Wie werde ich den bundestrojaner wieder los

Maggi.l · 07.07.2013, 12:48

Hallo ich bin die Maggi und hab hier ein riiiiieeeesen Problem

Mein Freund kommt heute morgen zu mir und sagt "der Rechner ist kaputt"
Beim hochfahren Kommt de bundestrojaner GVU.
hab mich versucht etwas einzulesen in die thematok weil her ja mit dem ipad surfen kann

ich muss aber irgendwie an den meine dateienda dort mein Unikram drauf ist... was ich schon versucht hatte ist im abgesicherten modus hoch zu fahren da fährt er gleich wieder runter... dann hab ich diesen thread gefunden:
http://www.trojaner-board.de/137071-...-runter-2.html
jetzt bin ich so gekommen, dank der echt guten anleitung!!!!!!!!!, das ich so eine FRST datei erstellt habe innerhalb 1 1/2 Std ( trotzdem stolz auf mich

) jetzt weis ich aber nicht ob ich den nächsten schrit einfach reinkopieren kann oder ob das von pc zu pc verschieden ist.
könnt ihr mir da helfen???

ryder · 07.07.2013, 12:50

Zitat:

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Warum meinst du habe ich das da fett reingeschrieben?

Poste bitte dein FRST Logfile.

Maggi.l · 07.07.2013, 12:50

Ach ja Windows 7 64 bit quakt es von der couch...

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 07-07-2013 13:16:53
Running from K:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe [163840 2008-04-09] (Razer USA Ltd.)
HKLM-x32\...\Run: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray [x]
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" [x]
HKU\Magnus\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Magnus\...\Run: [Steam] "D:\Spiele\steam\steam.exe" -silent [x]
HKU\Magnus\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Magnus\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-03] ()
HKU\Magnus\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Magnus\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-08-26] (AMD)
HKU\Magnus\...\Run: [iDevice Manager Launcher] "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run [139728 2013-01-09] (Marx Softwareentwicklung - www.software4u.de)
HKU\Magnus\...\Run: [Spotify] "C:\Users\Magnus\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4640768 2013-07-07] (Spotify Ltd)
HKU\Magnus\...\Run: [Spotify Web Helper] "C:\Users\Magnus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-07] (Spotify Ltd)
HKU\Magnus\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe [46080 2013-07-07] (NVIDIA Corporation) <===== ATTENTION
HKU\Magnus\...\Policies\system: [LogonHoursAction] 2
HKU\Magnus\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Magnus\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Magnus\...\Command Processor: "C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dual Smart Solution.lnk
ShortcutTarget: Dual Smart Solution.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe (LG Electronics)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg338195.exe.lnk
ShortcutTarget: arg338195.exe.lnk -> C:\Users\Magnus\AppData\Local\Temp\arg338195.exe (No File)
Startup: C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
BootExecute: autocheck autochk /r \??\J:autocheck autochk * 

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-02-05] ()
S2 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-12] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-01-01] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-07-07] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-07-07] (Windows (R) Server 2003 DDK provider)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-01-01] ()
S3 MagicTune; C:\Windows\SysWow64\drivers\MTiCtwl.sys [14208 2008-07-04] (Samsung Electronics, Inc. )
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [115200 2010-10-15] (Razer USA Ltd)
S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-20] (Duplex Secure Ltd.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
S3 cpuz130; \??\C:\Users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 LGDDCDevice; \??\C:\Windows\system32\LGI2CDriver.sys [x]
S3 LGII2CDevice; \??\C:\Windows\system32\LGPII2CDriver.sys [x]
S3 MagicTune; system32\drivers\MTiCtwl.sys [x]
S1 NCPro; \SystemRoot\system32\drivers\MTictwl.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 13:16 - 2013-07-07 13:16 - 00000000 ____D C:\FRST
2013-07-07 11:31 - 2013-07-07 11:31 - 01084706 ____A C:\ProgramData\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084694 ____A C:\Users\Magnus\AppData\Roaming\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084686 ____A C:\Users\Magnus\AppData\Local\2433f433
2013-07-07 11:30 - 2013-07-07 11:30 - 00000000 ____D C:\Windows\Sun
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iPod
2013-06-15 18:25 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 18:25 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 18:25 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 18:25 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 18:25 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 11:37 - 2013-06-15 11:37 - 521521037 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:37 - 2013-06-15 11:37 - 00276232 ____A C:\Windows\Minidump\061513-47954-01.dmp
2013-06-15 11:37 - 2013-06-15 11:37 - 00000000 ____D C:\Windows\Minidump
2013-06-12 17:34 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 17:34 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 17:34 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 17:34 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 17:34 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 17:34 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:00 - 2013-06-12 13:00 - 00000000 ____D C:\Users\Magnus\AppData\Local\My Games
2013-06-12 12:03 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:03 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:03 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:03 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:03 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:03 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:03 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:03 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 12:03 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 12:03 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:03 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:03 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 12:03 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:03 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:02 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:02 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 09:34 - 2013-06-12 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf
2013-06-12 00:37 - 2013-06-12 13:09 - 00000000 ____D C:\Users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-12 00:35 - 2013-06-12 00:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-06-11 23:33 - 2013-06-12 00:22 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\ProgramData\ATI
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

