Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   selbst öffnende .exe Dateien wie z.B. E7AA.exe oder DE8C.exe etc...... (https://www.trojaner-board.de/124938-selbst-oeffnende-exe-dateien-z-b-e7aa-exe-de8c-exe-etc.html)

Janis540 30.09.2012 18:30
selbst öffnende .exe Dateien wie z.B. E7AA.exe oder DE8C.exe etc......
 
Hallo Leute,

Ich habe nun seit längerer Zeit kleinere .exe Dateien auf meinem Laptop (Windows 7 Home Premium).
Die Dateien sind nicht sehr groß. Lediglich rund 350 KB.
Sie befinden sich im Ordner Roaming. In der Suchleiste bei Windows einfach "%appdata%" eingeben.
Die Minecraft-Spieler kennen den Ordner. Es ist der Ordner in in den man den .minecraft Ordner platzieren muss.
Und genau darin befinden sich die Dateien. Sie erstellen sich auch immer neu.:headbang: Ich habe schon mehrmals versucht sie einfach zu löschen, aber es funktioniert nicht. Sie werden einfach wieder erstellt. Und es sind auch nicht immer dieselben Dateinamen. Und sie öffnen sich auch automatisch; Im Taskmanager unter Prozesse werden IMMER 2 identische Viren geöffnet. Egal welchen Namen sie haben, es sind immer 2 gleiche. Ich poste mal ein Screenshot hier rein, wie das bei mir aussieht:

Also erstmal der Roaming Ordner wo sich die Dateien befinden:
http://s14.directupload.net/file/d/3...bmjum6_png.htm


Und hier ist der/ sind die Prozesse im Task Manager:
http://s7.directupload.net/file/d/3029/zer9y2o9_png.htm


Ich habe keiner Ahnung wo diese Teile herkommen.
Durch irgendeinen Download höchstwahrscheinlich.

Der Virus bremst auch erheblich die Systemleistung aus.


Wenn mir jemand helfen kann, wäre ich sehr dankbar :singsing:

Gruß, Janis

schrauber 02.10.2012 07:14
Hi,


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Janis540 02.10.2012 18:59
Danke erstmal, schrauber...

Ich habe den Scan gestartet, jedoch hängt sich das Programm immer auf wenn folgendes gescannt wird:

"Scanning HKEY_CURRENT_USER Run Keys..."

Muss ich einfach nur lange warten? Ich hatte nämlich ca. 15 Minuten gewartet, doch es hat sich nichts getan....:balla:

schrauber 02.10.2012 19:00
Dann versuchen wir was andres.


Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.scr
dds.pif
  • Schließe alle laufenden Programme.
  • Starte DDS mit Doppelklick.
  • Es wird 2 Logfiles erstellen.
    • dds.txt
    • attach.txt
  • Speichere beide Logfiles auf deinem Desktop
  • Poste beide Logfiles hier.

Janis540 02.10.2012 21:20
Danke, hat geklappt.

Also hier ist das Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06.03.2012 13:03:52
System Uptime: 02.10.2012 11:47:51 (11 hours ago)
.
Motherboard: Acer |  | Aspire one     
Processor: Intel(R) Atom(TM) CPU N270  @ 1.60GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 114 GiB total, 18,399 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG AVI Loader Driver
Device ID: ROOT\LEGACY_AVGLDX86\0000
Manufacturer:
Name: AVG AVI Loader Driver
PNP Device ID: ROOT\LEGACY_AVGLDX86\0000
Service: Avgldx86
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&36089DE0&0&2
Manufacturer: (Standard-USB-Hostcontroller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&36089DE0&0&2
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Illustrator CS6
Adobe Photoshop CS6
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
µTorrent
Audacity 1.2.6
AVG 2012
AVS Update Manager 1.0
AVS Video Converter 8
Broadcom Wireless Utility
Camtasia Studio 7
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP640 series MP Drivers
CDBurnerXP
Cheat Engine 6.1
CINEMA 4D 11.514
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DarkLoader v4.1
Dev-C++ 5 beta 9 release (4.9.9.2)
Driver Genius Professional Edition
eReg
Führerschein-Trainer 2007
Fraps (remove only)
GadgetBox
GBox
GermaniXEncoder
Google Chrome
Google Earth
Google Update Helper
Hama Wireless LAN Adapter
Hex-Editor MX
Iminent
Intel(R) Graphics Media Accelerator Driver
InterActual Player
IsoBuster 2.8.5
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
JDiskReport 1.4.0
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.32
Media Player Codec Pack 4.1.9
Microsoft .NET Framework 4.5 DEU Language Pack RC
Microsoft .NET Framework 4.5 RC
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Minecraft Version Changer
mIRC
Mozilla Firefox 13.0.1 (x86 de)
MP3 Skype Recorder
MSVCRT Redists
Orbit Downloader
PDF Settings CS6
Pflanzen gegen Zombies
Realtek High Definition Audio Driver
Skype™ 5.10
SopCast 3.5.0
sprotector 1.62
Stream Player
swMSM
TeamSpeak 3 Client
Tunatic
Vegas Pro 10.0
VLC media player 1.1.11
WebCam
WinRAR 4.11 (32-Bit)
Xilisoft HD Video Converter 6
.
==== End Of File ===========================




Und hier ist das DDS file:

[TABLE].
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.7.2
Run by Janis at 22:00:20 on 2012-10-02
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1033.18.1014.224 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hama\Common\RaRegistry.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\Premium\GBox\GBox.exe
C:\Windows\System32\taskmgr.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\cinema 4d\documents\msdcsc\msdcsc.exe,c:\users\cinema 4d\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe,c:\users\janis\documents\msdcsc\msdcsc.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\users\janis\appdata\roaming\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [85d7b90b3f039ec268747896125a906f]
uRun: [Microsoft DLL Registration] c:\users\janis\appdata\roaming\regsrv32.exe
uRun: [MicroUpdate] c:\users\janis\documents\msdcsc\msdcsc.exe
uRun: [Fztitn] c:\users\janis\appdata\roaming\Fztitn.exe
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\janis\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MP3 Skype Recorder] c:\program files\mp3 skype recorder\MP3 Skype Recorder.exe
uRun: [WINSXS32] c:\users\janis\appdata\roaming\A86B.exe
mRun: [Driver Genius]
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [WINSXS32] c:\users\janis\appdata\roaming\DA66.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Broadcom Wireless Manager UI] c:\program files\broadcom\broadcom 802.11 network adapter\WLTRAY.exe
mRun: [TaskTray]
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe /startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [Skype Recorder] "c:\program files\skype recorder\Skype Recorder.exe"
StartupFolder: c:\users\janis\appdata\roaming\microsoft\windows\start menu\programs\startup\explorer.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hamawi~1.lnk - c:\program files\hama\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 82.212.62.62 192.168.0.1
TCP: Interfaces\{06FECF99-3B43-4B79-86CF-19CD04F12C59} : DhcpNameServer = 82.212.62.62 192.168.0.1
TCP: Interfaces\{0D919A74-7B99-489D-A36B-D638B135663D} : DhcpNameServer = 82.212.62.62 192.168.0.1
TCP: Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A} : DhcpNameServer = 82.212.62.62 192.168.0.1
TCP: Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}\2475D2E45647A7775627B6 : DhcpNameServer = 82.212.62.62 78.42.43.62
TCP: Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}\75C414E4D2145413935393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AECCD3BF-6684-4A29-98B1-59BDF8643224} : DhcpNameServer = 82.212.62.62 192.168.0.1
TCP: Interfaces\{B94362DE-0FA9-41E4-9AFE-BCAFFD87BFEB}\4456661657C647 : DhcpNameServer = 82.212.62.62 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\mp3 skype recorder\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~2\sprote~1\sprote~1.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\janis\appdata\roaming\mozilla\firefox\profiles\bw776v5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e9e69524c&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.2.5.32&sap=ku&q=
FF - plugin: c:\progra~2\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\janis\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
user_pref('extensions.dealply.partner', 'vita');
.
user_pref('extensions.dealply.channel', 'vitaeazel');
.
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '0');
.
user_pref('extensions.dealply.partner', 'vita');
.
user_pref('extensions.dealply.channel', 'vitaeazel');
.
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.hardId - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:56:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg2012\avgwdsvc.exe" --> c:\program files\avg\avg2012\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-4-30 104872]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-17 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-17 116648]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2012-9-10 562464]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2012-3-7 3567]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2010-8-5 167576]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
.
=============== Created Last 30 ================
.
2012-10-02 20:00:35        195072        ----a-w-        c:\users\janis\appdata\roaming\Fztitn.exe
2012-10-02 15:33:21        347136        ----a-w-        c:\users\janis\appdata\roaming\A86B.exe
2012-10-01 19:29:36        --------        d-----w-        c:\programdata\Premium
2012-10-01 19:29:33        --------        d-----w-        c:\program files\SProtector
2012-10-01 19:29:24        --------        d-----w-        c:\program files\GadgetBox
2012-10-01 19:29:07        --------        d-----w-        c:\programdata\InstallMate
2012-09-30 19:24:36        347136        ----a-w-        c:\users\janis\appdata\roaming\963D.exe
2012-09-30 17:11:00        --------        d-----w-        c:\program files\ps3emu
2012-09-28 17:27:43        369664        ----a-w-        c:\users\janis\appdata\roaming\E7AA.exe
2012-09-28 17:19:47        348160        ----a-w-        c:\users\janis\appdata\roaming\A3F5.exe
2012-09-28 16:53:39        353280        ----a-w-        c:\users\janis\appdata\roaming\B7A3.exe
2012-09-28 16:36:55        353280        ----a-w-        c:\users\janis\appdata\roaming\66A5.exe
2012-09-28 16:30:23        353280        ----a-w-        c:\users\janis\appdata\roaming\6AD8.exe
2012-09-26 18:31:46        56200        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{6bb8abbd-b80f-46c1-9878-7292ddc844c6}\offreg.dll
2012-09-20 21:00:03        --------        d-----w-        c:\windows\Profiles
2012-09-17 15:10:54        --------        d-----w-        c:\users\janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 14:57:29        --------        d-----w-        c:\users\janis\flash-disinfector-
2012-09-13 21:11:39        132597        ----a-w-        c:\users\janis\flash-disinfector-.exe
2012-09-10 18:23:36        --------        d-----w-        c:\programdata\ALM
2012-09-10 18:01:29        --------        d-----w-        c:\users\janis\crack il
2012-09-10 16:14:15        --------        d-----w-        c:\users\janis\stick musik
2012-09-10 14:48:07        --------        d-----w-        c:\programdata\Ralink
2012-09-10 14:45:14        562464        ----a-w-        c:\windows\system32\drivers\netr73.sys
2012-09-10 14:45:14        226592        ----a-w-        c:\windows\system32\RaCoInst.dll
2012-09-10 14:45:12        --------        d-----w-        c:\programdata\RalinkRT7x Driver
2012-09-10 14:43:52        776480        ----a-w-        c:\windows\system32\RAIHV.dll
2012-09-10 14:43:52        102688        ----a-w-        c:\windows\system32\RAEXTUI.dll
2012-09-10 14:43:50        1590560        ----a-w-        c:\windows\system32\RaCertMgr.dll
2012-09-10 14:43:44        --------        d-----w-        c:\program files\Hama
2012-09-09 12:12:25        --------        d-----w-        c:\program files\Skype Recorder
2012-09-09 12:02:56        153        ----a-w-        c:\users\janis\settings.bin
2012-09-07 15:56:23        --------        d-----w-        c:\program files\Tunatic
2012-09-06 09:37:57        --------        d-----w-        c:\users\janis\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-05 09:07:55        --------        d-----w-        c:\users\janis\appdata\roaming\Iminent
2012-09-05 07:52:20        --------        d-----r-        c:\users\janis\sound
2012-09-04 20:34:39        --------        d-----w-        c:\program files\VideoLAN
2012-09-04 14:26:58        --------        d-----w-        c:\users\janis\savegame cod 4 janis
2012-09-04 08:12:21        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 08:09:09        --------        d-----w-        c:\users\janis\PS3
.
==================== Find3M  ====================
.
2012-09-21 20:51:36        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 20:51:36        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-04 08:11:45        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-04 08:11:45        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-27 14:31:34        299047        ----a-w-        c:\users\janis\Crusader_Multihack_Beta.exe
.
============= FINISH: 22:03:28,72 ===============
[/CODE]
--- --- ---
--- --- ---

