Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Live Security Platinum komplett entfernen (https://www.trojaner-board.de/123043-live-security-platinum-komplett-entfernen.html)

creit 30.08.2012 00:09
Live Security Platinum komplett entfernen
 
Vor zwei tagen habe ich den virus "Live Security Platinum" eingefangen.
Wie ich hier gelesen habe, bin ich in den abgesicherten modus gewechselt. hier konnte ich auch wieder porgramme starten die zuvor blockiert waren.
dann habe ich mir malwarebytes gedownloadet und eine suche gestartet. leider konnten nicht alle viren entfernt werden.
zudem habe ich avira und norton mehrmals durchlaufen lassen.
norton findet immer die selben viren kann diese aber nicht entfernen.

hier steht immer :

Trojan.Gen kann nicht aus einer nicht unterstützten datei entfernt werden.
das selbe ebenfalls mit Trojan.Gen.2 und W32.Spybot.Worm

zusätzlich habe ich es zweimal mit der systemwiederherstellung versucht, aber ohne erfolg.


nun frage ich hier um hilfe

mein betriebsystem ist windows vista

hoffe ihr könnt mir weiter helfen

Das ist der code von der OTL.txt:

Code:
OTL logfile created on: 30.08.2012 21:10:03 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Dulson\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,79% Memory free
4,21 Gb Paging File | 2,62 Gb Available in Paging File | 62,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,33 Gb Total Space | 17,73 Gb Free Space | 17,00% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 29,41 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 0,62 Gb Free Space | 8,32% Space Free | Partition Type: NTFS
 
Computer Name: DULSON-PC | User Name: Dulson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dulson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - c:\Programme\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\WinTab32.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - c:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (xsherlock) -- C:\WINDOWS\System32\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Autodesk Licensing Service) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinTabService) -- C:\WINDOWS\System32\drivers\WTSrv.exe (Tablet Driver)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASBroker) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ISPwdSvc) -- c:\Programme\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (SymAppCore) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ASChannel) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\Windows\xhunter1.sys File not found
DRV - (vtany) -- C:\Windows\vtany.sys File not found
DRV - (Tablet2k) -- C:\Windows\System32\Drivers\Tablet2k.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SWDUMon) -- C:\WINDOWS\System32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120526.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120526.006\NAVENG.SYS (Symantec Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20120524.001\IDSvix86.sys (Symantec Corporation)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (UCTblHid) -- C:\WINDOWS\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (PTSimBus) -- C:\WINDOWS\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (TClass2k) -- C:\WINDOWS\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\WINDOWS\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (ATSWPDRV) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\WINDOWS\System32\drivers\symndisv.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2589E5E2-D928-4CF1-8A19-59E4444FBF20}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2589E5E2-D928-4CF1-8A19-59E4444FBF20}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27:24&v=11.1.0.7&sap=hp
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=4ac2e401000000000000001b77c06b8a
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\SearchScopes\{2589E5E2-D928-4CF1-8A19-59E4444FBF20}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27:24&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-495965216-148509765-2783342387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf69c0e76-227b-48e5-9d0f-a5073ed6e490%7D&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&ds=ts024&v=11.1.0.7&lang=de&pr=sa&d=2012-06-24%2015%3A27%3A24&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dulson\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dulson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dulson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 23:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.30 16:33:24 | 000,000,000 | ---D | M]
 
