Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Viren auf dem Pc :( was soll ich tun ....kann mit der anleitung leider nix anfangen (https://www.trojaner-board.de/120311-viren-pc-tun-anleitung-leider-nix-anfangen.html)

Goaner222 24.07.2012 21:24
Viren auf dem Pc :( was soll ich tun ....kann mit der anleitung leider nix anfangen
 
Habe seit einiger zeit ein oder mehre viren ich bin total ungebildet in diesem bereich kann mir vieleicht irgendjemand helfen ....kann auch leider nix mit anleitung anfangen weil ich fachchineseisch nich kapiere.....ich bedanke mich schon mal für die antworten

t'john 25.07.2012 05:44
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Goaner222 25.07.2012 11:10
Hi t'john habe den scan durchgefürt alleerdings hat er nix gefunden kann das darn liegen das ich das gestern schonmal gemacht hab und auf löschen gegangen bin ?? hab natürlich die log nich gespeichert :( und hab jetz nur diese der virus kann doch jetz nich weg sein oder? antivir zeig nemlich immer noch irgendwelche gefährdeten datein an.....Hilfe und nochmals danke für deine hilfe :dankeschoen:


Log von maleware :

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Goaner :: GOANER-PC [Administrator]

Schutz: Aktiviert

25.07.2012 09:23:58
mbam-log-2012-07-25 (09-23-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344204
Laufzeit: 2 Stunde(n), 20 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


hab auch otl durch laufen lassen das ist Otl.txt .
OTL Logfile:
Code:
OTL logfile created on: 25.07.2012 11:52:37 - Run 2
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Goaner\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,23% Memory free
6,19 Gb Paging File | 4,35 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 218,37 Gb Free Space | 46,88% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GOANER-PC | User Name: Goaner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Goaner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
PRC - C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Preventon Technologies Limited)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_343eee16\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_343eee16\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Goaner\AppData\Roaming\13001.028\components\AcroFF028.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\568ac5982782aafb59e487520c1fe4ec\MenuSkinning.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\8b30e542b97b6c28d3e68a7654bf731c\VistaBridgeLibrary.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\e2377d138321b36dcaa6a049d9410b93\DellDock.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\65d60740fcd93c2e4d1fdc41362391bf\MyDock.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Windows\System32\APOMngr.dll ()
MOD - C:\Windows\System32\CmdRtr.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Labs Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (wlidsvc) -- c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (nicconfigsvc) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_343eee16\stacsv.exe (IDT, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_343eee16\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found
DRV - (aeufyrk6) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=HP_ss&mntrId=869b74d9000000000000001f3ad630f5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=869b74d9000000000000001f3ad630f5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=HP_ss&mntrId=869b74d9000000000000001f3ad630f5"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=KW_ss&mntrId=869b74d9000000000000001f3ad630f5&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012.05.19 11:53:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 16:15:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Goaner\AppData\Roaming\13001.028 [2012.07.21 13:02:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 16:15:08 | 000,000,000 | ---D | M]
 