--- --- ---


Das war's,
Gruß, Janis

schrauber 03.10.2012 06:23
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Janis540 03.10.2012 11:14
Danke, schrauber.

Das ist das Text file:

Combofix Logfile:
Code:
ComboFix 12-10-02.02 - Janis 03.10.2012  11:33:08.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1033.18.1014.302 [GMT 2:00]
ausgeführt von:: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPlyTune.dll
c:\users\Janis\AppData\Roaming\66A5.exe
c:\users\Janis\AppData\Roaming\6AD8.exe
c:\users\Janis\AppData\Roaming\963D.exe
c:\users\Janis\AppData\Roaming\A3F5.exe
c:\users\Janis\AppData\Roaming\A86B.exe
c:\users\Janis\AppData\Roaming\B7A3.exe
c:\users\Janis\AppData\Roaming\E7AA.exe
c:\users\Janis\AppData\Roaming\Microsoft\Windows\Templates\Lame_v3.99.3_for_Windows.exe
c:\users\Janis\Crusader_Multihack_Beta.exe
c:\users\Janis\flash-disinfector-.exe
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 09:53 . 2012-10-03 09:54        --------        d-----w-        c:\users\Janis\AppData\Local\temp
2012-10-03 09:53 . 2012-10-03 09:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-03 09:17 . 2012-10-03 09:17        195072        ----a-w-        c:\users\Janis\AppData\Roaming\Fztitn.exe
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\Premium
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\SProtector
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\GadgetBox
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\InstallMate
2012-09-30 17:11 . 2012-09-30 17:11        --------        d-----w-        c:\program files\ps3emu
2012-09-26 18:31 . 2012-10-01 15:04        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB8ABBD-B80F-46C1-9878-7292DDC844C6}\offreg.dll
2012-09-20 21:00 . 2012-09-20 21:00        --------        d-----w-        c:\windows\Profiles
2012-09-20 20:59 . 2012-09-20 21:00        --------        d-----w-        c:\users\Cinema 4D
2012-09-18 19:40 . 2012-09-18 19:40        --------        d-----w-        c:\windows\Sun
2012-09-17 15:10 . 2012-09-17 15:11        --------        d-----w-        c:\users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 14:57 . 2012-09-14 14:57        --------        d-----w-        c:\users\Janis\flash-disinfector-
2012-09-10 18:23 . 2012-09-10 18:23        --------        d-----w-        c:\programdata\ALM
2012-09-10 18:01 . 2012-09-10 18:25        --------        d-----w-        c:\users\Janis\crack il
2012-09-10 16:14 . 2012-09-10 16:15        --------        d-----w-        c:\users\Janis\stick musik
2012-09-10 14:48 . 2012-09-26 19:34        --------        d-----w-        c:\programdata\Ralink
2012-09-10 14:45 . 2010-02-24 13:06        562464        ----a-w-        c:\windows\system32\drivers\netr73.sys
2012-09-10 14:45 . 2010-02-24 12:07        226592        ----a-w-        c:\windows\system32\RaCoInst.dll
2012-09-10 14:43 . 2009-12-10 10:16        776480        ----a-w-        c:\windows\system32\RAIHV.dll
2012-09-10 14:43 . 2009-12-10 10:16        102688        ----a-w-        c:\windows\system32\RAEXTUI.dll
2012-09-10 14:43 . 2009-12-10 10:16        1590560        ----a-w-        c:\windows\system32\RaCertMgr.dll
2012-09-10 14:43 . 2012-09-10 14:43        --------        d-----w-        c:\program files\Hama
2012-09-09 12:12 . 2012-09-20 21:00        --------        d-----w-        c:\program files\Skype Recorder
2012-09-09 12:02 . 2012-09-09 12:02        153        ----a-w-        c:\users\Janis\settings.bin
2012-09-07 15:56 . 2012-09-07 15:56        --------        d-----w-        c:\program files\Tunatic
2012-09-06 09:37 . 2012-09-06 09:37        --------        d-----w-        c:\users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-05 09:07 . 2012-09-05 09:07        --------        d-----w-        c:\users\Janis\AppData\Roaming\Iminent
2012-09-05 07:52 . 2012-09-05 07:52        --------        d-----r-        c:\users\Janis\sound
2012-09-04 20:35 . 2012-09-05 20:26        --------        d-----w-        c:\users\Janis\AppData\Roaming\vlc
2012-09-04 20:34 . 2012-09-04 20:34        --------        d-----w-        c:\program files\VideoLAN
2012-09-04 14:26 . 2012-09-04 14:27        --------        d-----w-        c:\users\Janis\savegame cod 4 janis
2012-09-04 08:17 . 2012-09-04 08:17        --------        d-----w-        c:\program files\Common Files\Java
2012-09-04 08:12 . 2012-09-04 08:11        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 08:11 . 2012-09-04 08:11        --------        d-----w-        c:\program files\Java
2012-09-04 08:09 . 2012-09-04 08:09        --------        d-----w-        c:\users\Janis\PS3
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 20:51 . 2012-04-11 23:57        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 20:51 . 2012-04-11 23:57        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-04 08:11 . 2012-03-06 13:59        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-04 08:11 . 2012-03-06 13:59        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-14 22:19 . 2012-07-04 22:57        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fztitn"="c:\users\Janis\AppData\Roaming\Fztitn.exe" [2012-10-03 195072]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-03-06 6475264]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Skype Recorder"="c:\program files\Skype Recorder\Skype Recorder.exe" [2012-09-09 720896]
.
c:\users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
explorer.exe [2011-2-26 2614784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2012-9-10 1671168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54        91520        ----a-w-        c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fztitn]
2012-10-03 09:17        195072        ----a-w-        c:\users\Janis\AppData\Roaming\Fztitn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-06 13:33        136176        ----atw-        c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33        17418928        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:51]
.
2012-10-03 c:\windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
- c:\programdata\Premium\GBox\GBox.exe [2012-10-01 12:31]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.1.0.20&sap=hp
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 82.212.62.62 192.168.0.1
FF - ProfilePath - c:\users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e9e69524c&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.2.5.32&sap=ku&q=
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.hardId - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-WINSXS32 - c:\users\Janis\AppData\Roaming\A86B.exe
HKLM-Run-Driver Genius - (no file)
HKLM-Run-WINSXS32 - c:\users\Janis\AppData\Roaming\DA66.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-Iminent - c:\program files\Iminent\Iminent.exe
HKLM-Run-IminentMessenger - c:\program files\Iminent\Iminent.Messengers.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe
MSConfigStartUp-MicroUpdate - c:\users\Janis\Documents\MSDCSC\01M7kAsKUXn3\msdcsc.exe
MSConfigStartUp-NetLimiter - c:\program files\NetLimiter 3\NLClientApp.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
  91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
  04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
  35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
  38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
  ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*M*a*i*l*aާG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*Ö‘Um\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*ƛi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*»ýi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*m*a*r*i*o*_*w*i*n*a*n*s*_*-*_*i*_*n*e*e*d*_*a*_*g*i*r*l*_*p*a*r*t*_*3*ˆmm\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*G|št]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4a,61,6e,69,73,5c,44,65,73,6b,74,6f,70,5c,
  47,65,72,6d,61,6e,20,54,6f,70,20,31,30,30,20,53,69,6e,67,6c,65,20,43,68,61,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€ŸÞ§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9f,de,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€žß§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9e,df,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-03  12:00:15
ComboFix-quarantined-files.txt  2012-10-03 10:00
.
Vor Suchlauf: 23 Verzeichnis(se), 22.124.974.080 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 23.053.103.104 Bytes frei
.
- - End Of File - - 34727DBB192449BBDB7B1FD505BDF8B1
--- --- ---

schrauber 03.10.2012 15:15
Combofix muss vom Desktop ausgeführt werden. Bitte Combofix löschen, neu laden auf den Desktop und nochmal laufen lassen.

Janis540 03.10.2012 16:57
Alles klar, ich hab das jetzt nochmal gemacht.
Wenns wieder falsch ist, weiß ich auch nicht was los ist...