2013-07-07 13:16 - 2013-07-07 13:16 - 00000000 ____D C:\FRST
2013-07-07 11:38 - 2012-10-11 15:23 - 00026938 ____A C:\Windows\setupact.log
2013-07-07 11:38 - 2009-11-14 21:32 - 01757646 ____A C:\Windows\WindowsUpdate.log
2013-07-07 11:38 - 2009-11-14 14:46 - 00000124 ____A C:\service.log
2013-07-07 11:37 - 2013-06-06 18:29 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-07 11:37 - 2009-11-14 15:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-07 11:37 - 2009-11-14 14:45 - 00023080 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-07-07 11:37 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 11:31 - 2013-07-07 11:31 - 01084706 ____A C:\ProgramData\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084694 ____A C:\Users\Magnus\AppData\Roaming\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084686 ____A C:\Users\Magnus\AppData\Local\2433f433
2013-07-07 11:31 - 2010-10-18 13:11 - 00000000 ____D C:\Users\Magnus\AppData\Local\PMB Files
2013-07-07 11:30 - 2013-07-07 11:30 - 00000000 ____D C:\Windows\Sun
2013-07-07 11:27 - 2013-05-23 19:42 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Spotify
2013-07-07 11:27 - 2010-03-13 18:22 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Skype
2013-07-07 11:27 - 2009-07-14 05:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:27 - 2009-07-14 05:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:25 - 2013-04-07 14:33 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Dropbox
2013-07-07 11:25 - 2010-11-14 11:43 - 00000000 ____D C:\ProgramData\MFAData
2013-07-03 23:16 - 2012-04-05 12:13 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 22:29 - 2011-11-01 16:30 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\TS3Client
2013-07-01 14:48 - 2009-11-28 21:43 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-01 14:48 - 2009-11-22 17:27 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-01 14:14 - 2013-05-23 19:42 - 00000000 ____D C:\Users\Magnus\AppData\Local\Spotify
2013-07-01 14:13 - 2012-11-03 15:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-29 21:24 - 2012-12-13 15:54 - 00000000 ____D C:\Users\Magnus\AppData\Local\2D8235ED-C76A-4514-96F7-3CBEBE4B6901.aplzod
2013-06-29 15:11 - 2010-10-18 13:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-28 21:07 - 2009-11-22 17:27 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-28 16:57 - 2013-05-31 19:52 - 00000000 ____D C:\Users\Magnus\Documents\ManiaPlanet
2013-06-28 16:11 - 2013-05-31 19:52 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iPod
2013-06-26 21:40 - 2012-10-11 10:54 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-26 21:40 - 2012-10-11 10:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-26 21:40 - 2012-01-29 17:28 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-25 23:26 - 2010-03-17 20:54 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\vlc
2013-06-16 20:31 - 2009-07-14 18:58 - 00711010 ____A C:\Windows\System32\perfh007.dat
2013-06-16 20:31 - 2009-07-14 18:58 - 00154102 ____A C:\Windows\System32\perfc007.dat
2013-06-16 20:31 - 2009-07-14 06:13 - 01651572 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 11:37 - 2013-06-15 11:37 - 521521037 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:37 - 2013-06-15 11:37 - 00276232 ____A C:\Windows\Minidump\061513-47954-01.dmp
2013-06-15 11:37 - 2013-06-15 11:37 - 00000000 ____D C:\Windows\Minidump
2013-06-14 10:30 - 2013-03-24 14:07 - 00000000 ____D C:\Program Files\SmartTechnology
2013-06-13 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 13:16 - 2012-04-05 12:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 13:16 - 2011-05-30 16:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 17:37 - 2009-11-19 19:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 17:35 - 2009-11-15 22:47 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 13:09 - 2013-06-12 00:37 - 00000000 ____D C:\Users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-12 13:00 - 2013-06-12 13:00 - 00000000 ____D C:\Users\Magnus\AppData\Local\My Games
2013-06-12 09:34 - 2013-06-12 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf
2013-06-12 09:18 - 2009-11-28 21:21 - 00000000 ____D C:\Users\Magnus\AppData\Local\PunkBuster
2013-06-12 00:58 - 2009-11-22 19:17 - 00000000 ____D C:\Users\Magnus\Documents\My Games
2013-06-12 00:35 - 2013-06-12 00:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-06-12 00:35 - 2009-11-22 17:27 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-12 00:34 - 2013-03-12 21:49 - 00053613 ____A C:\Windows\DirectX.log
2013-06-12 00:24 - 2009-11-14 14:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-12 00:22 - 2013-06-11 23:33 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\ProgramData\ATI
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-11 20:27 - 2011-05-07 02:26 - 00000000 ____D C:\ProgramData\AMD
2013-06-11 20:26 - 2009-12-18 19:13 - 00000000 ____D C:\Program Files\ATI Technologies
2013-06-08 15:08 - 2013-06-15 18:25 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-15 18:25 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-15 18:25 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-15 18:25 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-15 18:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-15 18:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-15 18:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-15 18:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-15 18:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-15 18:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-15 18:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-15 18:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\hash.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-12 09:57:40
Restore point made on: 2013-06-12 17:33:55
Restore point made on: 2013-06-14 10:28:52
Restore point made on: 2013-06-15 18:25:10
Restore point made on: 2013-06-16 18:00:31
Restore point made on: 2013-06-23 18:00:40
Restore point made on: 2013-07-01 11:21:15