[2012.04.30 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dulson\AppData\Roaming\mozilla\Extensions
[2012.08.14 16:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dulson\AppData\Roaming\mozilla\Firefox\Profiles\syei3nux.default\extensions
[2012.08.14 16:49:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dulson\AppData\Roaming\mozilla\Firefox\Profiles\syei3nux.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.30 23:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 21:38:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 14:22:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 23:22:26 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.19 14:22:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 14:22:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 14:22:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 14:22:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 14:22:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.avg.com/?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27:24&v=11.1.0.7&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27:24&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: hxxp://isearch.avg.com/?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27:24&v=11.1.0.7&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dulson\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dulson\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dulson\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dulson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dulson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Dulson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Dulson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Dulson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-495965216-148509765-2783342387-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-495965216-148509765-2783342387-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-495965216-148509765-2783342387-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dulson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dulson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-495965216-148509765-2783342387-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.182.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DA28028-714F-4624-A4F3-3EF97FE4FAF9}: DhcpNameServer = 192.168.182.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.30 20:54:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b5f5fff0-7030-11e1-9372-001b2445fd80}\Shell - "" = AutoRun
O33 - MountPoints2\{b5f5fff0-7030-11e1-9372-001b2445fd80}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 16:00:39 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Dulson\Desktop\OTL.exe
[2012.08.28 14:26:04 | 000,000,000 | ---D | C] -- C:\Users\Dulson\AppData\Roaming\Malwarebytes
[2012.08.28 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 14:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 14:25:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.28 14:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.28 01:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.28 01:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.28 01:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.08.27 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Dulson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.08.27 21:57:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.08.27 21:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.08.27 21:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.08.14 16:48:34 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.01 00:49:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[6 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.30 20:38:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 20:38:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 20:25:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-495965216-148509765-2783342387-1000UA.job
[2012.08.30 16:01:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dulson\Desktop\OTL.exe
[2012.08.30 15:44:18 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.08.30 15:42:34 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012.08.30 15:41:36 | 000,011,232 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012.08.30 15:38:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 15:38:15 | 000,385,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 15:37:54 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 21:28:35 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.28 21:28:35 | 000,608,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.28 21:28:35 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.28 21:28:35 | 000,102,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.28 14:25:55 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.28 14:00:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.08.28 14:00:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.08.28 04:12:02 | 000,000,224 | ---- | M] () -- C:\Windows\WinInit.ini
[2012.08.28 01:23:29 | 000,001,057 | ---- | M] () -- C:\Users\Dulson\Desktop\Spybot - Search & Destroy.lnk
[2012.08.27 21:57:06 | 000,002,081 | ---- | M] () -- C:\Users\Dulson\Desktop\SpyHunter.lnk
[2012.08.27 20:00:21 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Dulson.job
[2012.08.27 13:25:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-495965216-148509765-2783342387-1000Core.job
[2012.08.26 00:35:38 | 000,068,392 | ---- | M] () -- C:\Users\Dulson\Desktop\original.jpg
[2012.08.23 20:33:48 | 000,038,392 | ---- | M] () -- C:\Users\Dulson\Desktop\Obj_CastleIN_Gate02_01.jpg
[2012.08.23 20:33:48 | 000,035,713 | ---- | M] () -- C:\Users\Dulson\AppData\Local\recently-used.xbel
[2012.08.22 01:18:04 | 000,002,049 | ---- | M] () -- C:\Users\Dulson\Desktop\Google Chrome.lnk
[2012.08.14 16:59:40 | 002,852,941 | ---- | M] () -- C:\Users\Dulson\Desktop\Silla - Jeder Tag (prod. by RAF Camora) _ 16bars.de Videopremiere.m4a
[2012.08.14 16:56:51 | 004,019,234 | ---- | M] () -- C:\Users\Dulson\Desktop\Silla - Wiederbelebt.m4a
[2012.08.14 16:48:39 | 000,001,193 | ---- | M] () -- C:\Users\Dulson\Desktop\Free YouTube to MP3 Converter.lnk
[2012.08.14 16:48:39 | 000,001,034 | ---- | M] () -- C:\Users\Dulson\Desktop\DVDVideoSoft Free Studio.lnk
[2012.08.14 16:39:23 | 003,076,168 | ---- | M] () -- C:\Users\Dulson\Desktop\SILLA - Grauenhaft Verzerrt (HD).mp3
[2012.08.01 00:49:29 | 265,693,269 | ---- | M] () -- C:\Windows\MEMORY.DMP
[6 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.28 14:25:55 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.28 14:00:01 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.08.28 14:00:01 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.08.28 01:23:29 | 000,001,057 | ---- | C] () -- C:\Users\Dulson\Desktop\Spybot - Search & Destroy.lnk
[2012.08.27 21:57:06 | 000,002,081 | ---- | C] () -- C:\Users\Dulson\Desktop\SpyHunter.lnk
[2012.08.26 00:35:17 | 000,068,392 | ---- | C] () -- C:\Users\Dulson\Desktop\original.jpg
[2012.08.23 20:33:48 | 000,035,713 | ---- | C] () -- C:\Users\Dulson\AppData\Local\recently-used.xbel
[2012.08.23 20:32:05 | 000,038,392 | ---- | C] () -- C:\Users\Dulson\Desktop\Obj_CastleIN_Gate02_01.jpg
[2012.08.14 16:59:38 | 002,852,941 | ---- | C] () -- C:\Users\Dulson\Desktop\Silla - Jeder Tag (prod. by RAF Camora) _ 16bars.de Videopremiere.m4a
[2012.08.14 16:56:46 | 004,019,234 | ---- | C] () -- C:\Users\Dulson\Desktop\Silla - Wiederbelebt.m4a
[2012.08.14 16:38:17 | 003,076,168 | ---- | C] () -- C:\Users\Dulson\Desktop\SILLA - Grauenhaft Verzerrt (HD).mp3
[2012.08.01 00:49:01 | 265,693,269 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.02 00:15:02 | 000,000,045 | ---- | C] () -- C:\Users\Dulson\.gtk-bookmarks
[2012.06.24 17:27:36 | 000,003,584 | ---- | C] () -- C:\Windows\Tablet10000x6250.ini
[2012.06.24 15:25:54 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012.06.24 15:00:39 | 000,184,320 | ---- | C] () -- C:\Windows\System32\WinTab32.dll
[2012.06.24 15:00:39 | 000,047,104 | ---- | C] () -- C:\Windows\System32\UCMfg.exe
[2012.06.24 15:00:39 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe
[2012.05.07 15:22:39 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.04.13 20:02:36 | 000,001,808 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.04.07 15:34:16 | 000,003,500 | ---- | C] () -- C:\Windows\Tablet5500x4000.ini
[2012.04.04 21:49:51 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.04.04 21:49:51 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.04.04 14:00:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.04 14:00:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.03.22 15:34:17 | 000,005,571 | ---- | C] () -- C:\Windows\Tablet10000x6250M.ini
[2012.03.21 14:51:41 | 000,003,342 | ---- | C] () -- C:\Windows\Tablet5500x4000M.ini
[2012.03.18 17:35:20 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2012.03.18 17:29:14 | 000,202,627 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.03.18 17:29:14 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2012.03.14 22:54:35 | 000,020,992 | ---- | C] () -- C:\Users\Dulson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.14 22:18:26 | 000,000,224 | ---- | C] () -- C:\Windows\WinInit.ini
[2012.03.14 20:08:53 | 000,111,104 | ---- | C] () -- C:\Windows\System32\uharc.exe
 
