15:44:00 | 000,000,000 | ---D | M] -- C:\CanoScan
[2012/10/04 22:55:22 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/04 16:30:30 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb
[2012/08/28 11:35:33 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/18 17:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente
[2012/10/04 22:56:21 | 000,000,000 | ---D | M] -- C:\Downloads
[2012/07/15 21:08:31 | 000,000,000 | ---D | M] -- C:\Fraps
[2012/06/16 19:47:22 | 000,000,000 | ---D | M] -- C:\GAMIGO
[2012/01/17 17:26:52 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 18:06:12 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/01/18 20:23:53 | 000,000,000 | ---D | M] -- C:\p
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/04 19:50:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/05 22:06:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/09/08 23:50:56 | 000,000,000 | R--D | M] -- C:\Programme
[2012/10/04 21:56:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/06 14:02:25 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/02/02 17:34:52 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012/10/07 20:55:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/06 14:28:03 | 000,000,000 | ---D | M] -- C:\thief 2 missionen
[2012/06/05 18:14:12 | 000,000,000 | ---D | M] -- C:\ThiefG
[2012/09/20 22:59:32 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/04 11:26:16 | 000,000,000 | ---D | M] -- C:\VueScan
[2012/10/04 23:28:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012/10/03 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\CrashDumps
[2012/10/04 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\ElevatedDiagnostics
[2012/10/07 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\temp
 
<           >
[2009/07/14 06:53:46 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/03/06 15:33:50 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/03/06 15:33:51 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/04/12 01:57:13 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/04/17 01:50:32 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/17 01:50:34 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job

< End of report >
         

--- --- ---

Das machen wir jetzt mal ganz anders.