Combofix Logfile:
Code:
ComboFix 12-10-03.03 - Janis 03.10.2012  17:30:32.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1033.18.1014.347 [GMT 2:00]
ausgeführt von:: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cinema 4D\Documents\MSDCSC\msdcsc.exe
c:\users\Janis\AppData\Roaming\Fztitn.exe
c:\users\Janis\Documents\MSDCSC\msdcsc.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 15:49 . 2012-10-03 15:49        --------        d-----w-        c:\users\Janis\AppData\Local\temp
2012-10-03 15:49 . 2012-10-03 15:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\Premium
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\SProtector
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\GadgetBox
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\InstallMate
2012-09-30 17:11 . 2012-09-30 17:11        --------        d-----w-        c:\program files\ps3emu
2012-09-26 18:31 . 2012-10-01 15:04        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB8ABBD-B80F-46C1-9878-7292DDC844C6}\offreg.dll
2012-09-20 21:00 . 2012-09-20 21:00        --------        d-----w-        c:\windows\Profiles
2012-09-20 20:59 . 2012-09-20 21:00        --------        d-----w-        c:\users\Cinema 4D
2012-09-18 19:40 . 2012-09-18 19:40        --------        d-----w-        c:\windows\Sun
2012-09-17 15:10 . 2012-09-17 15:11        --------        d-----w-        c:\users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 14:57 . 2012-09-14 14:57        --------        d-----w-        c:\users\Janis\flash-disinfector-
2012-09-10 18:23 . 2012-09-10 18:23        --------        d-----w-        c:\programdata\ALM
2012-09-10 18:01 . 2012-09-10 18:25        --------        d-----w-        c:\users\Janis\crack il
2012-09-10 16:14 . 2012-09-10 16:15        --------        d-----w-        c:\users\Janis\stick musik
2012-09-10 14:48 . 2012-09-26 19:34        --------        d-----w-        c:\programdata\Ralink
2012-09-10 14:45 . 2010-02-24 13:06        562464        ----a-w-        c:\windows\system32\drivers\netr73.sys
2012-09-10 14:45 . 2010-02-24 12:07        226592        ----a-w-        c:\windows\system32\RaCoInst.dll
2012-09-10 14:43 . 2009-12-10 10:16        776480        ----a-w-        c:\windows\system32\RAIHV.dll
2012-09-10 14:43 . 2009-12-10 10:16        102688        ----a-w-        c:\windows\system32\RAEXTUI.dll
2012-09-10 14:43 . 2009-12-10 10:16        1590560        ----a-w-        c:\windows\system32\RaCertMgr.dll
2012-09-10 14:43 . 2012-09-10 14:43        --------        d-----w-        c:\program files\Hama
2012-09-09 12:12 . 2012-09-20 21:00        --------        d-----w-        c:\program files\Skype Recorder
2012-09-09 12:02 . 2012-09-09 12:02        153        ----a-w-        c:\users\Janis\settings.bin
2012-09-07 15:56 . 2012-09-07 15:56        --------        d-----w-        c:\program files\Tunatic
2012-09-06 09:37 . 2012-09-06 09:37        --------        d-----w-        c:\users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-05 09:07 . 2012-09-05 09:07        --------        d-----w-        c:\users\Janis\AppData\Roaming\Iminent
2012-09-05 07:52 . 2012-09-05 07:52        --------        d-----r-        c:\users\Janis\sound
2012-09-04 20:35 . 2012-09-05 20:26        --------        d-----w-        c:\users\Janis\AppData\Roaming\vlc
2012-09-04 20:34 . 2012-09-04 20:34        --------        d-----w-        c:\program files\VideoLAN
2012-09-04 14:26 . 2012-09-04 14:27        --------        d-----w-        c:\users\Janis\savegame cod 4 janis
2012-09-04 08:17 . 2012-09-04 08:17        --------        d-----w-        c:\program files\Common Files\Java
2012-09-04 08:12 . 2012-09-04 08:11        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 08:11 . 2012-09-04 08:11        --------        d-----w-        c:\program files\Java
2012-09-04 08:09 . 2012-09-04 08:09        --------        d-----w-        c:\users\Janis\PS3
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 20:51 . 2012-04-11 23:57        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 20:51 . 2012-04-11 23:57        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-04 08:11 . 2012-03-06 13:59        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-04 08:11 . 2012-03-06 13:59        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-14 22:19 . 2012-07-04 22:57        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-03-06 6475264]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Skype Recorder"="c:\program files\Skype Recorder\Skype Recorder.exe" [2012-09-09 720896]
.
c:\users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
explorer.exe [2011-2-26 2614784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2012-9-10 1671168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54        91520        ----a-w-        c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-06 13:33        136176        ----atw-        c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33        17418928        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:51]
.
2012-10-03 c:\windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
- c:\programdata\Premium\GBox\GBox.exe [2012-10-01 12:31]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.1.0.20&sap=hp
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 82.212.62.62 192.168.0.1
FF - ProfilePath - c:\users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e9e69524c&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.2.5.32&sap=ku&q=
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.hardId - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Fztitn - c:\users\Janis\AppData\Roaming\Fztitn.exe
MSConfigStartUp-Fztitn - c:\users\Janis\AppData\Roaming\Fztitn.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
  91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
  04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
  35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
  38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
  ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*M*a*i*l*aާG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*Ö‘Um\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*ƛi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*»ýi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*m*a*r*i*o*_*w*i*n*a*n*s*_*-*_*i*_*n*e*e*d*_*a*_*g*i*r*l*_*p*a*r*t*_*3*ˆmm\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*G|št]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4a,61,6e,69,73,5c,44,65,73,6b,74,6f,70,5c,
  47,65,72,6d,61,6e,20,54,6f,70,20,31,30,30,20,53,69,6e,67,6c,65,20,43,68,61,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€ŸÞ§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9f,de,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€žß§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9e,df,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-03  17:54:17
ComboFix-quarantined-files.txt  2012-10-03 15:54
ComboFix2.txt  2012-10-03 10:00
.
Vor Suchlauf: 29 Verzeichnis(se), 21.680.721.920 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 21.752.598.528 Bytes frei
.
- - End Of File - - D1711FB957BBBCE9F0450E85E2704112
--- --- ---

schrauber 03.10.2012 18:19
Zitat:
ausgeführt von:: c:\downloads\ComboFix.exe
Verschieb doch einfach die Combofix.exe vom Downloads-Ordner auf den Desktop :)

Janis540 03.10.2012 19:44
:balla: dafuq

Ich hab das Teil doch auf den Desktop gezogen o__o
Ok ich machs nochmal :crazy:

schrauber 03.10.2012 19:51
Mach am Besten ausschneiden/einfügen, nicht dass du durch irgend nen dummen zufall nur ne verknüpfung machst :)

Janis540 03.10.2012 20:26
Rate, was ich aus irgend nem dummen Zufall gemacht hab...:kloppen:

Aber egal :P Hier ist jetz das richtige:

Combofix Logfile:
Code:
ComboFix 12-10-03.03 - Janis 03.10.2012  20:52:53.3.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1033.18.1014.359 [GMT 2:00]
ausgeführt von:: c:\users\Janis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-03 bis 2012-10-03  ))))))))))))))))))))))))))))))
.
.
2012-10-03 19:11 . 2012-10-03 19:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-03 15:54 . 2012-10-03 19:11        --------        d-----w-        c:\users\Janis\AppData\Local\temp
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\Premium
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\SProtector
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\program files\GadgetBox
2012-10-01 19:29 . 2012-10-01 19:29        --------        d-----w-        c:\programdata\InstallMate
2012-09-30 17:11 . 2012-09-30 17:11        --------        d-----w-        c:\program files\ps3emu
2012-09-26 18:31 . 2012-10-03 17:46        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB8ABBD-B80F-46C1-9878-7292DDC844C6}\offreg.dll
2012-09-20 21:00 . 2012-09-20 21:00        --------        d-----w-        c:\windows\Profiles
2012-09-20 20:59 . 2012-09-20 21:00        --------        d-----w-        c:\users\Cinema 4D
2012-09-18 19:40 . 2012-09-18 19:40        --------        d-----w-        c:\windows\Sun
2012-09-17 15:10 . 2012-09-17 15:11        --------        d-----w-        c:\users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 14:57 . 2012-09-14 14:57        --------        d-----w-        c:\users\Janis\flash-disinfector-
2012-09-10 18:23 . 2012-09-10 18:23        --------        d-----w-        c:\programdata\ALM
2012-09-10 18:01 . 2012-09-10 18:25        --------        d-----w-        c:\users\Janis\crack il
2012-09-10 16:14 . 2012-09-10 16:15        --------        d-----w-        c:\users\Janis\stick musik
2012-09-10 14:48 . 2012-09-26 19:34        --------        d-----w-        c:\programdata\Ralink
2012-09-10 14:45 . 2010-02-24 13:06        562464        ----a-w-        c:\windows\system32\drivers\netr73.sys
2012-09-10 14:45 . 2010-02-24 12:07        226592        ----a-w-        c:\windows\system32\RaCoInst.dll
2012-09-10 14:43 . 2009-12-10 10:16        776480        ----a-w-        c:\windows\system32\RAIHV.dll
2012-09-10 14:43 . 2009-12-10 10:16        102688        ----a-w-        c:\windows\system32\RAEXTUI.dll
2012-09-10 14:43 . 2009-12-10 10:16        1590560        ----a-w-        c:\windows\system32\RaCertMgr.dll
2012-09-10 14:43 . 2012-09-10 14:43        --------        d-----w-        c:\program files\Hama
2012-09-09 12:12 . 2012-09-20 21:00        --------        d-----w-        c:\program files\Skype Recorder
2012-09-09 12:02 . 2012-09-09 12:02        153        ----a-w-        c:\users\Janis\settings.bin
2012-09-07 15:56 . 2012-09-07 15:56        --------        d-----w-        c:\program files\Tunatic
2012-09-06 09:37 . 2012-09-06 09:37        --------        d-----w-        c:\users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-05 09:07 . 2012-09-05 09:07        --------        d-----w-        c:\users\Janis\AppData\Roaming\Iminent
2012-09-05 07:52 . 2012-09-05 07:52        --------        d-----r-        c:\users\Janis\sound
2012-09-04 20:35 . 2012-09-05 20:26        --------        d-----w-        c:\users\Janis\AppData\Roaming\vlc
2012-09-04 20:34 . 2012-09-04 20:34        --------        d-----w-        c:\program files\VideoLAN
2012-09-04 14:26 . 2012-09-04 14:27        --------        d-----w-        c:\users\Janis\savegame cod 4 janis
2012-09-04 08:17 . 2012-09-04 08:17        --------        d-----w-        c:\program files\Common Files\Java
2012-09-04 08:12 . 2012-09-04 08:11        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 08:11 . 2012-09-04 08:11        --------        d-----w-        c:\program files\Java
2012-09-04 08:09 . 2012-09-04 08:09        --------        d-----w-        c:\users\Janis\PS3
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 20:51 . 2012-04-11 23:57        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 20:51 . 2012-04-11 23:57        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-04 08:11 . 2012-03-06 13:59        821736        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-04 08:11 . 2012-03-06 13:59        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-14 22:19 . 2012-07-04 22:57        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-03-06 6475264]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Skype Recorder"="c:\program files\Skype Recorder\Skype Recorder.exe" [2012-09-09 720896]
.
c:\users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
explorer.exe [2011-2-26 2614784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2012-9-10 1671168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54        91520        ----a-w-        c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-06 13:33        136176        ----atw-        c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33        17418928        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:51]
.
2012-10-03 c:\windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
- c:\programdata\Premium\GBox\GBox.exe [2012-10-01 12:31]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 23:50]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
- c:\users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 13:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.1.0.20&sap=hp
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 82.212.62.62 192.168.0.1
FF - ProfilePath - c:\users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e9e69524c&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54&v=12.2.5.32&sap=ku&q=
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500236973251394706402012061719195630');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.hardId - 70fd172f00000000000000235a6166e6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
  91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
  04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
  35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
  38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
  ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*M*a*i*l*aާG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*Ö‘Um\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*ƛi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*»ýi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*m*a*r*i*o*_*w*i*n*a*n*s*_*-*_*i*_*n*e*e*d*_*a*_*g*i*r*l*_*p*a*r*t*_*3*ˆmm\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G|št\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€ŸÞ§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€žß§G\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*G|št]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4a,61,6e,69,73,5c,44,65,73,6b,74,6f,70,5c,
  47,65,72,6d,61,6e,20,54,6f,70,20,31,30,30,20,53,69,6e,67,6c,65,20,43,68,61,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€ŸÞ§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9f,de,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€žß§G]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,00,61,00,6c,00,20,00,43,00,61,00,6e,00,6e,00,56,fa,a2,42,2e,00,00,
  80,9e,df,a7,47,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-03  21:16:37
ComboFix-quarantined-files.txt  2012-10-03 19:16
ComboFix2.txt  2012-10-03 10:00
.
Vor Suchlauf: 29 Verzeichnis(se), 18.122.334.208 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 17.834.000.384 Bytes frei
.
- - End Of File - - 7E6B314E5AC42F013C7B44C246271941
--- --- ---

schrauber 04.10.2012 06:32
Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Janis540 04.10.2012 18:03
Danke schrauber, hier ist das Text file:

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 17:56:18
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Janis - JANIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Janis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchTheWeb.xml
File Found : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\searchplugins\SearchTheWeb.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Iminent
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Janis\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Janis\AppData\Roaming\Iminent
Folder Found : C:\Users\Janis\AppData\Roaming\Media Finder
Folder Found : C:\Users\Janis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registry] *****

Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKU\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2531966209-3547886753-3818554424-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_5_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "70fd172f00000000000000235a6166e6");
Found : user_pref("extensions.BabylonToolbar_i.id", "70fd172f00000000000000235a6166e6");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15511");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:56:43");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("greasemonkey.scriptvals.71f8f12556abe601d230ac099af2e207/Sharecash survey bypasser, metho[...]
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",
Found [l.1764] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",

*************************

AdwCleaner[R1].txt - [20972 octets] - [04/10/2012 17:56:18]

########## EOF - C:\AdwCleaner[R1].txt - [21033 octets] ##########

schrauber 04.10.2012 18:04
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Und jetzt versuch bitte nochmal OTL, lad aber eine neue Version.

Janis540 04.10.2012 19:01
Ok, hier ist das:

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 19:49:58
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Janis - JANIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Janis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchTheWeb.xml
File Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\searchplugins\SearchTheWeb.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Janis\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Janis\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Janis\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\prefs.js

C:\Users\Janis\AppData\Roaming\Mozilla\Firefox\Profiles\bw776v5k.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=f4539de6-f4fd-40fe-9b84-0c6e[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=060612_5_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "70fd172f00000000000000235a6166e6");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "70fd172f00000000000000235a6166e6");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15511");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=06061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:56:43");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("greasemonkey.scriptvals.71f8f12556abe601d230ac099af2e207/Sharecash survey bypasser, metho[...]
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",
Deleted [l.1764] : homepage = "hxxps://isearch.avg.com/?cid={123DB6E3-65D0-4739-BE8A-6F30961BFD49}&mid=796bcf77900347d08b28d16a1c858f15-4dda9021002b6c4077fe60294b0ad61d9441fe9a&lang=en&ds=yu012&pr=sa&d=2012-08-14 15:54:10&v=12.1.0.20&sap=hp",

*************************

AdwCleaner[R1].txt - [21103 octets] - [04/10/2012 17:56:18]
AdwCleaner[S1].txt - [21534 octets] - [04/10/2012 19:49:58]

########## EOF - C:\AdwCleaner[S1].txt - [21595 octets] ##########

schrauber 04.10.2012 20:28
Und OTL? Geht es jetzt?

Janis540 05.10.2012 13:12
OTL geht jetzt, ja

Hier ist der Log:OTL Logfile:
Code:
OTL logfile created on: 10/4/2012 10:59:32 PM - Run 1
OTL by OldTimer - Version 3.2.70.1    Folder = C:\Users\Janis\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1013.95 Mb Total Physical Memory | 392.39 Mb Available Physical Memory | 38.70% Memory free
2.27 Gb Paging File | 1.52 Gb Available in Paging File | 67.01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.64 Gb Total Space | 14.29 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
 
Computer Name: JANIS-PC | User Name: Janis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
PRC - [2012/07/11 17:59:56 | 002,637,624 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2012/07/11 17:51:24 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2012/03/06 16:43:46 | 006,475,264 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
PRC - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2012/03/06 16:43:38 | 005,186,048 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/05 22:54:42 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Hama\Common\RaRegistry.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/11 17:55:56 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2012/05/14 20:45:22 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/14 17:53:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 17:52:29 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/14 17:41:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/03/06 16:58:52 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.196.0__6d6a20262490fcdc\bcmwlrmt.dll
MOD - [2011/10/07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/06/10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/21 22:51:37 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\macromed\flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 21:49:20 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Janis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/03/06 16:43:37 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/05 22:54:54 | 000,167,576 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S6000KNT.sys -- (S6000KNT)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/03/29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/02/24 15:06:00 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 CA C0 59 9D FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 20:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2012/10/04 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions
[2012/04/19 15:47:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/10 10:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/14 16:05:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\firefox\profiles\bw776v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/05 00:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\~
CHR - Extension: Google-Suche = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WonTube Video Converter = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfigjmcmfpplbaglfnfhdeoammgbegk\1.0.7_0\
CHR - Extension: Apple Logo In Space = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljlognecgfcofnehmmjmpjclelokgac\1_0\
CHR - Extension: AdBlock = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Download Youtube Chrome = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpciaebjcjaeeodcmalemehhnpilainh\1.7_0\
CHR - Extension: Fast save = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjfpblpicbbkbihfhlijecbiadiehaa\1.1_0\
CHR - Extension: Google Mail = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/03 17:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe (ExtraLabs Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MP3 Skype Recorder] C:\Programme\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FECF99-3B43-4B79-86CF-19CD04F12C59}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D919A74-7B99-489D-A36B-D638B135663D}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECCD3BF-6684-4A29-98B1-59BDF8643224}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\PROGRA~2\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/04 22:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 22:25:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2012/10/03 21:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 19:00:48 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
[2012/10/03 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Local\temp
[2012/10/03 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Gothic 2Soundtrack
[2012/10/03 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\GOTHIC 1+2+3  Original Soundtrack
[2012/10/03 11:28:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 11:28:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 11:28:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 11:20:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 11:19:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/02 17:34:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/10/01 21:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector
[2012/10/01 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\GadgetBox
[2012/09/30 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\ps3emu
[2012/09/29 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Chariots of Fire
[2012/09/20 23:00:03 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2012/09/18 21:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/17 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
[2012/09/14 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\flash-disinfector-
[2012/09/13 23:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/12 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Virtual Dub
[2012/09/10 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/09/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\crack il
[2012/09/10 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Janis\stick musik
[2012/09/10 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/09/10 16:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012/09/10 16:45:14 | 000,562,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2012/09/10 16:45:14 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012/09/10 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT7x Driver
[2012/09/10 16:43:52 | 000,776,480 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2012/09/10 16:43:52 | 000,102,688 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2012/09/10 16:43:50 | 001,590,560 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2012/09/10 16:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hama
[2012/09/09 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Janis\Documents\Skype Call Recordings
[2012/09/09 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Recorder
[2012/09/09 14:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Skype Recorder
[2012/09/07 17:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2012/09/07 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2012/09/07 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Cinema 4D & Sony Vegas
[2012/09/06 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/05 09:52:20 | 000,000,000 | R--D | C] -- C:\Users\Janis\sound
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/04 23:10:57 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/10/04 23:02:09 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 22:51:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 22:25:35 | 000,000,358 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/04 22:06:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 22:05:19 | 094,072,832 | ---- | M] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 21:54:44 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/04 19:57:14 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:57:14 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 19:51:42 | 797,401,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 19:44:02 | 000,002,067 | ---- | M] () -- C:\Users\Janis\Desktop\Gothic II spielen.lnk
[2012/10/04 17:54:51 | 000,513,501 | ---- | M] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/04 17:42:08 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/10/03 17:49:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 12:16:11 | 000,144,058 | ---- | M] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:25:22 | 000,108,243 | ---- | M] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:36 | 000,082,984 | ---- | M] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:54 | 000,127,538 | ---- | M] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | M] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 23:10:18 | 000,441,673 | ---- | M] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/26 20:28:39 | 003,812,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/24 18:58:59 | 001,544,593 | ---- | M] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/18 22:05:10 | 000,048,463 | ---- | M] () -- C:\energyreport.html
[2012/09/18 19:37:19 | 000,057,538 | ---- | M] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | M] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/13 23:03:58 | 000,696,002 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/13 23:03:58 | 000,653,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 23:03:58 | 000,148,494 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/13 23:03:58 | 000,121,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 20:20:19 | 000,256,507 | ---- | M] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 16:47:53 | 000,001,916 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:36 | 000,008,122 | ---- | M] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:57 | 000,000,153 | ---- | M] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:16 | 000,228,227 | ---- | M] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:41 | 008,018,917 | ---- | M] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | M] () -- C:\Users\Janis\Tunatic.lnk
 