========== LOP Check ==========
 
[2012.04.24 14:19:25 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Artisteer
[2012.03.21 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Artweaver
[2012.06.02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Audacity
[2012.07.28 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Autodesk
[2012.06.15 22:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\BitTorrent
[2012.04.04 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Degener
[2012.08.14 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\DVDVideoSoft
[2012.03.22 22:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.28 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\FileZilla
[2012.06.22 20:02:16 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\gtk-2.0
[2012.08.30 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\ICQ
[2012.05.15 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\MAXON
[2012.03.14 21:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\MilkShape 3D 1.x.x
[2012.08.14 16:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\OpenCandy
[2012.03.23 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\OpenOffice.org
[2012.03.17 20:55:34 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\PhotoScape
[2012.04.22 14:05:25 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Publish Providers
[2012.04.22 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\Sony
[2012.06.24 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\SYSTEMAX Software Development
[2012.03.19 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Dulson\AppData\Roaming\TeamViewer
[2012.08.30 02:09:23 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.30 15:42:34 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.18 15:29:20 | 000,000,000 | ---D | M](C:\Users\Dulson\Desktop\Grischa ?) -- C:\Users\Dulson\Desktop\Grischa ♥
[2012.07.18 15:17:10 | 000,000,000 | ---D | C](C:\Users\Dulson\Desktop\Grischa ?) -- C:\Users\Dulson\Desktop\Grischa ♥
[2012.07.05 14:46:47 | 005,419,404 | ---- | M] ()(C:\Users\Dulson\Desktop\????????? ?? ?????????.mp2) -- C:\Users\Dulson\Desktop\Помолимся за Родителей.mp2
[2012.07.05 14:46:46 | 004,396,284 | ---- | M] ()(C:\Users\Dulson\Desktop\???????? ??????? – ????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ПИШУ.mp2
[2012.07.05 14:46:45 | 004,683,384 | ---- | M] ()(C:\Users\Dulson\Desktop\???????? ??????? – ?????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ВИШНЯ.mp2
[2012.07.05 14:46:45 | 004,126,932 | ---- | M] ()(C:\Users\Dulson\Desktop\???????? ??????? – ??????????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ПОСВЯЩЕНИЕ.mp2
[2012.06.02 00:56:46 | 005,419,404 | ---- | C] ()(C:\Users\Dulson\Desktop\????????? ?? ?????????.mp2) -- C:\Users\Dulson\Desktop\Помолимся за Родителей.mp2
[2012.06.02 00:46:45 | 004,396,284 | ---- | C] ()(C:\Users\Dulson\Desktop\???????? ??????? – ????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ПИШУ.mp2
[2012.06.02 00:39:49 | 004,683,384 | ---- | C] ()(C:\Users\Dulson\Desktop\???????? ??????? – ?????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ВИШНЯ.mp2
[2012.06.02 00:32:50 | 004,126,932 | ---- | C] ()(C:\Users\Dulson\Desktop\???????? ??????? – ??????????.mp2) -- C:\Users\Dulson\Desktop\Владимир Рыкунов – ПОСВЯЩЕНИЕ.mp2