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

• Starte den Rechner neu auf.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu auf und starte von der CD
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !!
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 08-10-2012 16:58:47
Running from D:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2012-03-06] (Broadcom Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe" [720896 2012-09-09] (ExtraLabs Software)
HKU\Cinema 4D\...\Run: [MicroUpdate] C:\Users\Cinema 4D\Documents\MSDCSC\msdcsc.exe [x]
HKU\Janis\...\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
HKU\Janis\...\Run: [Fztitn] C:\Users\Janis\AppData\Roaming\Fztitn.exe [195072 2012-10-08] (Microsoft Corporation)
HKU\Janis\...\Run: [WINSXS32] C:\Users\Janis\AppData\Roaming\BCAD.exe [342016 2012-10-06] (Ufasoft)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Janis\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 KMService; C:\Windows\system32\srvany.exe [8192 2012-03-20] ()
2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.)
2 wltrysvc; "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe" [5186048 2012-03-06] (Broadcom Corporation)
2 AVGIDSAgent; "c:\Program Files\AVG\AVG2012\avgidsagent.exe" [x]
2 avgwd; "c:\Program Files\AVG\AVG2012\avgwdsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2012-03-06] (Broadcom Corporation)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2010-03-29] (Atheros Communications, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-01] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-01] (Logitech, Inc.)
3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic hxxp://www.beyondlogic.org)
3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [167576 2010-08-05] (Windows (R) Win 7 DDK provider)
3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
3 catchme; \??\C:\Users\Janis\AppData\Local\Temp\catchme.sys [x]
3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
3 EraserUtilDrv11122; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [x]
3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-08 06:46 - 2012-10-07 02:37 - 00905954 ____A (Farbar) C:\Users\Janis\Desktop\FRST.exe
2012-10-08 06:43 - 2012-10-08 06:43 - 00195072 ___AH (Microsoft Corporation) C:\Users\Janis\AppData\Roaming\Fztitn.exe
2012-10-07 12:19 - 2012-10-07 12:29 - 00000063 ____A C:\Users\Janis\Desktop\test.bat
2012-10-06 06:03 - 2012-10-06 06:03 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\BCAD.exe
2012-10-05 12:10 - 2012-10-05 12:10 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\A303.exe
2012-10-05 12:06 - 2012-10-05 12:06 - 00001237 ____A C:\AdwCleaner[S2].txt
2012-10-05 12:05 - 2012-10-05 12:06 - 00001107 ____A C:\AdwCleaner[R2].txt
2012-10-05 12:04 - 2012-10-05 12:04 - 00000000 ____D C:\32788R22FWJFW
2012-10-04 13:28 - 2012-10-04 13:28 - 00004096 ____A C:\Windows\d3dx.dat
2012-10-04 13:23 - 2012-10-05 12:20 - 00002107 ____A C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 13:23 - 2012-10-04 13:23 - 00063770 ____A C:\Users\Janis\Desktop\Extras.Txt
2012-10-04 13:23 - 2012-10-04 13:23 - 00002091 ____A C:\Users\Cinema 4D\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 13:19 - 2012-10-07 11:02 - 00108070 ____A C:\Users\Janis\Desktop\OTL.Txt
2012-10-04 12:25 - 2012-10-04 12:55 - 00000000 ____D C:\ComboFix
2012-10-04 09:54 - 2012-10-04 09:54 - 00021665 ____A C:\Users\Janis\Desktop\AdwCleaner[S1].txt
2012-10-04 09:49 - 2012-10-04 09:50 - 00021665 ____A C:\AdwCleaner[S1].txt
2012-10-04 08:31 - 2012-10-04 08:31 - 00000000 ____D C:\Program Files\JoWooD
2012-10-04 07:56 - 2012-10-04 07:56 - 00021103 ____A C:\AdwCleaner[R1].txt
2012-10-04 07:54 - 2012-10-04 07:54 - 00513501 ____A C:\Users\Janis\Desktop\adwcleaner.exe
2012-10-03 11:16 - 2012-10-03 11:16 - 00019187 ____A C:\Users\Janis\Desktop\ComboFix.txt
2012-10-03 09:00 - 2012-10-03 09:07 - 00000000 ____D C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
2012-10-03 03:19 - 2012-10-03 06:26 - 00000000 ____D C:\Users\Janis\Desktop\Gothic 2Soundtrack
2012-10-03 02:19 - 2012-10-03 06:26 - 00000000 ____D C:\Users\Janis\Desktop\GOTHIC 1+2+3 Original Soundtrack
2012-10-03 01:28 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-03 01:28 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-03 01:28 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-03 01:21 - 2012-10-04 11:56 - 00000000 ____D C:\Qoobox
2012-10-03 01:20 - 2012-10-03 01:57 - 00000000 ____D C:\Windows\erdnt
2012-10-03 01:19 - 2012-10-04 11:54 - 04762471 ____R (Swearware) C:\Users\Janis\Desktop\ComboFix.exe
2012-10-02 12:06 - 2012-10-02 12:17 - 00003954 ____A C:\Users\Janis\Desktop\Attach.txt
2012-10-02 12:04 - 2012-10-02 12:17 - 00019095 ____A C:\Users\Janis\Desktop\DDS.txt
2012-10-02 07:34 - 2012-10-01 17:26 - 00600064 ____A (OldTimer Tools) C:\Users\Janis\Desktop\OTL.exe