[2012.03.23 00:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goaner\AppData\Roaming\mozilla\Extensions
[2012.05.13 16:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions
[2012.05.13 11:32:02 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com
[2012.04.28 11:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.21 13:02:25 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GOANER\APPDATA\ROAMING\13001.028
[2012.06.16 16:15:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.28 11:32:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.13 11:31:58 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.28 11:32:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.28 11:32:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.28 11:32:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.28 11:32:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.28 11:32:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Goaner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD76C60-73CF-4A6B-8F85-25D2A06C8038}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goaner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goaner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.25 16:23:25 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.06.26 22:32:47 | 000,000,076 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\Shell - "" = AutoRun
O33 - MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2012.05.25 16:23:26 | 000,562,592 | R--- | M] (Warner Bros. Interactive Entertainment)
O33 - MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2012.06.26 22:32:47 | 001,944,532 | R--- | M] (2K Games                                                    )
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 09:23:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.24 15:22:35 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Malwarebytes
[2012.07.24 15:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 15:22:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.24 15:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.24 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Uqivyr
[2012.07.24 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Goumf
[2012.07.24 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Baaveg
[2012.07.23 08:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.07.22 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\UAs
[2012.07.21 13:02:25 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.028
[2012.07.18 15:42:23 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.027
[2012.07.17 17:27:51 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.026
[2012.07.14 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.025
[2012.07.14 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Help
[2012.07.14 14:22:42 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Dropbox
[2012.07.14 14:22:40 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\TeamViewer
[2012.07.13 23:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2012.07.13 21:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012.07.13 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Fighters
[2012.07.13 21:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.07.13 21:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Toolkit Suite
[2012.07.13 21:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2012.07.13 21:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.07.13 21:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012.07.13 17:15:00 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.024
[2012.07.13 13:29:29 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.023
[2012.07.11 15:50:38 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.022
[2012.07.10 14:42:44 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.021
[2012.07.09 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.020
[2012.07.08 13:54:02 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.019
[2012.07.07 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.018
[2012.07.07 00:15:15 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.017
[2012.07.06 14:34:48 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.016
[2012.07.06 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\xmldm
[2012.07.06 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\kock
[2012.07.04 18:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Angeln 2011
[2012.07.04 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Goaner\Sportangeln 2012 Suedeuropa
[2012.07.04 17:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sportangeln 2012 Suedeuropa
[2012.06.29 15:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2012.06.29 15:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2012.06.25 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Warner Bros. Interactive Entertainment
[2012.06.25 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\Warner Bros. Interactive Entertainment
[1 C:\Users\Goaner\AppData\Roaming\*.tmp files -> C:\Users\Goaner\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 11:52:05 | 001,835,008 | -HS- | M] () -- C:\Users\Goaner\NTUSER.DAT
[2012.07.25 11:19:51 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:19:51 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 09:23:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.25 09:20:08 | 000,253,090 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.25 09:20:06 | 000,253,090 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.25 09:19:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.07.25 09:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 09:19:34 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 22:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\Goaner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.07.24 22:53:26 | 000,065,536 | -HS- | M] () -- C:\Users\Goaner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.07.24 22:53:24 | 003,672,369 | -H-- | M] () -- C:\Users\Goaner\AppData\Local\IconCache.db
[2012.07.24 22:31:14 | 000,001,638 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.24 21:00:00 | 000,000,034 | ---- | M] () -- C:\Users\Goaner\AppData\Roaming\blckdom.res
[2012.07.24 19:05:14 | 000,268,944 | ---- | M] () -- C:\Users\Goaner\AppData\Roaming\AcroIEHelpe174.dll
[2012.07.24 19:05:14 | 000,006,400 | ---- | M] () -- C:\Users\Goaner\AppData\Roaming\BAcroIEHelpe174.dll
[2012.07.24 15:22:26 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 12:24:56 | 000,164,864 | ---- | M] () -- C:\Users\Goaner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.23 18:13:35 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.07.23 18:13:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.23 18:13:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.23 18:13:35 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.23 18:13:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.23 18:09:04 | 000,006,400 | ---- | M] () -- C:\Users\Goaner\AppData\Roaming\BAcroIEHelpe173.dll