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4093.49 MB
Available physical RAM: 3419.8 MB
Total Pagefile: 4091.64 MB
Available Pagefile: 3410.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:112.53 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Fixed) (Total:736.1 GB) (Free:131.93 GB) NTFS (Disk=0 Partition=3)
Drive f: (Digital_LG) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive k: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 243C243B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: CB4D1C82)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-24 14:45

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

wow danke schonmal für die schnele antwort und das Sonntags :-)

ryder · 09.07.2013, 13:50

So irgendwie seid ihr mir durch die Lappen gegangen, jetzt gehts weiter:

Fix mit FRST

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\Magnus\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe [46080 2013-07-07] (NVIDIA Corporation) <===== ATTENTION

HKU\Magnus\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Magnus\...\Command Processor: "C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe" <===== ATTENTION!


2013-07-07 11:31 - 2013-07-07 11:31 - 01084706 ____A C:\ProgramData\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084694 ____A C:\Users\Magnus\AppData\Roaming\2433f433
2013-07-07 11:31 - 2013-07-07 11:31 - 01084686 ____A C:\Users\Magnus\AppData\Local\2433f433


C:\ProgramData\hash.dat
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
Starte deinen Rechner erneut in die Reparaturoptionen

Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Wenn du wieder booten kannst, gehts weiter.

Maggi.l · 09.07.2013, 15:33

So hier die fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-09 16:28:44 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Magnus\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe [46080 2013-07-07 => Value not found.
HKU\Magnus\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Magnus\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Magnus\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Magnus\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.

==== End of Fixlog ====

Und der PC startet normal :-D

Ohhhmann während ich die nachricht am laptop schrieb hat sich das GVU Ding wieder geöffnet. hab einen Neustart durchgeführt und ich komme für kurz auf den Desktop abr nach ca. 30 sec kommt die sperre wieder

ryder · 09.07.2013, 15:47

Mach mir bitte nochmal ein neues FRST Log nach Anleitung. Irgendwas muss ich da übersehen haben.

Maggi.l · 09.07.2013, 15:54

hier der neue scan

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 09-07-2013 16:52:07
Running from G:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe [163840 2008-04-09] (Razer USA Ltd.)
HKLM-x32\...\Run: [Razer StarcraftII Driver] C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray [x]
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" [x]
HKU\Magnus\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Magnus\...\Run: [Steam] "D:\Spiele\steam\steam.exe" -silent [x]
HKU\Magnus\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Magnus\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-03] ()
HKU\Magnus\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\Magnus\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Magnus\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-08-26] (AMD)
HKU\Magnus\...\Run: [iDevice Manager Launcher] "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run [139728 2013-01-09] (Marx Softwareentwicklung - www.software4u.de)
HKU\Magnus\...\Run: [Spotify] "C:\Users\Magnus\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4640768 2013-07-07] (Spotify Ltd)
HKU\Magnus\...\Run: [Spotify Web Helper] "C:\Users\Magnus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-07] (Spotify Ltd)
HKU\Magnus\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnus\AppData\Local\Temp\gedeilcewyikxdkyn.exe [46080 2013-07-07] (NVIDIA Corporation) <===== ATTENTION
HKU\Magnus\...\Policies\system: [LogonHoursAction] 2
HKU\Magnus\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dual Smart Solution.lnk
ShortcutTarget: Dual Smart Solution.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe (LG Electronics)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg338195.exe.lnk
ShortcutTarget: arg338195.exe.lnk -> C:\Users\Magnus\AppData\Local\Temp\arg338195.exe (No File)
Startup: C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
BootExecute: autocheck autochk /r \??\J:autocheck autochk * 

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-02-05] ()
S2 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-12] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-01-01] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-07-09] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2013-07-09] (Windows (R) Server 2003 DDK provider)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-01-01] ()
S3 MagicTune; C:\Windows\SysWow64\drivers\MTiCtwl.sys [14208 2008-07-04] (Samsung Electronics, Inc. )
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [115200 2010-10-15] (Razer USA Ltd)
S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-20] (Duplex Secure Ltd.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
S3 cpuz130; \??\C:\Users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 LGDDCDevice; \??\C:\Windows\system32\LGI2CDriver.sys [x]
S3 LGII2CDevice; \??\C:\Windows\system32\LGPII2CDriver.sys [x]
S3 MagicTune; system32\drivers\MTiCtwl.sys [x]
S1 NCPro; \SystemRoot\system32\drivers\MTictwl.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 13:16 - 2013-07-07 13:16 - 00000000 ____D C:\FRST
2013-07-07 11:30 - 2013-07-07 11:30 - 00000000 ____D C:\Windows\Sun
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iPod
2013-06-15 18:25 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 18:25 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 18:25 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 18:25 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 18:25 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 18:25 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 18:25 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 11:37 - 2013-06-15 11:37 - 521521037 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:37 - 2013-06-15 11:37 - 00276232 ____A C:\Windows\Minidump\061513-47954-01.dmp
2013-06-15 11:37 - 2013-06-15 11:37 - 00000000 ____D C:\Windows\Minidump
2013-06-12 17:34 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 17:34 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 17:34 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 17:34 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 17:34 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:34 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 17:34 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 17:34 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:00 - 2013-06-12 13:00 - 00000000 ____D C:\Users\Magnus\AppData\Local\My Games
2013-06-12 12:03 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:03 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:03 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:03 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 12:03 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 12:03 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:03 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 12:03 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 12:03 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 12:03 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 12:03 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:03 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:03 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 12:03 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 12:03 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 12:02 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 12:02 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 09:34 - 2013-06-12 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf
2013-06-12 00:37 - 2013-06-12 13:09 - 00000000 ____D C:\Users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-12 00:35 - 2013-06-12 00:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-06-11 23:33 - 2013-06-12 00:22 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\ProgramData\ATI
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