2012-10-01 11:29 - 2012-10-05 12:09 - 00000358 ___AH C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
2012-10-01 11:29 - 2012-10-01 11:29 - 00000000 ____D C:\Program Files\SProtector
2012-10-01 11:29 - 2012-10-01 11:29 - 00000000 ____D C:\Program Files\GadgetBox
2012-10-01 11:25 - 2012-10-01 11:25 - 00108243 ____A C:\Users\Janis\Documents\Unbenannt.wma
2012-10-01 07:00 - 2012-10-01 07:01 - 00342736 ____A C:\Windows\Minidump\100112-23041-01.dmp
2012-09-30 09:12 - 2012-09-30 09:12 - 00001901 ____A C:\Users\Janis\Desktop\PS3Emu.lnk
2012-09-30 09:11 - 2012-09-30 09:11 - 00000000 ____D C:\Program Files\ps3emu
2012-09-30 09:07 - 2012-09-30 09:10 - 71786357 ____A C:\Users\Janis\Downloads\PS3 emulator WORKING! ps3emu ver. 0.0.0.2 Sony Playstation games ROMs emulation.exe
2012-09-29 12:54 - 2012-09-29 12:52 - 00000229 ____A C:\Users\Janis\Desktop\PSN Codes Generator (1).txt
2012-09-29 12:38 - 2012-09-29 12:38 - 00000000 ____D C:\Users\Janis\Downloads\Vangelis - [Chariots Of Fire][OST] [www.pctorrent.com]
2012-09-29 12:38 - 2012-09-29 12:38 - 00000000 ____D C:\Users\Janis\Desktop\Chariots of Fire
2012-09-29 12:37 - 2012-09-29 12:37 - 00000073 ____A C:\Users\Janis\Downloads\Rapget.txt
2012-09-26 12:48 - 2012-09-26 13:10 - 00441673 ____A C:\Users\Janis\Desktop\m4xfps logo keks.ai
2012-09-22 01:32 - 2012-09-22 01:33 - 00342592 ____A C:\Windows\Minidump\092212-28142-01.dmp
2012-09-20 13:18 - 2012-09-20 13:18 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-20 13:10 - 2012-09-20 13:10 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\MAXON
2012-09-20 13:01 - 2012-09-20 13:01 - 00112400 ____A C:\Users\Cinema 4D\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 13:01 - 2012-09-20 13:01 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Logitech
2012-09-20 13:00 - 2012-09-20 13:17 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Adobe
2012-09-20 13:00 - 2012-09-20 13:16 - 00000000 ____D C:\Users\Cinema 4D\AppData\Local\Adobe
2012-09-20 12:59 - 2012-10-03 07:48 - 00000000 __SHD C:\Users\Cinema 4D\Documents\MSDCSC
2012-09-20 12:59 - 2012-09-20 13:00 - 00000000 ____D C:\users\Cinema 4D
2012-09-20 12:59 - 2012-09-20 12:59 - 00000020 __ASH C:\Users\Cinema 4D\ntuser.ini
2012-09-20 12:59 - 2012-03-07 15:54 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Macromedia
2012-09-18 12:05 - 2012-09-18 12:05 - 00048463 ____A C:\energyreport.html
2012-09-18 11:40 - 2012-09-18 11:40 - 00000000 ____D C:\Windows\Sun
2012-09-17 07:10 - 2012-09-17 07:11 - 00000000 ____D C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 08:31 - 2012-09-14 08:31 - 00003033 ____A C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
2012-09-14 06:57 - 2012-09-14 06:57 - 00000000 ____D C:\Users\Janis\flash-disinfector-
2012-09-13 10:54 - 2012-09-13 10:55 - 01553408 ____A (home-hacks.info) C:\Users\Janis\Downloads\FileIce Sharecash Premium Downloader.exe
2012-09-12 07:53 - 2012-09-12 07:54 - 00000000 ____D C:\Users\Janis\Desktop\Virtual Dub
2012-09-10 10:58 - 2012-06-05 05:13 - 00999999 ____A C:\Users\Janis\Desktop\patch_mp.ff
2012-09-10 10:23 - 2012-09-10 10:23 - 00000000 ____D C:\Users\All Users\ALM
2012-09-10 10:01 - 2012-09-10 10:25 - 00000000 ____D C:\Users\Janis\crack il
2012-09-10 08:14 - 2012-09-10 08:15 - 00000000 ____D C:\Users\Janis\stick musik
2012-09-10 06:48 - 2012-09-26 11:34 - 00000000 ____D C:\Users\All Users\Ralink
2012-09-10 06:45 - 2012-09-10 06:45 - 00000000 ____D C:\Users\All Users\RalinkRT7x Driver
2012-09-10 06:45 - 2010-02-24 05:06 - 00562464 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr73.sys
2012-09-10 06:45 - 2010-02-24 04:07 - 00226592 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInst.dll
2012-09-10 06:43 - 2012-09-10 06:43 - 00000000 ____D C:\Program Files\Hama
2012-09-10 06:43 - 2009-12-10 02:16 - 01590560 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2012-09-10 06:43 - 2009-12-10 02:16 - 00776480 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2012-09-10 06:43 - 2009-12-10 02:16 - 00102688 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2012-09-09 08:03 - 2012-09-09 08:03 - 00001272 ____A C:\Users\Janis\praktikum.txt
2012-09-09 04:16 - 2012-09-09 09:33 - 00000000 ____D C:\Users\Janis\Documents\Skype Call Recordings
2012-09-09 04:12 - 2012-09-20 13:00 - 00000000 ____D C:\Program Files\Skype Recorder
2012-09-09 04:05 - 2012-09-09 04:10 - 02807665 ____A C:\Users\Janis\Downloads\Skype Recorder incl.patch.rar
2012-09-09 04:02 - 2012-09-09 04:02 - 00000153 ____A C:\Users\Janis\settings.bin
2012-09-09 03:59 - 2012-09-09 04:00 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar
2012-09-09 03:56 - 2012-09-09 03:56 - 00000000 ____D C:\Users\Janis\Downloads\Call Recorder for Skype-v2.3.21-Resented
2012-09-08 02:36 - 2012-09-08 02:36 - 08018917 ____A C:\Users\Janis\c scan 1.jdr