[2012.07.23 08:00:34 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012.07.18 16:59:12 | 000,000,608 | ---- | M] () -- C:\Users\Goaner\Documents\Landwirtschafts simulator trans2.rtf
[2012.07.18 16:58:32 | 000,000,615 | ---- | M] () -- C:\Users\Goaner\Documents\Landwirtschafts simulator Trans.rtf
[2012.07.18 16:57:21 | 000,000,648 | ---- | M] () -- C:\Users\Goaner\Documents\Die Sims 3 Trans.rtf
[2012.07.13 21:58:42 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.07.12 20:08:02 | 000,000,019 | ---- | M] () -- C:\Users\Goaner\AppData\Roaming\urhtps.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 09:58:05 | 000,000,680 | ---- | M] () -- C:\Users\Goaner\AppData\Local\d3d9caps.dat
[2012.06.25 12:44:58 | 000,010,264 | ---- | M] () -- C:\Windows\System32\drivers\avfsfilter.sys
[1 C:\Users\Goaner\AppData\Roaming\*.tmp files -> C:\Users\Goaner\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 19:05:14 | 000,268,944 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\AcroIEHelpe174.dll
[2012.07.24 19:05:14 | 000,006,400 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\BAcroIEHelpe174.dll
[2012.07.24 15:22:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 18:09:04 | 000,006,400 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\BAcroIEHelpe173.dll
[2012.07.23 08:00:34 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012.07.22 05:06:38 | 000,000,034 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\blckdom.res
[2012.07.18 16:59:12 | 000,000,608 | ---- | C] () -- C:\Users\Goaner\Documents\Landwirtschafts simulator trans2.rtf
[2012.07.18 16:58:32 | 000,000,615 | ---- | C] () -- C:\Users\Goaner\Documents\Landwirtschafts simulator Trans.rtf
[2012.07.18 16:57:21 | 000,000,648 | ---- | C] () -- C:\Users\Goaner\Documents\Die Sims 3 Trans.rtf
[2012.07.13 21:58:42 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.07.12 18:45:41 | 000,000,019 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\urhtps.dat
[2012.06.25 12:44:58 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2012.05.19 11:53:23 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012.05.17 18:17:32 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2012.05.17 18:17:32 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2012.05.17 18:17:32 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2012.05.13 22:44:24 | 000,253,090 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.05.13 22:44:21 | 000,253,090 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.03.24 15:40:00 | 003,672,369 | -H-- | C] () -- C:\Users\Goaner\AppData\Local\IconCache.db
[2012.03.24 14:22:05 | 000,443,448 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2012.03.23 19:43:43 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.23 19:43:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.03.23 17:14:02 | 000,067,142 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\nvModes.001
[2012.03.23 17:14:01 | 000,067,142 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\nvModes.dat
[2012.03.23 07:30:17 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.03.23 07:30:17 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.03.23 07:30:17 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.03.23 07:30:17 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.03.23 01:02:13 | 000,164,864 | ---- | C] () -- C:\Users\Goaner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.22 23:10:56 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2012.03.22 23:10:54 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2012.03.22 23:07:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012.03.22 23:04:39 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2012.03.22 22:46:30 | 000,049,168 | ---- | C] () -- C:\Users\Goaner\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.03.22 22:45:57 | 000,000,680 | ---- | C] () -- C:\Users\Goaner\AppData\Local\d3d9caps.dat
[2012.03.22 22:45:56 | 000,000,020 | -HS- | C] () -- C:\Users\Goaner\ntuser.ini
[2012.03.22 22:45:55 | 000,524,288 | -HS- | C] () -- C:\Users\Goaner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.03.22 22:45:54 | 001,835,008 | -HS- | C] () -- C:\Users\Goaner\NTUSER.DAT
[2012.03.22 22:45:54 | 000,524,288 | -HS- | C] () -- C:\Users\Goaner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.03.22 22:45:54 | 000,065,536 | -HS- | C] () -- C:\Users\Goaner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.03.22 22:38:13 | 000,001,638 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.07.06 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.016
[2012.07.07 00:15:15 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.017
[2012.07.07 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.018
[2012.07.08 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.019
[2012.07.09 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.020
[2012.07.10 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.021
[2012.07.14 02:05:40 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.022
[2012.07.13 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.023
[2012.07.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.024
[2012.07.14 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.025
[2012.07.17 17:27:51 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.026
[2012.07.18 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.027
[2012.07.21 13:02:25 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\13001.028
[2012.05.13 16:51:20 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Atari
[2012.07.24 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Baaveg
[2012.05.13 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Babylon
[2012.05.13 11:32:26 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\BabylonToolbar
[2012.06.16 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\DAEMON Tools Pro
[2012.05.17 17:26:38 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\DarknessII
[2012.07.14 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Dropbox
[2012.07.13 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Fighters
[2012.07.24 15:00:20 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Goumf
[2012.07.06 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\kock
[2012.03.30 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Origin
[2012.05.08 17:47:48 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\ProtectDISC
[2012.07.14 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\TeamViewer
[2012.06.15 14:33:04 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\TuneUp Software
[2012.07.22 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\UAs
[2012.07.24 21:34:28 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Uqivyr
[2012.05.31 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\VDownloader
[2012.06.25 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Warner Bros. Interactive Entertainment
[2012.07.22 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\xmldm
[2012.07.24 22:53:28 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
und hir die zweite ......:



.07.2012 11:53:02 - Run 2
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Goaner\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,23% Memory free
6,19 Gb Paging File | 4,35 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 218,37 Gb Free Space | 46,88% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GOANER-PC | User Name: Goaner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B885231-4716-4F8D-BFA4-AE115569A79F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0F9641B1-03C0-406F-9A27-B54EA396390F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1327D97A-0EED-44EC-A9E9-46EA45E26B1F}" = rport=445 | protocol=6 | dir=out | app=system |
"{143D4F68-79E6-4B61-8C38-FDFA148181DE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{15ED9671-92F7-4897-B9C1-6453831A643D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{199558CD-A440-413E-911D-EE6FBB9E17F0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{202EE8F3-0CA7-4A05-A091-00E5BB1C667F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2083F4C6-B506-4EE7-94E5-13358A0C3F25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{229531C6-DB71-4670-AFE3-9C93F2885092}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31E3923F-7AC7-4B86-8F40-65199FBEADB2}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3636D90A-F832-46E1-BDF4-9FB36371CE11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{38620880-6815-4846-88FA-B4A291EBC560}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45A0D80B-28E0-4C3C-841D-E805A84C3E3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48024C32-D85D-4D2F-A0CF-B3907B6F3365}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4960BCDE-546B-4B8C-8B30-3975F4DF13A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{523CFA17-5ACB-4F16-837B-141ACEFB4D54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56D6296D-2E16-4053-B168-40BF89FDDC6C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{638DF0BF-4268-4666-BEE5-2E5DB2D81AF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64B4FCB8-B4F0-4C6A-9CF9-F8AB5FA881FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BF2EA70-0364-4753-8399-32DDA8BDBD4C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{750DC5CA-EB29-4962-8A9C-A2558FCA4BCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C2D482C-FC82-4B80-95A1-06CA45C41833}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D5A5ADB-DFCC-4078-A772-9EC305CCBF8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B11AD6C-3EE4-44BD-B065-BD4F857678A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9426BF1C-2284-40A8-AC19-2C841508A41B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CB7A4AA-10A3-43CC-AB42-C273EFC3C9C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3919E98-9AA0-4520-B904-078CD70A358E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A60D7B52-5CDC-42EB-A00D-06994956A309}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A7F2ABAB-A71F-4769-8644-3B865BFBCF52}" = lport=137 | protocol=17 | dir=in | app=system |
"{A907530B-5975-44B4-8867-713ECB23E942}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAC78F30-DFA2-4119-829C-A8131E987923}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3C01C5C-D0B5-4CCA-8180-33E1F7143FA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{C63B824A-78ED-41BD-9065-79553C271C73}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CE6B5FF8-89CC-4581-BFAD-E783F779A336}" = lport=138 | protocol=17 | dir=in | app=system |
"{D81E34B3-6A8C-41DB-9AB6-318B716FD214}" = lport=139 | protocol=6 | dir=in | app=system |
"{E38D2DDF-A42E-44D0-874E-2FEA8CAAF047}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EBCF5466-C8E5-4DD1-9747-02B6DA379AE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE2FCE48-F441-4770-A67E-32F2CC9437BD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F0377976-9ADC-4AAF-B95B-1BC550CC5A59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F118DCA8-5A45-4711-96F6-931ABF18263A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F757AEF7-0774-4E4B-866F-A881947BD286}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D21FF5-561C-486F-AAA6-415BD4808AE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15AAE970-A988-4E7D-9BA9-E4928B6E16B0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1A8F2ECA-412A-49E5-A83E-E26E7112D0AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25F9C0BA-7E1D-44CD-9455-94339F995309}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{26C4FCDC-6D95-4C65-AD37-02C0AB06A7B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27C167E4-CEB7-4B21-B8B6-BBA1FABC8CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B69BD4E-2A95-48F0-B789-822D6DEC8832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36B33B61-55E6-4899-97BA-ABB44854E627}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{40794FE7-CF90-445F-9390-CEA3A96D6B21}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40CBA5F5-270D-44EF-964A-9298C78EDD90}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{417CA855-1A9B-45C6-9424-A97FA86E6671}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{46CC62A6-26E5-427C-B604-FF7564941776}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4AFC5163-7846-4B71-9FAC-B0F3B2E97704}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5F9468D0-D7C9-4ED4-8DBB-8367F8A5A01A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{62C003A5-9CC1-4628-AE09-BB7D521B7C5B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{660820FA-8F17-422E-A817-F44875237FB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FD0EE31-045A-4A12-ACBB-7DB03B741E27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F37A411-E7C3-4486-BDC5-901345723DFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{909BADE2-BE9A-413E-8459-29180A7C3763}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97086AFE-31C1-4DD6-A28B-5D20B1776183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D6CF424-D54D-4CFD-9D04-38B72429835A}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{A5B6BC72-27B8-454B-B2BF-4BA95E97BB0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A655097F-7B04-415E-9359-230285CEB6D2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A67702DB-4204-4267-8B06-82590F442D6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B161DC20-1745-4DBD-969B-04D5C432C7AE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C378CABF-A0CE-47CA-ACBE-DBF4A25A4166}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C769391E-2104-45C0-B017-5F09407B4DD4}" = protocol=6 | dir=out | app=system |
"{C9530FBF-9A60-44ED-8DDD-972C5FD84D99}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"TCP Query User{187AF0FD-E661-4D08-954F-08B045276C52}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2D606B0E-0A9F-4996-BB8F-18F12C987DF9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2D91B8E3-66A4-4C7D-B69F-B439CF3D0B24}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B1059760-E86F-4D59-8CCE-B6CA87228EF0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758E3580-89A5-48AF-9BB2-125B7DDBD64C}" = Fighters
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1195
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dell Dock" = Dell Dock
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FLV Player" = FLV Player 2.0 (build 25)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Spec Ops The Line_is1" = Spec Ops The Line
"SPYWAREfighter" = SPYWAREfighter
"SynTPDeinstKey" = Dell Touchpad
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2012 00:06:40 | Computer Name = Goaner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wermgr.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918ca1, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000578f4,  Prozess-ID 0x1240, Anwendungsstartzeit
 01cd67bf659ffa50.
 