========== Files Created - No Company Name ==========
 
[2012/10/04 20:19:04 | 094,072,832 | ---- | C] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 19:44:02 | 000,002,067 | ---- | C] () -- C:\Users\Janis\Desktop\Gothic II spielen.lnk
[2012/10/04 17:54:56 | 000,513,501 | ---- | C] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 12:16:00 | 000,144,058 | ---- | C] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/03 11:28:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 11:28:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 11:28:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 11:28:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 11:28:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/01 21:25:21 | 000,108,243 | ---- | C] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:35 | 000,082,984 | ---- | C] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:53 | 000,127,538 | ---- | C] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | C] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 22:48:48 | 000,441,673 | ---- | C] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/24 18:58:55 | 001,544,593 | ---- | C] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/22 19:44:37 | 004,037,598 | ---- | C] () -- C:\Users\Janis\Desktop\1045When_You_Say_Nothing_At_All_Instrumental.mp3
[2012/09/18 22:05:10 | 000,048,463 | ---- | C] () -- C:\energyreport.html
[2012/09/18 19:37:46 | 000,057,538 | ---- | C] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | C] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/14 18:31:06 | 000,002,993 | ---- | C] () -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012/09/11 20:20:17 | 000,256,507 | ---- | C] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 20:58:35 | 000,999,999 | ---- | C] () -- C:\Users\Janis\Desktop\patch_mp.ff
[2012/09/10 20:23:39 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012/09/10 16:47:53 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:49 | 000,008,122 | ---- | C] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:56 | 000,000,153 | ---- | C] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:22 | 000,228,227 | ---- | C] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:17 | 008,018,917 | ---- | C] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | C] () -- C:\Users\Janis\Tunatic.lnk
[2012/09/06 11:24:44 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/08/28 23:51:07 | 000,007,618 | ---- | C] () -- C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
[2012/08/28 18:28:34 | 000,001,896 | ---- | C] () -- C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
[2012/08/28 18:28:34 | 000,001,824 | ---- | C] () -- C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
[2012/07/17 15:30:15 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2012/07/01 00:35:20 | 000,000,204 | ---- | C] () -- C:\Windows\iplayer.INI
[2012/06/28 17:26:14 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2012/06/28 17:17:48 | 000,000,000 | -H-- | C] () -- C:\Windows\popcreg.dat
[2012/06/03 16:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012/05/06 18:26:58 | 000,141,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/20 21:49:46 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/03/14 00:21:51 | 000,005,120 | ---- | C] () -- C:\Users\Janis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 20:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/03/13 03:17:10 | 000,004,873 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012/03/10 15:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/10 15:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/10 15:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/10 15:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/10 15:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/10 15:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/07 00:41:56 | 000,696,002 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/03/07 00:41:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/03/07 00:41:56 | 000,148,494 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/03/07 00:41:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/03/06 16:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/03/06 16:33:23 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/26 18:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 18:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 18:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 18:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 18:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 18:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 18:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 18:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 18:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 18:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/12/07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/07/16 15:18:29 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\.minecraft
[2012/05/14 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\AVG2012
[2012/07/28 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Canneverbe Limited
[2012/09/02 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/30 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\dclogs
[2012/08/28 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Dev-Cpp
[2012/03/08 02:38:16 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\GrabPro
[2012/06/13 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\JGoodies
[2012/03/06 16:41:51 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Leadertech
[2012/09/07 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MAXON
[2012/03/13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MOVAVI
[2012/07/03 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MP3SkypeRecorder
[2012/10/04 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Orbit
[2012/03/08 02:38:24 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\ProgSense
[2012/03/22 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Publish Providers
[2012/07/27 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony
[2012/03/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony Creative Software Inc
[2012/09/06 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\tmp
[2012/08/12 00:37:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\TS3Client
[2012/10/03 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\uTorrent
[2012/06/13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft
[2012/03/23 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/15 12:59:16 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/10/04 22:55:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/01/17 15:46:55 | 000,000,000 | ---D | M] -- C:\6f4fa04be47527fb0856c464b66d7966
[2012/05/13 00:50:00 | 000,000,000 | ---D | M] -- C:\8aa953f02b455675f2af12
[2012/01/23 17:36:13 | 000,000,000 | ---D | M] -- C:\97eaaf4b7917584c9904a1aa2671ea5f
[2012/05/14 22:08:24 | 000,000,000 | ---D | M] -- C:\a3c3cc5760d8e7d9b184239e
[2012/03/06 22:44:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012/07/17 18:59:28 | 000,000,000 | ---D | M] -- C:\bPlayer2
[2012/02/03 15:44:00 | 000,000,000 | ---D | M] -- C:\CanoScan
[2012/10/04 22:55:22 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/04 16:30:30 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb
[2012/08/28 11:35:33 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/18 17:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente
[2012/10/04 22:56:21 | 000,000,000 | ---D | M] -- C:\Downloads
[2012/07/15 21:08:31 | 000,000,000 | ---D | M] -- C:\Fraps
[2012/06/16 19:47:22 | 000,000,000 | ---D | M] -- C:\GAMIGO
[2012/01/17 17:26:52 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 18:06:12 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/01/18 20:23:53 | 000,000,000 | ---D | M] -- C:\p
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/04 19:50:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/04 19:50:00 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/09/08 23:50:56 | 000,000,000 | R--D | M] -- C:\Programme
[2012/10/04 21:56:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/06 14:02:25 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/02/02 17:34:52 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012/10/04 23:05:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/06 14:28:03 | 000,000,000 | ---D | M] -- C:\thief 2 missionen
[2012/06/05 18:14:12 | 000,000,000 | ---D | M] -- C:\ThiefG
[2012/09/20 22:59:32 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/04 11:26:16 | 000,000,000 | ---D | M] -- C:\VueScan
[2012/10/04 22:50:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012/10/03 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\CrashDumps
[2012/10/04 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\ElevatedDiagnostics
[2012/10/04 23:18:37 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\temp

< End of report >
--- --- ---

schrauber 05.10.2012 13:21
Bestehen noch Probleme?

Janis540 05.10.2012 13:42
Nein,

Also die Dateien werden jetz nicht mehr erstellt. Bis jetzt zumindest. Also es hat auf jede Fall geholfen.
Danke nochmal dafür :dankeschoen:

Hat das jetz alle Viren gelöscht oder nur die in dem Roaming Ordner?

schrauber 05.10.2012 13:58
AdwCleaner öffnen > Uninstall

Windows-Taste+R > Combofix /Uninstall > Enter drücken



Tool-Bereinigung mit OTC
Bitte lade Dir OTC von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTC.exe um das Programm auszuführen.
  • Eine Datei* sollte nun heruntergeladen werden.
    *Das ist eine Datei mit einer Liste von Helferprogrammen, die dann automatisch von Deinem System entfernt werden.
  • OTC fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTC und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind.





Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Janis540 05.10.2012 19:55
Die Dateien sind wieder erstellt worden :headbang:

schrauber 06.10.2012 09:18
Wann genau? Was hast Du gemacht?

Janis540 06.10.2012 10:43
Es sind zwei Dateien erstellt worden.
Und zwar beide am 05.10.2012 um 22.10
Ich habe gar nichts gemacht außer sie bei den Prozessen wieder zu beenden.
aus dem Roaming Ordner habe ich sie nicht gelöscht

schrauber 07.10.2012 09:34
Poste mal ein frisches OTL Logfile bitte.

Janis540 07.10.2012 20:04
Habs nochmal gemacht:OTL Logfile:
Code:
OTL logfile created on: 10/7/2012 8:48:42 PM - Run 2
OTL by OldTimer - Version 3.2.70.1    Folder = C:\Users\Janis\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1013.95 Mb Total Physical Memory | 655.46 Mb Available Physical Memory | 64.64% Memory free
2.27 Gb Paging File | 1.55 Gb Available in Paging File | 68.24% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.64 Gb Total Space | 12.44 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
 
Computer Name: JANIS-PC | User Name: Janis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
PRC - [2012/03/06 16:43:46 | 006,475,264 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
PRC - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2012/03/06 16:43:38 | 005,186,048 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/05 22:54:42 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Hama\Common\RaRegistry.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/14 20:45:22 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/14 17:53:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 17:52:29 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/14 17:41:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/03/06 16:58:52 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.196.0__6d6a20262490fcdc\bcmwlrmt.dll
MOD - [2011/10/07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/06/10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- c:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/21 22:51:37 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\macromed\flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 21:49:20 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2012/03/06 16:43:46 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Janis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/03/06 16:43:37 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/05 22:54:54 | 000,167,576 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S6000KNT.sys -- (S6000KNT)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/03/29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/02/24 15:06:00 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic hxxp://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 CA C0 59 9D FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Janis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 20:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions
[2012/04/02 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2012/10/04 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions
[2012/04/19 15:47:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/10 10:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Janis\AppData\Roaming\mozilla\Firefox\Profiles\bw776v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/14 16:05:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Janis\AppData\Roaming\mozilla\firefox\profiles\bw776v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/05 00:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Janis\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\
CHR - Extension: Bypass Surveys = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\~
CHR - Extension: Google-Suche = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WonTube Video Converter = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfigjmcmfpplbaglfnfhdeoammgbegk\1.0.7_0\
CHR - Extension: Apple Logo In Space = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljlognecgfcofnehmmjmpjclelokgac\1_0\
CHR - Extension: AdBlock = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Download Youtube Chrome = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpciaebjcjaeeodcmalemehhnpilainh\1.7_0\
CHR - Extension: Fast save = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjfpblpicbbkbihfhlijecbiadiehaa\1.1_0\
CHR - Extension: Google Mail = C:\Users\Janis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/03 17:49:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [Skype Recorder] C:\Program Files\Skype Recorder\Skype Recorder.exe (ExtraLabs Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MP3 Skype Recorder] C:\Programme\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKCU..\Run: [WINSXS32] C:\Users\Janis\AppData\Roaming\BCAD.exe (Ufasoft)
O4 - Startup: C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FECF99-3B43-4B79-86CF-19CD04F12C59}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D919A74-7B99-489D-A36B-D638B135663D}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE28F08E-E615-46C3-9091-3A3AF9BF2C0A}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECCD3BF-6684-4A29-98B1-59BDF8643224}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\PROGRA~2\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Janis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/06 16:03:11 | 000,342,016 | ---- | C] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\BCAD.exe
[2012/10/05 22:10:28 | 000,342,016 | ---- | C] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\A303.exe
[2012/10/05 22:04:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/10/04 22:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 22:25:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/10/04 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2012/10/03 21:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 19:00:48 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
[2012/10/03 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Janis\AppData\Local\temp
[2012/10/03 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Gothic 2Soundtrack
[2012/10/03 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\GOTHIC 1+2+3  Original Soundtrack
[2012/10/03 11:28:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 11:28:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 11:28:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 11:20:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 11:19:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/02 17:34:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector
[2012/10/01 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\GadgetBox
[2012/09/30 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\ps3emu
[2012/09/29 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Chariots of Fire
[2012/09/20 23:00:03 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2012/09/18 21:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/17 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
[2012/09/14 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\flash-disinfector-
[2012/09/13 23:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/12 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\Janis\Desktop\Virtual Dub
[2012/09/10 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/09/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Janis\crack il
[2012/09/10 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Janis\stick musik
[2012/09/10 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/09/10 16:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012/09/10 16:45:14 | 000,562,464 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys
[2012/09/10 16:45:14 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012/09/10 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT7x Driver
[2012/09/10 16:43:52 | 000,776,480 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2012/09/10 16:43:52 | 000,102,688 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2012/09/10 16:43:50 | 001,590,560 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2012/09/10 16:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hama
[2012/09/09 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Janis\Documents\Skype Call Recordings
[2012/09/09 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Recorder
[2012/09/09 14:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Skype Recorder
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/07 20:51:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/07 20:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/10/07 20:02:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 17:12:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 13:08:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/10/07 11:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 16:03:11 | 000,342,016 | ---- | M] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\BCAD.exe
[2012/10/06 11:49:18 | 000,155,015 | ---- | M] () -- C:\Users\Janis\Desktop\9281_4348066031184_1120896764_n.jpg
[2012/10/05 22:20:20 | 000,002,107 | ---- | M] () -- C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
[2012/10/05 22:14:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 22:14:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 22:10:28 | 000,342,016 | ---- | M] (Ufasoft) -- C:\Users\Janis\AppData\Roaming\A303.exe
[2012/10/05 22:09:15 | 000,000,358 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/05 22:08:55 | 797,401,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 18:17:21 | 015,139,783 | ---- | M] () -- C:\Users\Janis\Desktop\Archie_-_Leto_(Radio_Edit)_www.soundsLARGE.com.mp3
[2012/10/04 23:28:40 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/10/04 22:05:19 | 094,072,832 | ---- | M] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 21:54:44 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Janis\Desktop\ComboFix.exe
[2012/10/04 17:54:51 | 000,513,501 | ---- | M] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 17:49:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 12:16:11 | 000,144,058 | ---- | M] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/02 03:26:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Janis\Desktop\OTL.exe
[2012/10/01 21:25:22 | 000,108,243 | ---- | M] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:36 | 000,082,984 | ---- | M] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:54 | 000,127,538 | ---- | M] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | M] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 23:10:18 | 000,441,673 | ---- | M] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/26 20:28:39 | 003,812,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/24 18:58:59 | 001,544,593 | ---- | M] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/18 22:05:10 | 000,048,463 | ---- | M] () -- C:\energyreport.html
[2012/09/18 19:37:19 | 000,057,538 | ---- | M] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | M] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/13 23:03:58 | 000,696,002 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/13 23:03:58 | 000,653,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 23:03:58 | 000,148,494 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/13 23:03:58 | 000,121,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 20:20:19 | 000,256,507 | ---- | M] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 16:47:53 | 000,001,916 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:36 | 000,008,122 | ---- | M] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:57 | 000,000,153 | ---- | M] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:16 | 000,228,227 | ---- | M] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:41 | 008,018,917 | ---- | M] () -- C:\Users\Janis\c scan 1.jdr
 