< End of report >

Und das von Extras.txt:

Code:
OTL Extras logfile created on: 30.08.2012 21:10:03 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Dulson\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,79% Memory free
4,21 Gb Paging File | 2,62 Gb Available in Paging File | 62,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,33 Gb Total Space | 17,73 Gb Free Space | 17,00% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 29,41 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 0,62 Gb Free Space | 8,32% Space Free | Partition Type: NTFS
 
Computer Name: DULSON-PC | User Name: Dulson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-495965216-148509765-2783342387-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7041B037-D75B-48D9-856F-D065CFCED069}" = SlimDrivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}" = SpyHunter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E8815668-95B0-443D-AC92-2BFD7DD8F16A}" = Adobe Flash Catalyst CS5
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CLICK & LEARN DiDi 360° Component Install_is1" = CLICK & LEARN DiDi 360° Component Install
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ContentaConverter-PREMIUM" = Contenta Converter PREMIUM
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileZilla Client" = FileZilla Client 3.5.3
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.24.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIMP-2_is1" = GIMP 2.8.0
"GlobalDK" = Dekaron
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = Skype 2.5
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TabletDriver" = Trust Tablet Driver
"VLC media player" = VLC media player 2.0.1
"WinX Free AVI to MP4 Converter_is1" = WinX Free AVI to MP4 Converter 4.0.6
"Xvid_is1" = Xvid MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-495965216-148509765-2783342387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2012 05:23:27 | Computer Name = Dulson-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Beast.exe, Version 1.0.0.0, Zeitstempel 0x4bbe874f,
 fehlerhaftes Modul Beast.exe, Version 1.0.0.0, Zeitstempel 0x4bbe874f, Ausnahmecode
 0xc0000005, Fehleroffset 0x000016eb,  Prozess-ID 0x1744, Anwendungsstartzeit 01cd7c59b204b4d4.
 
Error - 18.08.2012 15:48:48 | Computer Name = Dulson-PC | Source = Application Hang | ID = 1002
Description = Programm CINEMA 4D.exe, Version 10.1.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1c30  Anfangszeit: 01cd7d7a5fdbe0e0  Zeitpunkt der Beendigung:
 61
 
Error - 22.08.2012 11:34:35 | Computer Name = Dulson-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: ef0  Anfangszeit: 01cd807aca959ec2  Zeitpunkt der
 Beendigung: 31
 
Error - 24.08.2012 20:46:46 | Computer Name = Dulson-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SndVol.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b458, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000008, Fehleroffset 0x000768b0,  Prozess-ID 0x1d38, Anwendungsstartzeit
 01cd825954d77900.
 
Error - 26.08.2012 07:57:33 | Computer Name = Dulson-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1360  Anfangszeit: 01cd83817860fec0  Zeitpunkt der
 Beendigung: 72
 
Error - 27.08.2012 15:05:56 | Computer Name = Dulson-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung regsvr32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b3c7, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003c419,  Prozess-ID 0xdf4, Anwendungsstartzeit
 01cd8486fae66660.
 