==================== 3 Months Modified Files ==================

2012-10-08 06:55 - 2012-03-06 12:49 - 01553716 ____A C:\Windows\WindowsUpdate.log
2012-10-08 06:52 - 2012-03-06 05:33 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
2012-10-08 06:51 - 2012-04-11 15:57 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-08 06:43 - 2012-10-08 06:43 - 00195072 ___AH (Microsoft Corporation) C:\Users\Janis\AppData\Roaming\Fztitn.exe
2012-10-08 06:43 - 2012-04-16 15:50 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-08 06:43 - 2012-03-06 05:33 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
2012-10-07 12:29 - 2012-10-07 12:19 - 00000063 ____A C:\Users\Janis\Desktop\test.bat
2012-10-07 11:02 - 2012-10-04 13:19 - 00108070 ____A C:\Users\Janis\Desktop\OTL.Txt
2012-10-07 07:12 - 2012-04-16 15:50 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-07 05:08 - 2009-07-13 20:39 - 00071339 ____A C:\Windows\setupact.log
2012-10-07 02:37 - 2012-10-08 06:46 - 00905954 ____A (Farbar) C:\Users\Janis\Desktop\FRST.exe
2012-10-06 06:03 - 2012-10-06 06:03 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\BCAD.exe
2012-10-05 12:20 - 2012-10-04 13:23 - 00002107 ____A C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-05 12:14 - 2009-07-13 20:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-05 12:14 - 2009-07-13 20:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-05 12:10 - 2012-10-05 12:10 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\A303.exe
2012-10-05 12:09 - 2012-10-01 11:29 - 00000358 ___AH C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
2012-10-05 12:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-05 12:08 - 2012-03-07 07:47 - 00726434 ____A C:\Windows\PFRO.log
2012-10-05 12:06 - 2012-10-05 12:06 - 00001237 ____A C:\AdwCleaner[S2].txt
2012-10-05 12:06 - 2012-10-05 12:05 - 00001107 ____A C:\AdwCleaner[R2].txt
2012-10-04 13:28 - 2012-10-04 13:28 - 00004096 ____A C:\Windows\d3dx.dat
2012-10-04 13:23 - 2012-10-04 13:23 - 00063770 ____A C:\Users\Janis\Desktop\Extras.Txt
2012-10-04 13:23 - 2012-10-04 13:23 - 00002091 ____A C:\Users\Cinema 4D\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 12:50 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-10-04 11:54 - 2012-10-03 01:19 - 04762471 ____R (Swearware) C:\Users\Janis\Desktop\ComboFix.exe
2012-10-04 09:54 - 2012-10-04 09:54 - 00021665 ____A C:\Users\Janis\Desktop\AdwCleaner[S1].txt
2012-10-04 09:50 - 2012-10-04 09:49 - 00021665 ____A C:\AdwCleaner[S1].txt
2012-10-04 07:56 - 2012-10-04 07:56 - 00021103 ____A C:\AdwCleaner[R1].txt
2012-10-04 07:54 - 2012-10-04 07:54 - 00513501 ____A C:\Users\Janis\Desktop\adwcleaner.exe
2012-10-03 11:16 - 2012-10-03 11:16 - 00019187 ____A C:\Users\Janis\Desktop\ComboFix.txt
2012-10-02 12:17 - 2012-10-02 12:06 - 00003954 ____A C:\Users\Janis\Desktop\Attach.txt
2012-10-02 12:17 - 2012-10-02 12:04 - 00019095 ____A C:\Users\Janis\Desktop\DDS.txt
2012-10-01 17:26 - 2012-10-02 07:34 - 00600064 ____A (OldTimer Tools) C:\Users\Janis\Desktop\OTL.exe
2012-10-01 11:25 - 2012-10-01 11:25 - 00108243 ____A C:\Users\Janis\Documents\Unbenannt.wma
2012-10-01 07:01 - 2012-10-01 07:00 - 00342736 ____A C:\Windows\Minidump\100112-23041-01.dmp
2012-09-30 09:12 - 2012-09-30 09:12 - 00001901 ____A C:\Users\Janis\Desktop\PS3Emu.lnk
2012-09-30 09:10 - 2012-09-30 09:07 - 71786357 ____A C:\Users\Janis\Downloads\PS3 emulator WORKING! ps3emu ver. 0.0.0.2 Sony Playstation games ROMs emulation.exe
2012-09-29 12:52 - 2012-09-29 12:54 - 00000229 ____A C:\Users\Janis\Desktop\PSN Codes Generator (1).txt
2012-09-29 12:37 - 2012-09-29 12:37 - 00000073 ____A C:\Users\Janis\Downloads\Rapget.txt
2012-09-26 13:10 - 2012-09-26 12:48 - 00441673 ____A C:\Users\Janis\Desktop\m4xfps logo keks.ai
2012-09-26 10:28 - 2009-07-13 20:33 - 03812128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-23 10:45 - 2012-03-06 04:21 - 00112408 ____A C:\Users\Janis\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-22 01:33 - 2012-09-22 01:32 - 00342592 ____A C:\Windows\Minidump\092212-28142-01.dmp