Error - 22.07.2012 12:23:03 | Computer Name = Goaner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FLVPlayer.exe, Version 0.0.0.0, Zeitstempel
0x48374e32, fehlerhaftes Modul FlashPlayer.3.1.1k.ocx, Version 9.0.124.0, Zeitstempel
 0x47e8643e, Ausnahmecode 0xc0000005, Fehleroffset 0x000c274c,  Prozess-ID 0xcdc,
Anwendungsstartzeit 01cd6826209d2d30.
 
Error - 22.07.2012 22:07:23 | Computer Name = Goaner-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SndVol.exe, Version 6.0.6001.18000, Zeitstempel
 0x4791928f, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000008, Fehleroffset 0x00074dcb,  Prozess-ID 0x1628, Anwendungsstartzeit
 01cd684e57f73910.
 
Error - 23.07.2012 12:07:14 | Computer Name = Goaner-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 06:14:28 | Computer Name = Goaner-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 08:59:24 | Computer Name = Goaner-PC | Source = VSS | ID = 40
Description =
 
Error - 24.07.2012 08:59:24 | Computer Name = Goaner-PC | Source = VSS | ID = 12292
Description =
 
Error - 24.07.2012 15:39:11 | Computer Name = Goaner-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 16:53:24 | Computer Name = Goaner-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 25.07.2012 03:20:01 | Computer Name = Goaner-PC | Source = WinMgmt | ID = 10
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 23.07.2012 04:11:42 | Computer Name = Goaner-PC | Source = WLAN-Tray | ID = 0
Description = 10:11:42, Mon, Jul 23, 12 Error - User "" does not have administrative
 privileges on this system
 
Error - 23.07.2012 04:11:42 | Computer Name = Goaner-PC | Source = WLAN-Tray | ID = 0
Description = 10:11:42, Mon, Jul 23, 12 Error - User "" does not have administrative
 privileges on this system
 
Error - 23.07.2012 16:26:03 | Computer Name = Goaner-PC | Source = WLAN-Tray | ID = 0
Description = 22:26:03, Mon, Jul 23, 12 Error - User "" does not have administrative
 privileges on this system
 
Error - 24.07.2012 15:37:17 | Computer Name = Goaner-PC | Source = WLAN-Tray | ID = 0
Description = 21:37:17, Tue, Jul 24, 12 Error - User "" does not have administrative
 privileges on this system
 
[ System Events ]
Error - 28.05.2012 03:04:41 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 03:04:43 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 03:04:44 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 03:04:45 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 03:04:46 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 03:04:46 | Computer Name = Goaner-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.05.2012 16:11:49 | Computer Name = Goaner-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 29.05.2012 09:13:50 | Computer Name = Goaner-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.05.2012 09:14:01 | Computer Name = Goaner-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.05.2012 09:14:52 | Computer Name = Goaner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---


hir hab ich noch die viren die er gefunden hat :daumenrunter:

PUP.Hacktool.crk 24.07.2012.13.23 File C:\Program Files\KONAMI\Pro Evolution 2012\rd.dll

Spyware.Zbot.Gen 24.07.2012.19.34 File C:\Users\Goaner\AppData\Roaming\uqivyr\xyfia.exe

Dont.Steal.Our.Software 24.07.2012.13.23 File C:\Users\Goaner\Documents\Treiber& Programme\TuneUp.Utilities.2012.v12.0.2020

Spyware.Zbot.Gen 24.07.2012.13.23 Registry Value HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunlEbcuced

Backdoor.Agent 24.07.2012.13.23 Registry Value HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunlUserinit

t'john 25.07.2012 13:57
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
MOD - C:\Users\Goaner\AppData\Roaming\13001.028\components\AcroFF028.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found
DRV - (aeufyrk6) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=HP_ss&mntrId=869b74d9000000000000001f3ad630f5
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=869b74d9000000000000001f3ad630f5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=HP_ss&mntrId=869b74d9000000000000001f3ad630f5"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=KW_ss&mntrId=869b74d9000000000000001f3ad630f5&q="
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - Startup: C:\Users\Goaner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.25 16:23:25 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.06.26 22:32:47 | 000,000,076 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\Shell - "" = AutoRun
O33 - MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2012.05.25 16:23:26 | 000,562,592 | R--- | M] (Warner Bros. Interactive Entertainment)
O33 - MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2012.06.26 22:32:47 | 001,944,532 | R--- | M] (2K Games )
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe

[2012.07.25 09:20:08 | 000,253,090 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.25 09:20:06 | 000,253,090 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.23 17:14:02 | 000,067,142 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\nvModes.001
[2012.03.23 17:14:01 | 000,067,142 | ---- | C] () -- C:\Users\Goaner\AppData\Roaming\nvModes.dat
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"BabylonToolbar" = Babylon toolbar on IE
Description = Fehlerhafte Anwendung wermgr.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ca1, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Description = Fehlerhafte Anwendung FLVPlayer.exe, Version 0.0.0.0, Zeitstempel
0x48374e32, fehlerhaftes Modul FlashPlayer.3.1.1k.ocx, Version 9.0.124.0, Zeitstempel
Description = Fehlerhafte Anwendung SndVol.exe, Version 6.0.6001.18000, Zeitstempel
0x4791928f, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 
[2012.05.13 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Babylon
[2012.05.13 11:32:02 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com
[2012.05.13 11:32:26 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\BabylonToolbar
 

[2012.07.22 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\UAs
[2012.07.22 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\xmldm
[2012.07.13 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Goaner\AppData\Roaming\Fighters
[2012.07.13 21:58:42 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.07.06 14:34:48 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\13001.016
[2012.07.06 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Goaner\AppData\Roaming\kock
:Files

C:\autoexec.bat -- [ NTFS ]
E:\autorun.inf -- [ CDFS ]
G:\Autorun.inf -- [ CDFS ]
C:\Users\Goaner\Documents\Treiber& Programme\TuneUp.Utilities.2012.v12.0.2020
C:\Program Files\KONAMI\Pro Evolution 2012
C:\Users\Goaner\AppData\Roaming\uqivyr
C:\Users\Goaner\AppData\Roaming\13001.028\

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Goaner222 26.07.2012 12:04
Moin alles gemacht was du gesagt hast antivi aus alles zu und otl wie gesagt so durchlaufen lassen das kam raus nach dem er neugestartet is....:



All processes killed
========== OTL ==========
Error: Unable to stop service AV Engine Scanning Service!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AV Engine Scanning Service deleted successfully.
File move failed. C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe scheduled to be moved on reboot.
Service AV Watch Service stopped successfully!
Service AV Watch Service deleted successfully!
File move failed. C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe scheduled to be moved on reboot.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service DFUBTUSB stopped successfully!
Service DFUBTUSB deleted successfully!
File System32\Drivers\frmupgr.sys File not found not found.
Error: No service named aeufyrk6 was found to stop!
Service\Driver key aeufyrk6 not found.
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=HP_ss&mntrId=869b74d9000000000000001f3ad630f5" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=100512_3_&babsrc=KW_ss&mntrId=869b74d9000000000000001f3ad630f5&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
C:\Users\Goaner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Programme\Dell\DellDock\DellDock.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40de1ae2-8ab0-11e1-aeb9-001f3ad630f5}\ not found.
File move failed. E:\Launcher.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cf4eda-75b6-11e1-bf3b-001f3ad630f5}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Setup.exe not found.
C:\ProgramData\nvModes.001 moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
C:\Users\Goaner\AppData\Roaming\nvModes.001 moved successfully.
C:\Users\Goaner\AppData\Roaming\nvModes.dat moved successfully.
C:\Users\Goaner\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Goaner\AppData\Roaming\mozilla\Firefox\Profiles\ldbacsc1.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Goaner\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Goaner\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Goaner\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Goaner\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Goaner\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Users\Goaner\AppData\Roaming\UAs folder moved successfully.
C:\Users\Goaner\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-UPD-SWPRO folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray\Updates folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray\Menu folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray\Logs folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray\Dumps folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Tray folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Suite\Logs folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Suite\Dumps folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\Suite folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\SPYWAREfighter\Logs folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters\SPYWAREfighter folder moved successfully.
C:\Users\Goaner\AppData\Roaming\Fighters folder moved successfully.
C:\Users\Public\Desktop\SPYWAREfighter.lnk moved successfully.
C:\Users\Goaner\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\Goaner\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\Goaner\AppData\Roaming\kock folder moved successfully.
========== FILES ==========
File\Folder C:\autoexec.bat -- [ NTFS ] not found.
File\Folder E:\autorun.inf -- [ CDFS ] not found.
File\Folder G:\Autorun.inf -- [ CDFS ] not found.
File\Folder C:\Users\Goaner\Documents\Treiber& Programme\TuneUp.Utilities.2012.v12.0.2020 not found.
File\Folder C:\Program Files\KONAMI\Pro Evolution 2012 not found.
C:\Users\Goaner\AppData\Roaming\Uqivyr folder moved successfully.
C:\Users\Goaner\AppData\Roaming\13001.028\components folder moved successfully.
C:\Users\Goaner\AppData\Roaming\13001.028 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Goaner\Downloads\cmd.bat deleted successfully.
C:\Users\Goaner\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Goaner
->Temp folder emptied: 170432393 bytes
->Temporary Internet Files folder emptied: 11877657 bytes
->Java cache emptied: 784714 bytes
->FireFox cache emptied: 1102707281 bytes
->Flash cache emptied: 5162 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 41480 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17924971 bytes
RecycleBin emptied: 14388946291 bytes

Total Files Cleaned = 14.966,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Goaner
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07262012_125418

Files\Folders moved on Reboot...
File move failed. C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe scheduled to be moved on reboot.
File move failed. C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe scheduled to be moved on reboot.
File\Folder E:\autorun.inf not found!
File\Folder G:\Autorun.inf not found!
File\Folder E:\Launcher.exe not found!
File\Folder G:\Setup.exe not found!

PendingFileRenameOperations files...
[2012.06.25 12:44:56 | 000,717,312 | ---- | M] () C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe : MD5=7FAF2F92B5BD8BAD3C81B2E65D917B9A
[2012.06.25 12:44:56 | 000,237,344 | ---- | M] () C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe : MD5=7B431476C7D3FEBE1904C095B294EBED
File E:\autorun.inf not found!
File G:\Autorun.inf not found!
File E:\Launcher.exe not found!
File G:\Setup.exe not found!

Registry entries deleted on Reboot...



:dankeschoen:

t'john 26.07.2012 12:05
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Goaner222 26.07.2012 12:16
Ok mach ich Scan dauert jetz ich meld mich dann wenn er durch is ......

t'john 26.07.2012 12:33
Alles klar! ;)

Goaner222 26.07.2012 13:55
Also der erneute scan mit maleware hat jetz nur noch ein virus gefunden hab die log gespeichert und alles gelöscht pc nuegestartet und adwcleaner laufen lassen log auch geschpeichert ....so hir sind beiden die erste is von male ware

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Goaner :: GOANER-PC [Administrator]

Schutz: Aktiviert

26.07.2012 13:17:51
mbam-log-2012-07-26 (14-40-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329624
Laufzeit: 1 Stunde(n), 15 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Goaner\AppData\Roaming\BAcroIEHelpe173.dll (Trojan.Agent.H) -> Keine Aktion durchgeführt.