========== Files Created - No Company Name ==========
 
[2012/10/06 11:49:05 | 000,155,015 | ---- | C] () -- C:\Users\Janis\Desktop\9281_4348066031184_1120896764_n.jpg
[2012/10/05 18:17:53 | 015,139,783 | ---- | C] () -- C:\Users\Janis\Desktop\Archie_-_Leto_(Radio_Edit)_www.soundsLARGE.com.mp3
[2012/10/04 23:28:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/10/04 23:23:49 | 000,002,107 | ---- | C] () -- C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
[2012/10/04 20:19:04 | 094,072,832 | ---- | C] () -- C:\Users\Janis\Desktop\2012-10-04 time 20_19_03 Incoming Peer-to-Peer Call schwarzrotgold__-.mp3
[2012/10/04 17:54:56 | 000,513,501 | ---- | C] () -- C:\Users\Janis\Desktop\adwcleaner.exe
[2012/10/03 12:16:00 | 000,144,058 | ---- | C] () -- C:\Users\Janis\Desktop\255463_515354561826153_349552226_n.jpg
[2012/10/03 11:28:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 11:28:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 11:28:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 11:28:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 11:28:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
[2012/10/01 21:25:21 | 000,108,243 | ---- | C] () -- C:\Users\Janis\Documents\Unbenannt.wma
[2012/09/30 19:27:35 | 000,082,984 | ---- | C] () -- C:\Users\Janis\Desktop\task manager.png
[2012/09/30 19:24:53 | 000,127,538 | ---- | C] () -- C:\Users\Janis\Desktop\virus.png
[2012/09/30 19:12:56 | 000,001,901 | ---- | C] () -- C:\Users\Janis\Desktop\PS3Emu.lnk
[2012/09/26 22:48:48 | 000,441,673 | ---- | C] () -- C:\Users\Janis\Desktop\m4xfps logo keks.ai
[2012/09/24 18:58:55 | 001,544,593 | ---- | C] () -- C:\Users\Janis\Desktop\gsblogo.png
[2012/09/22 19:44:37 | 004,037,598 | ---- | C] () -- C:\Users\Janis\Desktop\1045When_You_Say_Nothing_At_All_Instrumental.mp3
[2012/09/18 22:05:10 | 000,048,463 | ---- | C] () -- C:\energyreport.html
[2012/09/18 19:37:46 | 000,057,538 | ---- | C] () -- C:\Users\Janis\psn_card_us_10_dollar_14258196_BSBRGLXQ.jpg
[2012/09/14 18:31:06 | 000,003,033 | ---- | C] () -- C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
[2012/09/14 18:31:06 | 000,002,993 | ---- | C] () -- C:\Users\Janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012/09/11 20:20:17 | 000,256,507 | ---- | C] () -- C:\Users\Janis\Unbenannt.png
[2012/09/10 20:58:35 | 000,999,999 | ---- | C] () -- C:\Users\Janis\Desktop\patch_mp.ff
[2012/09/10 20:23:39 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012/09/10 16:47:53 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012/09/10 15:15:49 | 000,008,122 | ---- | C] () -- C:\Users\Janis\main.jpg
[2012/09/09 14:02:56 | 000,000,153 | ---- | C] () -- C:\Users\Janis\settings.bin
[2012/09/09 10:56:22 | 000,228,227 | ---- | C] () -- C:\Users\Janis\Fichte gitarre _1.jpg
[2012/09/08 12:36:17 | 008,018,917 | ---- | C] () -- C:\Users\Janis\c scan 1.jdr
[2012/09/07 17:56:24 | 000,001,765 | ---- | C] () -- C:\Users\Janis\Tunatic.lnk
[2012/08/28 23:51:07 | 000,007,618 | ---- | C] () -- C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
[2012/08/28 18:28:34 | 000,001,896 | ---- | C] () -- C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
[2012/08/28 18:28:34 | 000,001,824 | ---- | C] () -- C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
[2012/07/17 15:30:15 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2012/07/01 00:35:20 | 000,000,204 | ---- | C] () -- C:\Windows\iplayer.INI
[2012/06/28 17:26:14 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2012/06/28 17:17:48 | 000,000,000 | -H-- | C] () -- C:\Windows\popcreg.dat
[2012/06/03 16:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012/05/06 18:26:58 | 000,141,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/20 21:49:46 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/03/14 00:21:51 | 000,005,120 | ---- | C] () -- C:\Users\Janis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 20:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/03/13 03:17:10 | 000,004,873 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2012/03/10 15:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/10 15:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/10 15:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/10 15:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/10 15:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/10 15:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/07 00:41:56 | 000,696,002 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/03/07 00:41:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/03/07 00:41:56 | 000,148,494 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/03/07 00:41:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/03/06 16:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/03/06 16:33:23 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/26 18:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 18:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 18:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 18:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 18:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 18:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 18:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 18:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 18:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 18:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/12/07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/07/16 15:18:29 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\.minecraft
[2012/05/14 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\AVG2012
[2012/07/28 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Canneverbe Limited
[2012/09/02 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/30 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\dclogs
[2012/08/28 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Dev-Cpp
[2012/03/08 02:38:16 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\GrabPro
[2012/06/13 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\JGoodies
[2012/03/06 16:41:51 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Leadertech
[2012/09/07 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MAXON
[2012/03/13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MOVAVI
[2012/07/03 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\MP3SkypeRecorder
[2012/10/05 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Orbit
[2012/03/08 02:38:24 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\ProgSense
[2012/03/22 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Publish Providers
[2012/07/27 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony
[2012/03/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Sony Creative Software Inc
[2012/09/06 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/31 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\tmp
[2012/08/12 00:37:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\TS3Client
[2012/10/03 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\uTorrent
[2012/06/13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft
[2012/03/23 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/15 12:59:16 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/10/04 22:55:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/10/05 22:04:33 | 000,000,000 | ---D | M] -- C:\32788R22FWJFW
[2012/01/17 15:46:55 | 000,000,000 | ---D | M] -- C:\6f4fa04be47527fb0856c464b66d7966
[2012/05/13 00:50:00 | 000,000,000 | ---D | M] -- C:\8aa953f02b455675f2af12
[2012/01/23 17:36:13 | 000,000,000 | ---D | M] -- C:\97eaaf4b7917584c9904a1aa2671ea5f
[2012/05/14 22:08:24 | 000,000,000 | ---D | M] -- C:\a3c3cc5760d8e7d9b184239e
[2012/03/06 22:44:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012/07/17 18:59:28 | 000,000,000 | ---D | M] -- C:\bPlayer2
[2012/02/03 15:44:00 | 000,000,000 | ---D | M] -- C:\CanoScan
[2012/10/04 22:55:22 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/04 16:30:30 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb
[2012/08/28 11:35:33 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/18 17:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente
[2012/10/04 22:56:21 | 000,000,000 | ---D | M] -- C:\Downloads
[2012/07/15 21:08:31 | 000,000,000 | ---D | M] -- C:\Fraps
[2012/06/16 19:47:22 | 000,000,000 | ---D | M] -- C:\GAMIGO
[2012/01/17 17:26:52 | 000,000,000 | ---D | M] -- C:\Intel
[2012/01/17 18:06:12 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/01/18 20:23:53 | 000,000,000 | ---D | M] -- C:\p
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/04 19:50:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/05 22:06:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/09/08 23:50:56 | 000,000,000 | R--D | M] -- C:\Programme
[2012/10/04 21:56:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/06 14:02:25 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/02/02 17:34:52 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012/10/07 20:55:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/06 14:28:03 | 000,000,000 | ---D | M] -- C:\thief 2 missionen
[2012/06/05 18:14:12 | 000,000,000 | ---D | M] -- C:\ThiefG
[2012/09/20 22:59:32 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/04 11:26:16 | 000,000,000 | ---D | M] -- C:\VueScan
[2012/10/04 23:28:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012/10/03 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\CrashDumps
[2012/10/04 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\ElevatedDiagnostics
[2012/10/07 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Janis\AppData\Local\temp
 
<          >
[2009/07/14 06:53:46 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/03/06 15:33:50 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
[2012/03/06 15:33:51 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
[2012/04/12 01:57:13 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/04/17 01:50:32 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/17 01:50:34 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 21:29:38 | 000,000,358 | -H-- | C] () -- C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job

< End of report >
--- --- ---

schrauber 07.10.2012 20:30
Das machen wir jetzt mal ganz anders.