2013-07-09 15:42 - 2010-10-18 13:11 - 00000000 ____D C:\Users\Magnus\AppData\Local\PMB Files
2013-07-09 15:41 - 2013-06-06 18:29 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-09 15:41 - 2012-10-11 15:23 - 00027106 ____A C:\Windows\setupact.log
2013-07-09 15:41 - 2009-11-14 15:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-09 15:41 - 2009-11-14 14:46 - 00000124 ____A C:\service.log
2013-07-09 15:41 - 2009-11-14 14:45 - 00023080 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-07-09 15:41 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 15:35 - 2009-11-14 21:32 - 01785871 ____A C:\Windows\WindowsUpdate.log
2013-07-09 15:33 - 2013-05-23 19:42 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Spotify
2013-07-09 15:33 - 2010-03-13 18:22 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Skype
2013-07-07 22:17 - 2012-04-05 12:13 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 13:16 - 2013-07-07 13:16 - 00000000 ____D C:\FRST
2013-07-07 11:30 - 2013-07-07 11:30 - 00000000 ____D C:\Windows\Sun
2013-07-07 11:27 - 2009-07-14 05:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:27 - 2009-07-14 05:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:25 - 2013-04-07 14:33 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Dropbox
2013-07-07 11:25 - 2010-11-14 11:43 - 00000000 ____D C:\ProgramData\MFAData
2013-07-02 22:29 - 2011-11-01 16:30 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\TS3Client
2013-07-01 14:48 - 2009-11-28 21:43 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-01 14:48 - 2009-11-22 17:27 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-01 14:14 - 2013-05-23 19:42 - 00000000 ____D C:\Users\Magnus\AppData\Local\Spotify
2013-07-01 14:13 - 2012-11-03 15:24 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-29 21:24 - 2012-12-13 15:54 - 00000000 ____D C:\Users\Magnus\AppData\Local\2D8235ED-C76A-4514-96F7-3CBEBE4B6901.aplzod
2013-06-29 15:11 - 2010-10-18 13:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-28 21:07 - 2009-11-22 17:27 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-28 16:57 - 2013-05-31 19:52 - 00000000 ____D C:\Users\Magnus\Documents\ManiaPlanet
2013-06-28 16:11 - 2013-05-31 19:52 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iTunes
2013-06-28 14:40 - 2013-06-28 14:40 - 00000000 ____D C:\Program Files\iPod
2013-06-26 21:40 - 2012-10-11 10:54 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-26 21:40 - 2012-10-11 10:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-26 21:40 - 2012-01-29 17:28 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-25 23:26 - 2010-03-17 20:54 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\vlc
2013-06-16 20:31 - 2009-07-14 18:58 - 00711010 ____A C:\Windows\System32\perfh007.dat
2013-06-16 20:31 - 2009-07-14 18:58 - 00154102 ____A C:\Windows\System32\perfc007.dat
2013-06-16 20:31 - 2009-07-14 06:13 - 01651572 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 11:37 - 2013-06-15 11:37 - 521521037 ____A C:\Windows\MEMORY.DMP
2013-06-15 11:37 - 2013-06-15 11:37 - 00276232 ____A C:\Windows\Minidump\061513-47954-01.dmp
2013-06-15 11:37 - 2013-06-15 11:37 - 00000000 ____D C:\Windows\Minidump
2013-06-14 10:30 - 2013-03-24 14:07 - 00000000 ____D C:\Program Files\SmartTechnology
2013-06-13 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 13:16 - 2012-04-05 12:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 13:16 - 2011-05-30 16:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 17:37 - 2009-11-19 19:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 17:35 - 2009-11-15 22:47 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 13:09 - 2013-06-12 00:37 - 00000000 ____D C:\Users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-12 13:00 - 2013-06-12 13:00 - 00000000 ____D C:\Users\Magnus\AppData\Local\My Games
2013-06-12 09:34 - 2013-06-12 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SaiK0CCB_01009.Wdf
2013-06-12 09:18 - 2009-11-28 21:21 - 00000000 ____D C:\Users\Magnus\AppData\Local\PunkBuster
2013-06-12 00:58 - 2009-11-22 19:17 - 00000000 ____D C:\Users\Magnus\Documents\My Games
2013-06-12 00:35 - 2013-06-12 00:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-06-12 00:35 - 2009-11-22 17:27 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-12 00:34 - 2013-03-12 21:49 - 00053613 ____A C:\Windows\DirectX.log
2013-06-12 00:24 - 2009-11-14 14:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-12 00:22 - 2013-06-11 23:33 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\ProgramData\ATI
2013-06-11 20:27 - 2013-06-11 20:27 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-06-11 20:27 - 2011-05-07 02:26 - 00000000 ____D C:\ProgramData\AMD
2013-06-11 20:26 - 2009-12-18 19:13 - 00000000 ____D C:\Program Files\ATI Technologies