Error - 27.08.2012 15:06:16 | Computer Name = Dulson-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul kernel32.dll, Version 6.0.6000.16820, Zeitstempel
 0x49952034, Ausnahmecode 0x0eedfade, Fehleroffset 0x0001b09e,  Prozess-ID 0x908,
Anwendungsstartzeit 01cd8486ffa59c20.
 
Error - 27.08.2012 22:05:38 | Computer Name = Dulson-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 15cc  Anfangszeit: 01cd84a98aa535cd  Zeitpunkt der
 Beendigung: 314
 
Error - 28.08.2012 08:57:12 | Computer Name = Dulson-PC | Source = VSS | ID = 12289
Description =
 
Error - 28.08.2012 09:17:58 | Computer Name = Dulson-PC | Source = System Restore | ID = 8209
Description =
 
Error - 28.08.2012 09:42:13 | Computer Name = Dulson-PC | Source = System Restore | ID = 8209
Description =
 
[ System Events ]
Error - 22.03.2012 14:55:46 | Computer Name = Dulson-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2012 19:18:18 | Computer Name = Dulson-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.03.2012 um 20:52:44 unerwartet heruntergefahren.
 
Error - 24.03.2012 19:19:22 | Computer Name = Dulson-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.03.2012 19:20:58 | Computer Name = Dulson-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 25.03.2012 13:54:44 | Computer Name = Dulson-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.03.2012 um 19:52:08 unerwartet heruntergefahren.
 
Error - 25.03.2012 16:36:52 | Computer Name = Dulson-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.03.2012 um 22:34:00 unerwartet heruntergefahren.
 
Error - 26.03.2012 05:12:31 | Computer Name = Dulson-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.03.2012 um 03:34:55 unerwartet heruntergefahren.
 
Error - 27.03.2012 06:07:21 | Computer Name = Dulson-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.03.2012 um 11:10:41 unerwartet heruntergefahren.
 
Error - 27.03.2012 06:08:51 | Computer Name = Dulson-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.03.2012 06:09:55 | Computer Name = Dulson-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

schrauber 31.08.2012 12:11
Hi,

Lade ComboFix von einen dieser Download-Spiegel herunter:

BleepingComputer

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

creit 31.08.2012 19:17
Das steht im log:

Code:
ComboFix 12-08-30.05 - Dulson 31.08.2012  19:46:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.2046.921 [GMT 2:00]
ausgeführt von:: c:\users\Dulson\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$df9c466c84e1d90c13e10461573050af\@
c:\$recycle.bin\S-1-5-18\$df9c466c84e1d90c13e10461573050af\U\00000001.@
c:\$recycle.bin\S-1-5-18\$df9c466c84e1d90c13e10461573050af\U\80000000.@
c:\users\Dulson\AppData\Roaming\2YourFace
c:\users\Dulson\AppData\Roaming\2YourFace\2YourFace.crx
c:\users\Dulson\AppData\Roaming\2YourFace\bho.dll
c:\users\Dulson\AppData\Roaming\2YourFace\FF8Installer.exe
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome.manifest
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.js
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.xul
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\content\overlay.js
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.dtd
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.properties
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\chrome\skin\overlay.css
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\defaults\preferences\prefs.js
c:\users\Dulson\AppData\Roaming\2YourFace\ffextension\install.rdf
c:\users\Dulson\AppData\Roaming\2YourFace\uninst.exe
c:\users\Dulson\AppData\Roaming\2YourFace\Updater.exe
c:\users\Dulson\AppData\Roaming\2YourFace\version.exe
c:\windows\system32\ST~370A.tmp
c:\windows\system32\ST~3A74.tmp
c:\windows\system32\ST~8218.tmp
c:\windows\system32\ST~8573.tmp
c:\windows\system32\ST~AB12.tmp
c:\windows\system32\ST~ABED.tmp
c:\windows\system32\ST~AED7.tmp
c:\windows\system32\ST~AF84.tmp
c:\windows\system32\ST~C574.tmp
c:\windows\system32\ST~C8DE.tmp
c:\windows\system32\ST~CCBF.tmp
c:\windows\system32\ST~CD3D.tmp
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-28 bis 2012-08-31  ))))))))))))))))))))))))))))))
.
.
2012-08-31 17:58 . 2012-08-31 18:06        --------        d-----w-        c:\users\Dulson\AppData\Local\temp
2012-08-31 17:58 . 2012-08-31 17:58        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-08-31 17:58 . 2012-08-31 17:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-30 23:51 . 2012-08-30 23:51        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 22:05 . 2012-08-30 22:05        --------        d-----w-        c:\program files\3D Object Converter v4.428
2012-08-30 20:56 . 2012-08-30 21:50        --------        d-----w-        c:\program files\3D Object Converter 4.80
2012-08-30 20:55 . 2012-08-30 20:55        796672        ----a-w-        c:\windows\GPInstall.exe
2012-08-30 20:03 . 2012-08-30 20:20        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-30 19:41 . 2012-08-30 19:41        27496        ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 12:26 . 2012-08-28 12:26        --------        d-----w-        c:\users\Dulson\AppData\Roaming\Malwarebytes
2012-08-28 12:25 . 2012-08-28 12:25        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-28 12:25 . 2012-08-28 12:26        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-28 12:25 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-27 23:23 . 2012-08-28 02:08        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-08-27 23:23 . 2012-08-27 23:23        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2012-08-27 19:57 . 2012-08-27 19:57        --------        d-----w-        c:\program files\Enigma Software Group
2012-08-27 19:55 . 2012-08-30 22:47        --------        d-----w-        c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-08-27 19:55 . 2012-08-27 19:55        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-08-24 07:42 . 2012-08-01 22:51        7023536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D4E6933-D510-4C3C-871F-DDB6F7D626E7}\mpengine.dll
2012-08-14 14:48 . 2012-06-22 14:32        405144        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 18:05 . 2012-06-24 13:25        11232        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys
2012-07-21 07:11 . 2012-07-21 07:11        65536        ----a-w-        c:\windows\system32\frapsvid.dll
2012-06-13 04:39 . 2012-06-06 17:37        665184        ----a-w-        c:\windows\system32\xsherlock.xem
2012-08-30 23:51 . 2012-06-14 16:43        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 19:43        1734240        ----a-w-        c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-03-15 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-30 947808]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Dulson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2YourFace_Updater.lnk - c:\users\Dulson\AppData\Roaming\2YourFace\Updater.exe [N/A]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dulson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Dulson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-04-02 13:53        6410096        ----a-w-        c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2007-01-13 02:36        323216        ----a-w-        c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17        452880        ----a-w-        c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31        2144088        --sha-r-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance        REG_MULTI_SZ          ASBroker ASChannel
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495965216-148509765-2783342387-1000Core.job
- c:\users\Dulson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 10:55]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-495965216-148509765-2783342387-1000UA.job
- c:\users\Dulson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 10:55]
.
2012-08-27 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Dulson.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 07:09]
.
2012-08-31 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-06-19 07:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27&v=12.2.5.32&sap=hp
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Free YouTube to MP3 Converter - c:\users\Dulson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.182.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Dulson\AppData\Roaming\Mozilla\Firefox\Profiles\syei3nux.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={1D838A22-1100-42F6-AF81-D44A404B9C12}&mid=5c96f628f00247d0a49dd15262a11473-3ea5398b54a110a43354fdb0adc46442460d94c6&lang=de&ds=ts024&pr=sa&d=2012-06-24 15:27&v=12.2.5.32&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-ExpressFiles - c:\program files\ExpressFiles\ExpressFiles.exe
AddRemove-2YourFace - c:\users\Dulson\AppData\Roaming\2YourFace\uninst.exe
AddRemove-SOE-DC Universe Online Live - c:\users\Public\Sony Online Entertainment\Installed Games\DC Universe Online Live\uninstaller.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(2652)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WTClient.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-31  20:11:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-31 18:11
.
Vor Suchlauf: 16 Verzeichnis(se), 18.166.042.624 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 20.053.495.808 Bytes frei
.
- - End Of File - - 8BC4FFACA2A49B12361CCE9A9215E582

schrauber 02.09.2012 14:32
Hi,

bitte update malwarebytes und mach nen quick scan, poste das logfile. wie läuft der rechner?


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131