(Ende)








und hir die log von adwcleaner :


# AdwCleaner v1.703 - Logfile created 07/26/2012 at 14:48:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Goaner - GOANER-PC
# Running from : C:\Users\Goaner\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Goaner\AppData\Local\Babylon
Folder Found : C:\Users\Goaner\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Goaner\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Goaner\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_3_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "869b74d9000000000000001f3ad630f5");
Found : user_pref("extensions.BabylonToolbar_i.id", "869b74d9000000000000001f3ad630f5");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15473");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:32:13");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
Found : user_pref("extensions.asktb.cbid", "^ABT");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.07.26+04.08.55-toolbar015iad-DE-T3NuYWJydWNrLEdlcm1hbnk%3D[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Found : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Found : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Found : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "0546a203-f1f4-4225-aa67-d32150c2f028");
Found : user_pref("extensions.asktb.hpr", "YES");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1343306789703");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.localePref", true);
Found : user_pref("extensions.asktb.location", "Osnabruck,Germany");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.nthp", "YES");
Found : user_pref("extensions.asktb.nthp_prev", "1");
Found : user_pref("extensions.asktb.nthp_stw", "1");
Found : user_pref("extensions.asktb.o", "APN10395");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "2");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "23F497A7-9ACE-418A-8A29-8A183F8380EC");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "26.07.2012 13:09:34");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.15.4.100013");
Found : user_pref("extensions.asktb.version", "5.15.4.23930");
Found : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.4.100013,{972ce4c6-7e08-4474-a285-320819[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [13991 octets] - [26/07/2012 14:48:50]

########## EOF - C:\AdwCleaner[R1].txt - [14120 octets] ##########

:dankeschoen:

t'john 26.07.2012 14:41
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Goaner222 26.07.2012 14:58
# AdwCleaner v1.703 - Logfile created 07/26/2012 at 15:52:15
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Goaner - GOANER-PC
# Running from : C:\Users\Goaner\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Goaner\AppData\Local\Babylon
Folder Deleted : C:\Users\Goaner\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Goaner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Goaner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\prefs.js

C:\Users\Goaner\AppData\Roaming\Mozilla\Firefox\Profiles\ldbacsc1.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_3_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "869b74d9000000000000001f3ad630f5");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "869b74d9000000000000001f3ad630f5");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15473");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:32:13");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
Deleted : user_pref("extensions.asktb.cbid", "^ABT");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.07.26+04.08.55-toolbar015iad-DE-T3NuYWJydWNrLEdlcm1hbnk%3D[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "0546a203-f1f4-4225-aa67-d32150c2f028");
Deleted : user_pref("extensions.asktb.hpr", "YES");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1343306789703");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.localePref", true);
Deleted : user_pref("extensions.asktb.location", "Osnabruck,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.nthp", "YES");
Deleted : user_pref("extensions.asktb.nthp_prev", "1");
Deleted : user_pref("extensions.asktb.nthp_stw", "1");
Deleted : user_pref("extensions.asktb.o", "APN10395");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "23F497A7-9ACE-418A-8A29-8A183F8380EC");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "26.07.2012 13:09:34");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.4.23930");
Deleted : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.4.100013,{972ce4c6-7e08-4474-a285-320819[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [14122 octets] - [26/07/2012 14:48:50]
AdwCleaner[S1].txt - [14237 octets] - [26/07/2012 15:52:15]

########## EOF - C:\AdwCleaner[S1].txt - [14366 octets] ##########

t'john 26.07.2012 15:00
Emsisoft Log?

Goaner222 26.07.2012 15:02
oh sorry hab ich eben überlesen kommt sofort .....

:dankeschoen:

das läuft bei mir nich weil ich servicepack 2 nich hab soll ich das installieren??

t'john 26.07.2012 15:24
Alle Updates einspielen und Weitermachen!

Goaner222 26.07.2012 15:31
Mache ich Danke dir nochmals für deine geduld echt nett von dir für deine hilfe

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 26.07.2012 17:09:24

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 26.07.2012 17:11:05

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\spywarefighter --> nomodify gefunden: Trace.Registry.spywarefighter!E1

Gescannt 580817
Gefunden 1

Scan Ende: 26.07.2012 19:41:44
Scan Zeit: 2:30:39


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19