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-12 09:57:40
Restore point made on: 2013-06-12 17:33:55
Restore point made on: 2013-06-14 10:28:52
Restore point made on: 2013-06-15 18:25:10
Restore point made on: 2013-06-16 18:00:31
Restore point made on: 2013-06-23 18:00:40
Restore point made on: 2013-07-01 11:21:15

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4093.49 MB
Available physical RAM: 3414.63 MB
Total Pagefile: 4091.64 MB
Available Pagefile: 3400.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:112.53 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Fixed) (Total:736.1 GB) (Free:131.93 GB) NTFS (Disk=0 Partition=3)
Drive f: (Digital_LG) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 243C243B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: CB4D1C82)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-24 14:45

==================== End Of Log ============================

--- --- ---

ryder · 09.07.2013, 16:48

So das ist jetzt aber okay, dass wir einen anderen Weg einschlagen können:

Computer mit Combofix entsperren

Warnung: Diese Anleitung ist nur für diesen speziellen Fall gedacht und kann andere Computer evtl. schwer beschädigen. Zudem darf Combofix nur ausgeführt werden, wenn dies von einem erfahrenen Helfer angewiesen wird!

Combofix kopieren
- Lade dir Combofix an einem sauberen Rechner (evtl. Nachbar, Freund, ...) von einem dieser Downloadlinks: Link
- Kopiere die Datei auf deinen USB-Stick (nicht in einen Unterordner!)
Start mit Eingabeaufforderung
- Schliesse den präparierten USB-Stick an den infizierten Rechner an und starte ihn.
- Drücke beim Start einige Male die F8-Taste bis das Bootmenü von Windows erscheint und wähle Abgesicherter Modus mit Eingabeaufforderung.
- Nach einigen Sekunden sollte ein schwarzes Fenster mit dem blinkenden Cursor erscheinen.
Combofix starten
- Tippe explorer (Enter)
- Finde den USB-Stick und starte Combofix mit einem Doppelklick.
- Sollte es versuchen die Wiederherstellungskonsole zu installieren, dann lasse dies zu.
- Übergehe alle anderen Warnungen mit OK.
Logfile posten
- Es könnte eine Warnung erscheinen, ob du wieder den abgesicherten Modus ausführen willst. Klicke dann JA.
- Entweder wird ein Editor angezeigt oder das Logfile befindet sich hier: c:\combofix.txt
- Poste mir dieses Logfile in CODE-Tags (#-Symbol im Forumseditor anklicken - Anleitung)
- Sollte ein Fehler kommen, dass ein Registrierungsschlüssel einem ungültigem Vorgang unterzogen wurde, dann starte den Rechner neu. Das behebt das Problem.

Maggi.l · 09.07.2013, 17:08

So jetzt hat er diese combofix.txt erstellt:

Code:

ATTFilter

ComboFix 13-07-09.01 - Magnus 09.07.2013  17:57:11.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4093.2716 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Magnus\4.0
c:\users\Magnus\AppData\Roaming\inst.exe
c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg338195.exe.lnk
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 16:03 . 2013-07-09 16:03	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-07-09 16:03 . 2013-07-09 16:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-07 12:16 . 2013-07-07 12:16	--------	d-----w-	C:\FRST
2013-07-07 10:30 . 2013-07-07 10:30	--------	d-----w-	c:\windows\Sun
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\program files\iPod
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\program files\iTunes
2013-06-12 12:00 . 2013-06-12 12:00	--------	d-----w-	c:\users\Magnus\AppData\Local\My Games
2013-06-12 11:02 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 11:02 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-11 23:37 . 2013-06-12 12:09	--------	d-----w-	c:\users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-11 23:35 . 2013-06-11 23:35	--------	d-----w-	c:\program files (x86)\Ubisoft
2013-06-11 22:33 . 2013-06-11 23:22	--------	d-----w-	c:\users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 19:27 . 2013-06-11 19:27	--------	d-----w-	c:\programdata\ATI
2013-06-11 19:27 . 2013-06-11 19:27	--------	d-----w-	c:\program files (x86)\AMD AVT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 14:41 . 2009-11-14 13:45	23080	----a-w-	c:\windows\gdrv.sys
2013-07-01 13:48 . 2009-11-28 20:43	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-07-01 13:48 . 2009-11-22 16:27	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-28 20:07 . 2009-11-22 16:27	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-06-26 20:40 . 2012-10-11 09:54	45856	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-06-13 12:16 . 2012-04-05 11:13	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 12:16 . 2011-05-30 15:30	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:35 . 2009-11-15 21:47	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 23:35 . 2009-11-22 16:27	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-05-08 14:23 . 2013-05-08 14:23	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-08 14:23 . 2013-05-08 14:23	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-08 14:23 . 2013-05-08 14:23	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-08 14:23 . 2013-05-08 14:23	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-08 14:23 . 2013-05-08 14:23	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-08 14:23 . 2013-05-08 14:23	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-08 14:23 . 2013-05-08 14:23	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-08 14:23 . 2013-05-08 14:23	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-08 14:23 . 2013-05-08 14:23	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-08 14:23 . 2013-05-08 14:23	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-08 14:23 . 2013-05-08 14:23	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-08 14:23 . 2013-05-08 14:23	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-08 14:23 . 2013-05-08 14:23	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-08 14:23 . 2013-05-08 14:23	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-08 14:23 . 2013-05-08 14:23	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-08 14:23 . 2013-05-08 14:23	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-08 14:23 . 2013-05-08 14:23	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-08 14:23 . 2013-05-08 14:23	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-08 14:23 . 2013-05-08 14:23	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-08 14:23 . 2013-05-08 14:23	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-08 14:23 . 2013-05-08 14:23	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-08 14:23 . 2013-05-08 14:23	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-08 14:23 . 2013-05-08 14:23	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-08 14:23 . 2013-05-08 14:23	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-08 14:23 . 2013-05-08 14:23	441856	----a-w-	c:\windows\system32\html.iec
2013-05-08 14:23 . 2013-05-08 14:23	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-08 14:23 . 2013-05-08 14:23	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-08 14:23 . 2013-05-08 14:23	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-08 14:23 . 2013-05-08 14:23	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-08 14:23 . 2013-05-08 14:23	235008	----a-w-	c:\windows\system32\url.dll
2013-05-08 14:23 . 2013-05-08 14:23	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-08 14:23 . 2013-05-08 14:23	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-08 14:23 . 2013-05-08 14:23	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-08 14:23 . 2013-05-08 14:23	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-08 14:23 . 2013-05-08 14:23	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-08 14:23 . 2013-05-08 14:23	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-08 14:23 . 2013-05-08 14:23	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-08 14:23 . 2013-05-08 14:23	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-08 14:23 . 2013-05-08 14:23	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-08 14:23 . 2013-05-08 14:23	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-08 14:23 . 2013-05-08 14:23	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-08 14:23 . 2013-05-08 14:23	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-08 14:23 . 2013-05-08 14:23	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-08 14:23 . 2013-05-08 14:23	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-08 14:23 . 2013-05-08 14:23	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-08 14:23 . 2013-05-08 14:23	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-08 14:23 . 2013-05-08 14:23	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-08 14:23 . 2013-05-08 14:23	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-08 14:23 . 2013-05-08 14:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 09:55 . 2013-04-30 09:55	52640	----a-w-	c:\windows\system32\drivers\SaiBus.sys
2013-04-30 09:55 . 2013-04-30 09:55	25120	----a-w-	c:\windows\system32\drivers\SaiMini.sys
2013-04-13 05:49 . 2013-05-16 15:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 15:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 15:42	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 15:42	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 15:42	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 15:42	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:14	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-26 20:40	3055280	----a-w-	c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-26 3055280]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="d:\spiele\steam\steam.exe" [2013-06-06 1641896]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-03 3077528]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-26 380928]
"iDevice Manager Launcher"="c:\program files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" [2013-01-09 139728]
"Spotify"="c:\users\Magnus\AppData\Roaming\Spotify\Spotify.exe" [2013-07-07 4640768]
"Spotify Web Helper"="c:\users\Magnus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-07 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2008-04-09 163840]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dual Smart Solution.lnk - c:\program files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe -startup [2013-5-28 1122304]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="d:\itunes\iTunesHelper.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"CTxfiHlp"=CTXFIHLP.EXE
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz130;cpuz130;c:\users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys;c:\windows\SYSNATIVE\LGI2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys;c:\windows\SYSNATIVE\LGPII2CDriver.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CCB.sys [x]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCB.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys;c:\windows\SYSNATIVE\drivers\JmtFltr.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-23 16:18	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:16]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-27 13:09]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-27 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.lovefilm.de/account/selection.html
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\
FF - prefs.js: browser.startup.homepage - file:///D:/internetstartseite%20front%20page/startseite.htm
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={4A85119A-7134-4589-A4EE-52718BD0C6C3}&mid=3ebd22f74d62ef73adad5bedbeb03392-d92e403dac96fe6dabbb92bb7d71ded6e2cc6155&lang=de&ds=AVG&pr=fr&d=2012-10-11 11:54&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=
FF - ExtSQL: !HIDDEN! 2009-12-21 18:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}\Netzmanager1.071.0301_120720a.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
   68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,00,6f,90,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-1589002175-3126189201-2207040911-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:22,02,b7,54,f2,de,13,35,43,aa,b3,03,bb,4f,8b,85,90,75,37,5f,12,90,58,
   fd,c4,a8,80,8f,1e,e1,e1,cc,cc,a7,96,e3,8f,a9,6d,c6,36,ab,6b,19,ae,d6,7a,35,\
"??"=hex:87,a5,0b,4e,13,45,9d,81,ff,33,fe,1b,38,b7,26,c5
.
[HKEY_USERS\S-1-5-21-1589002175-3126189201-2207040911-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,8a,12,0a,f6,34,1b,a3,c1,78,be,32,a3,c7,cb,1b,9a,03,3e,2a,fa,
   59,aa,27,c2,d4,64,fd,ca,19,83,4a,07,be,fe,32,01,28,54,64,68,10,c0,04,4a,f4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09  18:04:47
ComboFix-quarantined-files.txt  2013-07-09 16:04
.
Vor Suchlauf: 11 Verzeichnis(se), 121.826.160.640 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 124.000.825.344 Bytes frei
.
- - End Of File - - C9E3DCC9A57AB06B49B181492370B30E
A36C5E4F47E84449FF07ED3517B43A31

ryder · 09.07.2013, 17:44

Jetzt solltest du aber wieder normal booten können.