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Janis540 08.10.2012 16:16
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 08-10-2012 16:58:47
Running from D:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2012-03-06] (Broadcom Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe" [720896 2012-09-09] (ExtraLabs Software)
HKU\Cinema 4D\...\Run: [MicroUpdate] C:\Users\Cinema 4D\Documents\MSDCSC\msdcsc.exe [x]
HKU\Janis\...\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
HKU\Janis\...\Run: [Fztitn] C:\Users\Janis\AppData\Roaming\Fztitn.exe [195072 2012-10-08] (Microsoft Corporation)
HKU\Janis\...\Run: [WINSXS32] C:\Users\Janis\AppData\Roaming\BCAD.exe [342016 2012-10-06] (Ufasoft)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Janis\Start Menu\Programs\Startup\explorer.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 KMService; C:\Windows\system32\srvany.exe [8192 2012-03-20] ()
2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.)
2 wltrysvc; "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe" [5186048 2012-03-06] (Broadcom Corporation)
2 AVGIDSAgent; "c:\Program Files\AVG\AVG2012\avgidsagent.exe" [x]
2 avgwd; "c:\Program Files\AVG\AVG2012\avgwdsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2012-03-06] (Broadcom Corporation)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2010-03-29] (Atheros Communications, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-01] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-01] (Logitech, Inc.)
3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic hxxp://www.beyondlogic.org)
3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [167576 2010-08-05] (Windows (R) Win 7 DDK provider)
3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
3 catchme; \??\C:\Users\Janis\AppData\Local\Temp\catchme.sys [x]
3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
3 EraserUtilDrv11122; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [x]
3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-08 06:46 - 2012-10-07 02:37 - 00905954 ____A (Farbar) C:\Users\Janis\Desktop\FRST.exe
2012-10-08 06:43 - 2012-10-08 06:43 - 00195072 ___AH (Microsoft Corporation) C:\Users\Janis\AppData\Roaming\Fztitn.exe
2012-10-07 12:19 - 2012-10-07 12:29 - 00000063 ____A C:\Users\Janis\Desktop\test.bat
2012-10-06 06:03 - 2012-10-06 06:03 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\BCAD.exe
2012-10-05 12:10 - 2012-10-05 12:10 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\A303.exe
2012-10-05 12:06 - 2012-10-05 12:06 - 00001237 ____A C:\AdwCleaner[S2].txt
2012-10-05 12:05 - 2012-10-05 12:06 - 00001107 ____A C:\AdwCleaner[R2].txt
2012-10-05 12:04 - 2012-10-05 12:04 - 00000000 ____D C:\32788R22FWJFW
2012-10-04 13:28 - 2012-10-04 13:28 - 00004096 ____A C:\Windows\d3dx.dat
2012-10-04 13:23 - 2012-10-05 12:20 - 00002107 ____A C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 13:23 - 2012-10-04 13:23 - 00063770 ____A C:\Users\Janis\Desktop\Extras.Txt
2012-10-04 13:23 - 2012-10-04 13:23 - 00002091 ____A C:\Users\Cinema 4D\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 13:19 - 2012-10-07 11:02 - 00108070 ____A C:\Users\Janis\Desktop\OTL.Txt
2012-10-04 12:25 - 2012-10-04 12:55 - 00000000 ____D C:\ComboFix
2012-10-04 09:54 - 2012-10-04 09:54 - 00021665 ____A C:\Users\Janis\Desktop\AdwCleaner[S1].txt
2012-10-04 09:49 - 2012-10-04 09:50 - 00021665 ____A C:\AdwCleaner[S1].txt
2012-10-04 08:31 - 2012-10-04 08:31 - 00000000 ____D C:\Program Files\JoWooD
2012-10-04 07:56 - 2012-10-04 07:56 - 00021103 ____A C:\AdwCleaner[R1].txt
2012-10-04 07:54 - 2012-10-04 07:54 - 00513501 ____A C:\Users\Janis\Desktop\adwcleaner.exe
2012-10-03 11:16 - 2012-10-03 11:16 - 00019187 ____A C:\Users\Janis\Desktop\ComboFix.txt
2012-10-03 09:00 - 2012-10-03 09:07 - 00000000 ____D C:\Users\Janis\Desktop\Hannah Montana Forever - The Complete Season 4 [WEB-DL]-RDF
2012-10-03 03:19 - 2012-10-03 06:26 - 00000000 ____D C:\Users\Janis\Desktop\Gothic 2Soundtrack
2012-10-03 02:19 - 2012-10-03 06:26 - 00000000 ____D C:\Users\Janis\Desktop\GOTHIC 1+2+3 Original Soundtrack
2012-10-03 01:28 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-03 01:28 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-03 01:28 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-03 01:28 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-03 01:21 - 2012-10-04 11:56 - 00000000 ____D C:\Qoobox
2012-10-03 01:20 - 2012-10-03 01:57 - 00000000 ____D C:\Windows\erdnt
2012-10-03 01:19 - 2012-10-04 11:54 - 04762471 ____R (Swearware) C:\Users\Janis\Desktop\ComboFix.exe
2012-10-02 12:06 - 2012-10-02 12:17 - 00003954 ____A C:\Users\Janis\Desktop\Attach.txt
2012-10-02 12:04 - 2012-10-02 12:17 - 00019095 ____A C:\Users\Janis\Desktop\DDS.txt
2012-10-02 07:34 - 2012-10-01 17:26 - 00600064 ____A (OldTimer Tools) C:\Users\Janis\Desktop\OTL.exe
2012-10-01 11:29 - 2012-10-05 12:09 - 00000358 ___AH C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
2012-10-01 11:29 - 2012-10-01 11:29 - 00000000 ____D C:\Program Files\SProtector
2012-10-01 11:29 - 2012-10-01 11:29 - 00000000 ____D C:\Program Files\GadgetBox
2012-10-01 11:25 - 2012-10-01 11:25 - 00108243 ____A C:\Users\Janis\Documents\Unbenannt.wma
2012-10-01 07:00 - 2012-10-01 07:01 - 00342736 ____A C:\Windows\Minidump\100112-23041-01.dmp
2012-09-30 09:12 - 2012-09-30 09:12 - 00001901 ____A C:\Users\Janis\Desktop\PS3Emu.lnk
2012-09-30 09:11 - 2012-09-30 09:11 - 00000000 ____D C:\Program Files\ps3emu
2012-09-30 09:07 - 2012-09-30 09:10 - 71786357 ____A C:\Users\Janis\Downloads\PS3 emulator WORKING! ps3emu ver. 0.0.0.2 Sony Playstation games ROMs emulation.exe
2012-09-29 12:54 - 2012-09-29 12:52 - 00000229 ____A C:\Users\Janis\Desktop\PSN Codes Generator (1).txt
2012-09-29 12:38 - 2012-09-29 12:38 - 00000000 ____D C:\Users\Janis\Downloads\Vangelis - [Chariots Of Fire][OST] [www.pctorrent.com]
2012-09-29 12:38 - 2012-09-29 12:38 - 00000000 ____D C:\Users\Janis\Desktop\Chariots of Fire
2012-09-29 12:37 - 2012-09-29 12:37 - 00000073 ____A C:\Users\Janis\Downloads\Rapget.txt
2012-09-26 12:48 - 2012-09-26 13:10 - 00441673 ____A C:\Users\Janis\Desktop\m4xfps logo keks.ai
2012-09-22 01:32 - 2012-09-22 01:33 - 00342592 ____A C:\Windows\Minidump\092212-28142-01.dmp
2012-09-20 13:18 - 2012-09-20 13:18 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-20 13:10 - 2012-09-20 13:10 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\MAXON
2012-09-20 13:01 - 2012-09-20 13:01 - 00112400 ____A C:\Users\Cinema 4D\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 13:01 - 2012-09-20 13:01 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Logitech
2012-09-20 13:00 - 2012-09-20 13:17 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Adobe
2012-09-20 13:00 - 2012-09-20 13:16 - 00000000 ____D C:\Users\Cinema 4D\AppData\Local\Adobe
2012-09-20 12:59 - 2012-10-03 07:48 - 00000000 __SHD C:\Users\Cinema 4D\Documents\MSDCSC
2012-09-20 12:59 - 2012-09-20 13:00 - 00000000 ____D C:\users\Cinema 4D
2012-09-20 12:59 - 2012-09-20 12:59 - 00000020 __ASH C:\Users\Cinema 4D\ntuser.ini
2012-09-20 12:59 - 2012-03-07 15:54 - 00000000 ____D C:\Users\Cinema 4D\AppData\Roaming\Macromedia
2012-09-18 12:05 - 2012-09-18 12:05 - 00048463 ____A C:\energyreport.html
2012-09-18 11:40 - 2012-09-18 11:40 - 00000000 ____D C:\Windows\Sun
2012-09-17 07:10 - 2012-09-17 07:11 - 00000000 ____D C:\Users\Janis\2012-09-16 time 13_15_46 Outgoing Peer-to-Peer Call killakeks97_data
2012-09-14 08:31 - 2012-09-14 08:31 - 00003033 ____A C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
2012-09-14 06:57 - 2012-09-14 06:57 - 00000000 ____D C:\Users\Janis\flash-disinfector-
2012-09-13 10:54 - 2012-09-13 10:55 - 01553408 ____A (home-hacks.info) C:\Users\Janis\Downloads\FileIce Sharecash Premium Downloader.exe
2012-09-12 07:53 - 2012-09-12 07:54 - 00000000 ____D C:\Users\Janis\Desktop\Virtual Dub
2012-09-10 10:58 - 2012-06-05 05:13 - 00999999 ____A C:\Users\Janis\Desktop\patch_mp.ff
2012-09-10 10:23 - 2012-09-10 10:23 - 00000000 ____D C:\Users\All Users\ALM
2012-09-10 10:01 - 2012-09-10 10:25 - 00000000 ____D C:\Users\Janis\crack il
2012-09-10 08:14 - 2012-09-10 08:15 - 00000000 ____D C:\Users\Janis\stick musik
2012-09-10 06:48 - 2012-09-26 11:34 - 00000000 ____D C:\Users\All Users\Ralink
2012-09-10 06:45 - 2012-09-10 06:45 - 00000000 ____D C:\Users\All Users\RalinkRT7x Driver
2012-09-10 06:45 - 2010-02-24 05:06 - 00562464 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr73.sys
2012-09-10 06:45 - 2010-02-24 04:07 - 00226592 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInst.dll
2012-09-10 06:43 - 2012-09-10 06:43 - 00000000 ____D C:\Program Files\Hama
2012-09-10 06:43 - 2009-12-10 02:16 - 01590560 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2012-09-10 06:43 - 2009-12-10 02:16 - 00776480 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2012-09-10 06:43 - 2009-12-10 02:16 - 00102688 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2012-09-09 08:03 - 2012-09-09 08:03 - 00001272 ____A C:\Users\Janis\praktikum.txt
2012-09-09 04:16 - 2012-09-09 09:33 - 00000000 ____D C:\Users\Janis\Documents\Skype Call Recordings
2012-09-09 04:12 - 2012-09-20 13:00 - 00000000 ____D C:\Program Files\Skype Recorder
2012-09-09 04:05 - 2012-09-09 04:10 - 02807665 ____A C:\Users\Janis\Downloads\Skype Recorder incl.patch.rar
2012-09-09 04:02 - 2012-09-09 04:02 - 00000153 ____A C:\Users\Janis\settings.bin
2012-09-09 03:59 - 2012-09-09 04:00 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar
2012-09-09 03:56 - 2012-09-09 03:56 - 00000000 ____D C:\Users\Janis\Downloads\Call Recorder for Skype-v2.3.21-Resented
2012-09-08 02:36 - 2012-09-08 02:36 - 08018917 ____A C:\Users\Janis\c scan 1.jdr