2012-09-21 12:51 - 2012-04-11 15:57 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 12:51 - 2012-04-11 15:57 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-20 13:01 - 2012-09-20 13:01 - 00112400 ____A C:\Users\Cinema 4D\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 12:59 - 2012-09-20 12:59 - 00000020 __ASH C:\Users\Cinema 4D\ntuser.ini
2012-09-18 12:05 - 2012-09-18 12:05 - 00048463 ____A C:\energyreport.html
2012-09-14 08:31 - 2012-09-14 08:31 - 00003033 ____A C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
2012-09-13 13:03 - 2012-03-06 04:10 - 01616098 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-13 10:55 - 2012-09-13 10:54 - 01553408 ____A (home-hacks.info) C:\Users\Janis\Downloads\FileIce Sharecash Premium Downloader.exe
2012-09-09 08:03 - 2012-09-09 08:03 - 00001272 ____A C:\Users\Janis\praktikum.txt
2012-09-09 04:10 - 2012-09-09 04:05 - 02807665 ____A C:\Users\Janis\Downloads\Skype Recorder incl.patch.rar
2012-09-09 04:02 - 2012-09-09 04:02 - 00000153 ____A C:\Users\Janis\settings.bin
2012-09-09 04:00 - 2012-09-09 03:59 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar
2012-09-08 02:36 - 2012-09-08 02:36 - 08018917 ____A C:\Users\Janis\c scan 1.jdr
2012-09-07 07:56 - 2012-09-07 07:56 - 00001765 ____A C:\Users\Janis\Tunatic.lnk
2012-09-04 00:11 - 2012-09-04 00:13 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-04 00:11 - 2012-03-06 05:59 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-09-04 00:11 - 2012-03-06 05:59 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-02 09:28 - 2012-09-02 09:27 - 00342592 ____A C:\Windows\Minidump\090212-22682-01.dmp
2012-08-28 13:51 - 2012-08-28 13:51 - 00007618 ____A C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
2012-08-28 08:28 - 2012-08-28 08:28 - 00001896 ____A C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
2012-08-28 08:28 - 2012-08-28 08:28 - 00001824 ____A C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
2012-08-24 02:16 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-21 09:41 - 2012-08-20 13:57 - 171380715 ____A C:\Users\Janis\Desktop\music mix.yt.wmv
2012-08-20 05:54 - 2012-08-20 05:54 - 00001254 ____A C:\Users\Janis\Desktop\Führerschein-Trainer 2007.lnk
2012-07-16 07:44 - 2012-07-16 07:44 - 00762368 __ASH (Microsoft Corp.) C:\Users\Janis\Desktop\teamspeak-3.exe
2012-07-16 07:44 - 2012-07-16 07:44 - 00762368 __ASH (Microsoft Corp.) C:\Users\Janis\Desktop\teamspeak 3.exe
2012-07-11 12:12 - 2012-06-28 07:26 - 00000025 ____A C:\Windows\popcinfot.dat
2012-07-11 06:06 - 2012-07-11 06:04 - 00418496 ____A C:\Windows\Minidump\071112-29530-01.dmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-04 13:05:12
Restore point made on: 2012-10-07 10:55:01

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 1013.95 MB
Available physical RAM: 651.9 MB
Total Pagefile: 1013.95 MB
Available Pagefile: 651.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:113.64 GB) (Free:13.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.88 GB) (Free:0.66 GB) FAT32
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 2048 KB
Disk 1 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6149 MB 31 KB
Partition 2 Primary 113 GB 6150 MB
Partition 0 Extended 29 GB 119 GB
Partition 5 Logical 8 GB 119 GB
Partition 6 Logical 1012 MB 128 GB
Partition 3 Logical 18 GB 129 GB
Partition 4 Logical 1013 MB 148 GB

=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 PQSERVICE NTFS Partition 6149 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 113 GB Healthy

=========================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 6
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B

=========================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-10-06 05:56

==================== End Of Log ============================

Zitat:

2012-09-09 03:59 - 2012-09-09 04:00 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar

Wofür mach ich mir eigentlich die ganze Arbeit.....