Maggi.l · 09.07.2013, 17:53

ja bis jetzt sieht alles super aus

kann ich wieder online gehen mit dem pc?
hab das kabel abgemacht

ryder · 09.07.2013, 17:55

Ja Kabel dran und dann:

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstalliere Lavasoft Antivirus. Ein Scanner ist mehr als genug.

Schritt 2:
Deinstallation von Programmen

Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren

Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren

ggf. Neustart zulassen

Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.

Schritt 3:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4:
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Maggi.l · 09.07.2013, 18:10

hier der adwcleaner test:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 09/07/2013 um 19:03:37 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Magnus - PLAYGROUND
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Magnus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Magnus\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Ordner Gelöscht : C:\Users\Magnus\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Magnus\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Magnus\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\adawaretb
Ordner Gelöscht : C:\Users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\jetpack
Ordner Gelöscht : C:\Users\Magnus\AppData\Roaming\software4u

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={4A85119A-7134-4589-A4EE-52718BD0C6C3}&mid=3ebd22f74d62ef73adad5bedbeb03392-d92e403dac96fe6dabbb92bb7d71ded6e2cc6155&lang=de&ds=AVG&pr=fr&d=2012-01-29 17:28:32&v=9.0.0.23&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\prefs.js

Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={4A85119A-7134-4589-A4EE-52718BD0C6C3}&m[...]

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Magnus\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [9669 octets] - [09/07/2013 19:03:37]

########## EOF - C:\AdwCleaner[S1].txt - [9729 octets] ##########

ryder · 09.07.2013, 18:17

Prima ... und warum schreibe ich dir das hier?

Zitat:

(Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Maggi.l · 09.07.2013, 18:31

Sorry bin so aufgeregt das alles wieder zu funktionieren scheint

Hier der combofix bericht:

Code:

ATTFilter

ComboFix 13-07-09.01 - Magnus 09.07.2013  19:17:41.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4093.2264 [GMT 2:00]
ausgeführt von:: K:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 17:26 . 2013-07-09 17:26	--------	d-----w-	c:\users\Schatzi\AppData\Local\temp
2013-07-09 17:26 . 2013-07-09 17:26	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-07-09 17:26 . 2013-07-09 17:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-07 12:16 . 2013-07-07 12:16	--------	d-----w-	C:\FRST
2013-07-07 10:30 . 2013-07-07 10:30	--------	d-----w-	c:\windows\Sun
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\program files\iPod
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-28 13:40 . 2013-06-28 13:40	--------	d-----w-	c:\program files\iTunes
2013-06-12 12:00 . 2013-06-12 12:00	--------	d-----w-	c:\users\Magnus\AppData\Local\My Games
2013-06-12 11:02 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 11:02 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-11 23:37 . 2013-06-12 12:09	--------	d-----w-	c:\users\Magnus\AppData\Local\Ubisoft Game Launcher
2013-06-11 23:35 . 2013-06-11 23:35	--------	d-----w-	c:\program files (x86)\Ubisoft
2013-06-11 22:33 . 2013-06-11 23:22	--------	d-----w-	c:\users\Magnus\AppData\Roaming\GetRightToGo
2013-06-11 19:27 . 2013-06-11 19:27	--------	d-----w-	c:\programdata\ATI
2013-06-11 19:27 . 2013-06-11 19:27	--------	d-----w-	c:\program files (x86)\AMD AVT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 17:05 . 2009-11-14 13:45	23080	----a-w-	c:\windows\gdrv.sys
2013-07-01 13:48 . 2009-11-28 20:43	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-07-01 13:48 . 2009-11-22 16:27	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-28 20:07 . 2009-11-22 16:27	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-06-26 20:40 . 2012-10-11 09:54	45856	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-06-13 12:16 . 2012-04-05 11:13	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 12:16 . 2011-05-30 15:30	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:35 . 2009-11-15 21:47	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 23:35 . 2009-11-22 16:27	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-05-08 14:23 . 2013-05-08 14:23	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-08 14:23 . 2013-05-08 14:23	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-08 14:23 . 2013-05-08 14:23	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-08 14:23 . 2013-05-08 14:23	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-08 14:23 . 2013-05-08 14:23	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-08 14:23 . 2013-05-08 14:23	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-08 14:23 . 2013-05-08 14:23	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-08 14:23 . 2013-05-08 14:23	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-08 14:23 . 2013-05-08 14:23	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-08 14:23 . 2013-05-08 14:23	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-08 14:23 . 2013-05-08 14:23	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-08 14:23 . 2013-05-08 14:23	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-08 14:23 . 2013-05-08 14:23	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-08 14:23 . 2013-05-08 14:23	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-08 14:23 . 2013-05-08 14:23	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-08 14:23 . 2013-05-08 14:23	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-08 14:23 . 2013-05-08 14:23	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-08 14:23 . 2013-05-08 14:23	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-08 14:23 . 2013-05-08 14:23	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-08 14:23 . 2013-05-08 14:23	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-08 14:23 . 2013-05-08 14:23	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-08 14:23 . 2013-05-08 14:23	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-08 14:23 . 2013-05-08 14:23	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-08 14:23 . 2013-05-08 14:23	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-08 14:23 . 2013-05-08 14:23	441856	----a-w-	c:\windows\system32\html.iec
2013-05-08 14:23 . 2013-05-08 14:23	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-08 14:23 . 2013-05-08 14:23	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-08 14:23 . 2013-05-08 14:23	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-08 14:23 . 2013-05-08 14:23	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-08 14:23 . 2013-05-08 14:23	235008	----a-w-	c:\windows\system32\url.dll
2013-05-08 14:23 . 2013-05-08 14:23	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-08 14:23 . 2013-05-08 14:23	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-08 14:23 . 2013-05-08 14:23	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-08 14:23 . 2013-05-08 14:23	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-08 14:23 . 2013-05-08 14:23	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-08 14:23 . 2013-05-08 14:23	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-08 14:23 . 2013-05-08 14:23	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-08 14:23 . 2013-05-08 14:23	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-08 14:23 . 2013-05-08 14:23	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-08 14:23 . 2013-05-08 14:23	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-08 14:23 . 2013-05-08 14:23	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-08 14:23 . 2013-05-08 14:23	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-08 14:23 . 2013-05-08 14:23	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-08 14:23 . 2013-05-08 14:23	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-08 14:23 . 2013-05-08 14:23	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-08 14:23 . 2013-05-08 14:23	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-08 14:23 . 2013-05-08 14:23	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-08 14:23 . 2013-05-08 14:23	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-08 14:23 . 2013-05-08 14:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 09:55 . 2013-04-30 09:55	52640	----a-w-	c:\windows\system32\drivers\SaiBus.sys
2013-04-30 09:55 . 2013-04-30 09:55	25120	----a-w-	c:\windows\system32\drivers\SaiMini.sys
2013-04-13 05:49 . 2013-05-16 15:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 15:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 15:42	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 15:42	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 15:42	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 15:42	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:14	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\spiele\steam\steam.exe" [2013-06-06 1641896]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-03 3077528]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-26 380928]
"Spotify"="c:\users\Magnus\AppData\Roaming\Spotify\Spotify.exe" [2013-07-07 4640768]
"Spotify Web Helper"="c:\users\Magnus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-07 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer StarcraftII Driver"="c:\program files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2008-04-09 163840]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dual Smart Solution.lnk - c:\program files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe -startup [2013-5-28 1122304]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="d:\itunes\iTunesHelper.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"CTxfiHlp"=CTXFIHLP.EXE
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 cpuz130;cpuz130;c:\users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Magnus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys;c:\windows\SYSNATIVE\LGI2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys;c:\windows\SYSNATIVE\LGPII2CDriver.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CCB.sys [x]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCB.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys;c:\windows\SYSNATIVE\drivers\JmtFltr.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-23 16:18	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:16]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-27 13:09]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-27 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	----a-w-	c:\users\Magnus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.lovefilm.de/account/selection.html
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\omzutri5.default\
FF - prefs.js: browser.startup.homepage - file:///D:/internetstartseite%20front%20page/startseite.htm
FF - ExtSQL: !HIDDEN! 2009-12-21 18:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iDevice Manager Launcher - c:\program files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-FE5AE7DC-7B01-4263-A94C-B4526C276550_is1 - c:\program files (x86)\Software4u\iDevice Manager\unins000.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}\Netzmanager1.071.0301_120720a.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
   68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,00,6f,90,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-1589002175-3126189201-2207040911-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:22,02,b7,54,f2,de,13,35,43,aa,b3,03,bb,4f,8b,85,90,75,37,5f,12,90,58,
   fd,c4,a8,80,8f,1e,e1,e1,cc,cc,a7,96,e3,8f,a9,6d,c6,36,ab,6b,19,ae,d6,7a,35,\
"??"=hex:87,a5,0b,4e,13,45,9d,81,ff,33,fe,1b,38,b7,26,c5
.
[HKEY_USERS\S-1-5-21-1589002175-3126189201-2207040911-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,8a,12,0a,f6,34,1b,a3,c1,78,be,32,a3,c7,cb,1b,9a,03,3e,2a,fa,
   59,aa,27,c2,d4,64,fd,ca,19,83,4a,07,be,fe,32,01,28,54,64,68,10,c0,04,4a,f4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09  19:29:01
ComboFix-quarantined-files.txt  2013-07-09 17:29
ComboFix2.txt  2013-07-09 16:04
.
Vor Suchlauf: 16 Verzeichnis(se), 127.163.101.184 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 126.842.990.592 Bytes frei
.
- - End Of File - - 9E781B5C4766DE9A0433755B6DD5B1DD
A36C5E4F47E84449FF07ED3517B43A31

09.07.2013, 15:47	#6
ryder /// TB-Ausbilder	Wie werde ich den bundestrojaner wieder los Mach mir bitte nochmal ein neues FRST Log nach Anleitung. Irgendwas muss ich da übersehen haben. __________________ --> Wie werde ich den bundestrojaner wieder los

09.07.2013, 17:44	#10
ryder /// TB-Ausbilder	Wie werde ich den bundestrojaner wieder los Jetzt solltest du aber wieder normal booten können. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Wie werde ich den bundestrojaner wieder los

Plagegeister aller Art und deren Bekämpfung: Wie werde ich den bundestrojaner wieder los