==================== 3 Months Modified Files ==================

2012-10-08 06:55 - 2012-03-06 12:49 - 01553716 ____A C:\Windows\WindowsUpdate.log
2012-10-08 06:52 - 2012-03-06 05:33 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000Core.job
2012-10-08 06:51 - 2012-04-11 15:57 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-08 06:43 - 2012-10-08 06:43 - 00195072 ___AH (Microsoft Corporation) C:\Users\Janis\AppData\Roaming\Fztitn.exe
2012-10-08 06:43 - 2012-04-16 15:50 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-08 06:43 - 2012-03-06 05:33 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531966209-3547886753-3818554424-1000UA.job
2012-10-07 12:29 - 2012-10-07 12:19 - 00000063 ____A C:\Users\Janis\Desktop\test.bat
2012-10-07 11:02 - 2012-10-04 13:19 - 00108070 ____A C:\Users\Janis\Desktop\OTL.Txt
2012-10-07 07:12 - 2012-04-16 15:50 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-07 05:08 - 2009-07-13 20:39 - 00071339 ____A C:\Windows\setupact.log
2012-10-07 02:37 - 2012-10-08 06:46 - 00905954 ____A (Farbar) C:\Users\Janis\Desktop\FRST.exe
2012-10-06 06:03 - 2012-10-06 06:03 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\BCAD.exe
2012-10-05 12:20 - 2012-10-04 13:23 - 00002107 ____A C:\Users\Janis\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-05 12:14 - 2009-07-13 20:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-05 12:14 - 2009-07-13 20:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-05 12:10 - 2012-10-05 12:10 - 00342016 ____A (Ufasoft) C:\Users\Janis\AppData\Roaming\A303.exe
2012-10-05 12:09 - 2012-10-01 11:29 - 00000358 ___AH C:\Windows\Tasks\GBoxUpdaterTask{BB9A370B-C90C-4552-A89E-FF2EBE445C96}.job
2012-10-05 12:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-05 12:08 - 2012-03-07 07:47 - 00726434 ____A C:\Windows\PFRO.log
2012-10-05 12:06 - 2012-10-05 12:06 - 00001237 ____A C:\AdwCleaner[S2].txt
2012-10-05 12:06 - 2012-10-05 12:05 - 00001107 ____A C:\AdwCleaner[R2].txt
2012-10-04 13:28 - 2012-10-04 13:28 - 00004096 ____A C:\Windows\d3dx.dat
2012-10-04 13:23 - 2012-10-04 13:23 - 00063770 ____A C:\Users\Janis\Desktop\Extras.Txt
2012-10-04 13:23 - 2012-10-04 13:23 - 00002091 ____A C:\Users\Cinema 4D\Desktop\Gothic II - Die Nacht des Raben.lnk
2012-10-04 12:50 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-10-04 11:54 - 2012-10-03 01:19 - 04762471 ____R (Swearware) C:\Users\Janis\Desktop\ComboFix.exe
2012-10-04 09:54 - 2012-10-04 09:54 - 00021665 ____A C:\Users\Janis\Desktop\AdwCleaner[S1].txt
2012-10-04 09:50 - 2012-10-04 09:49 - 00021665 ____A C:\AdwCleaner[S1].txt
2012-10-04 07:56 - 2012-10-04 07:56 - 00021103 ____A C:\AdwCleaner[R1].txt
2012-10-04 07:54 - 2012-10-04 07:54 - 00513501 ____A C:\Users\Janis\Desktop\adwcleaner.exe
2012-10-03 11:16 - 2012-10-03 11:16 - 00019187 ____A C:\Users\Janis\Desktop\ComboFix.txt
2012-10-02 12:17 - 2012-10-02 12:06 - 00003954 ____A C:\Users\Janis\Desktop\Attach.txt
2012-10-02 12:17 - 2012-10-02 12:04 - 00019095 ____A C:\Users\Janis\Desktop\DDS.txt
2012-10-01 17:26 - 2012-10-02 07:34 - 00600064 ____A (OldTimer Tools) C:\Users\Janis\Desktop\OTL.exe
2012-10-01 11:25 - 2012-10-01 11:25 - 00108243 ____A C:\Users\Janis\Documents\Unbenannt.wma
2012-10-01 07:01 - 2012-10-01 07:00 - 00342736 ____A C:\Windows\Minidump\100112-23041-01.dmp
2012-09-30 09:12 - 2012-09-30 09:12 - 00001901 ____A C:\Users\Janis\Desktop\PS3Emu.lnk
2012-09-30 09:10 - 2012-09-30 09:07 - 71786357 ____A C:\Users\Janis\Downloads\PS3 emulator WORKING! ps3emu ver. 0.0.0.2 Sony Playstation games ROMs emulation.exe
2012-09-29 12:52 - 2012-09-29 12:54 - 00000229 ____A C:\Users\Janis\Desktop\PSN Codes Generator (1).txt
2012-09-29 12:37 - 2012-09-29 12:37 - 00000073 ____A C:\Users\Janis\Downloads\Rapget.txt
2012-09-26 13:10 - 2012-09-26 12:48 - 00441673 ____A C:\Users\Janis\Desktop\m4xfps logo keks.ai
2012-09-26 10:28 - 2009-07-13 20:33 - 03812128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-23 10:45 - 2012-03-06 04:21 - 00112408 ____A C:\Users\Janis\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-22 01:33 - 2012-09-22 01:32 - 00342592 ____A C:\Windows\Minidump\092212-28142-01.dmp
2012-09-21 12:51 - 2012-04-11 15:57 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 12:51 - 2012-04-11 15:57 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-20 13:01 - 2012-09-20 13:01 - 00112400 ____A C:\Users\Cinema 4D\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 12:59 - 2012-09-20 12:59 - 00000020 __ASH C:\Users\Cinema 4D\ntuser.ini
2012-09-18 12:05 - 2012-09-18 12:05 - 00048463 ____A C:\energyreport.html
2012-09-14 08:31 - 2012-09-14 08:31 - 00003033 ____A C:\Users\Janis\Desktop\MP3 Skype Recorder.lnk
2012-09-13 13:03 - 2012-03-06 04:10 - 01616098 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-13 10:55 - 2012-09-13 10:54 - 01553408 ____A (home-hacks.info) C:\Users\Janis\Downloads\FileIce Sharecash Premium Downloader.exe
2012-09-09 08:03 - 2012-09-09 08:03 - 00001272 ____A C:\Users\Janis\praktikum.txt
2012-09-09 04:10 - 2012-09-09 04:05 - 02807665 ____A C:\Users\Janis\Downloads\Skype Recorder incl.patch.rar
2012-09-09 04:02 - 2012-09-09 04:02 - 00000153 ____A C:\Users\Janis\settings.bin
2012-09-09 04:00 - 2012-09-09 03:59 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar
2012-09-08 02:36 - 2012-09-08 02:36 - 08018917 ____A C:\Users\Janis\c scan 1.jdr
2012-09-07 07:56 - 2012-09-07 07:56 - 00001765 ____A C:\Users\Janis\Tunatic.lnk
2012-09-04 00:11 - 2012-09-04 00:13 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-04 00:11 - 2012-09-04 00:12 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-04 00:11 - 2012-03-06 05:59 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-09-04 00:11 - 2012-03-06 05:59 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-02 09:28 - 2012-09-02 09:27 - 00342592 ____A C:\Windows\Minidump\090212-22682-01.dmp
2012-08-28 13:51 - 2012-08-28 13:51 - 00007618 ____A C:\Users\Janis\AppData\Local\Resmon.ResmonCfg
2012-08-28 08:28 - 2012-08-28 08:28 - 00001896 ____A C:\Users\Janis\Stronghold_Crusader_Extreme.exe - Verknüpfung.lnk
2012-08-28 08:28 - 2012-08-28 08:28 - 00001824 ____A C:\Users\Janis\Stronghold Crusader.exe - Verknüpfung.lnk
2012-08-24 02:16 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-21 09:41 - 2012-08-20 13:57 - 171380715 ____A C:\Users\Janis\Desktop\music mix.yt.wmv
2012-08-20 05:54 - 2012-08-20 05:54 - 00001254 ____A C:\Users\Janis\Desktop\Führerschein-Trainer 2007.lnk
2012-07-16 07:44 - 2012-07-16 07:44 - 00762368 __ASH (Microsoft Corp.) C:\Users\Janis\Desktop\teamspeak-3.exe
2012-07-16 07:44 - 2012-07-16 07:44 - 00762368 __ASH (Microsoft Corp.) C:\Users\Janis\Desktop\teamspeak 3.exe
2012-07-11 12:12 - 2012-06-28 07:26 - 00000025 ____A C:\Windows\popcinfot.dat
2012-07-11 06:06 - 2012-07-11 06:04 - 00418496 ____A C:\Windows\Minidump\071112-29530-01.dmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-04 13:05:12
Restore point made on: 2012-10-07 10:55:01

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 1013.95 MB
Available physical RAM: 651.9 MB
Total Pagefile: 1013.95 MB
Available Pagefile: 651.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:113.64 GB) (Free:13.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.88 GB) (Free:0.66 GB) FAT32
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 2048 KB
Disk 1 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6149 MB 31 KB
Partition 2 Primary 113 GB 6150 MB
Partition 0 Extended 29 GB 119 GB
Partition 5 Logical 8 GB 119 GB
Partition 6 Logical 1012 MB 128 GB
Partition 3 Logical 18 GB 129 GB
Partition 4 Logical 1013 MB 148 GB

=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 PQSERVICE NTFS Partition 6149 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 113 GB Healthy

=========================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 6
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B

=========================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-10-06 05:56

==================== End Of Log ============================

schrauber 08.10.2012 16:39
Zitat:
2012-09-09 03:59 - 2012-09-09 04:00 - 01750220 ____A C:\Users\Janis\Downloads\MX_Skype_Recorder_3.4___Keygen.rar
Wofür mach ich mir eigentlich die ganze Arbeit.....

Janis540 08.10.2012 17:27
Wieso? Soll ich das jetzt löschen oder was?

schrauber 08.10.2012 17:58
Hier gehts weiter, lies mal:

http://www.trojaner-board.de/95394-c...-software.html

Janis540 08.10.2012 19:26
Aber an dem Virus ist doch nicht der Keygen schuld oder?

schrauber 08.10.2012 19:30
Weiss man nicht, ist aber auch nur sekundär. Wir dürfen bei Keygen-Funden nicht weiter supporten, da wir uns dann durch dulden des Keygens mit strafbar machen.

Aber in aller regel sind die Keygens durch die Bank verseucht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131