Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: mehrere Viren...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.08.2012, 18:08   #1
jakobine
 
mehrere Viren... - Standard

mehrere Viren...



Hei,

Antivir meldete 6 Viren, dann ging nix mehr, antivir gelöscht, neu installiert, malwarebytes drüberlaufen lassen, fund 3 viren, emisoft, fund 1 virus, alles in Quarantäne, leider nix mehr beweisbar...
Die Dokumentation vom 1. virenscanner antivir ist futsch, leider, aber ich weiß, dass es ein explosiv trojaner war...

Lange Rede kurzer Sinn:

Folgendes kann ich zur Verfügung stellen und bitte um eine Rückmeldung, ob daraus etwas ersehbar ist - und was ich jetzt machen muss...

Denn neu aufsetzen, so was alles kann ich nicht...

1015 Danke für Eure Mühe - bin in guter Hoffnung...

dass alles sich zum Guten wendet.

Zitat:
Zitat von jakobine Beitrag anzeigen


Folgendes kann ich zur Verfügung stellen und bitte um eine Rückmeldung, ob daraus etwas ersehbar ist - und was ich jetzt machen muss...
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.08.2012 18:12:03 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Ulla\Documents\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 63,51% Memory free
7,73 Gb Paging File | 5,95 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS
 
Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions
[2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions
[2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com
[2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml
[2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml
[2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 18:08:02 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\OTL
[2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware
[2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes
[2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3}
[2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B}
[2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC}
[2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047}
[2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira
[2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun
[2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus
[2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera
[2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc
[2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D}
[2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784}
[2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB}
[2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5}
[2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help
[2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner
[2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme
[2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken
[2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172}
[2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3}
[2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2}
[2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0}
[2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344}
[2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84}
[2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE}
[2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB}
[2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551}
[2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264}
[2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3}
[2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC}
[2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12}
[2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0}
[2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE}
[2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809}
[2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF}
[2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734}
[2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C}
[2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516}
[2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998}
[2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892}
[2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A}
[2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE}
[2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516}
[2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC}
[2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B}
[2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C}
[2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3}
[2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC}
[2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507}
[2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35}
[2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5}
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A}
[2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM
[2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9}
[2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat
[2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt
[2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt
[2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf
[2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab
 
========== LOP Check ==========
 
[2012.03.23 17:02:14 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\calibre
[2011.10.17 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Canneverbe Limited
[2012.08.04 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2011.02.24 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Fabulous Finds
[2011.09.09 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Faerie Solitaire
[2011.03.19 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\FirstColony
[2011.06.11 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gaijin Ent
[2011.08.18 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gogii Games
[2012.08.04 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\ICQ
[2012.02.19 17:49:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Leadertech
[2011.10.14 10:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\OpenOffice.org
[2012.08.04 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Opera
[2010.09.25 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Packard Bell
[2010.10.22 18:15:31 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\SNS
[2012.08.04 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2011.10.17 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Template
[2011.11.15 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Uniblue
[2012.07.06 20:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\WildTangent
[2012.08.04 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2011.04.27 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Live Writer
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012.02.22 15:27:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.08.2012 17:49:54 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Ulla\Documents\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,35% Memory free
7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS
 
Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKCU\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions
[2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions
[2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com
[2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml
[2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml
[2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found
O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware
[2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes
[2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3}
[2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B}
[2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC}
[2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047}
[2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira
[2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun
[2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus
[2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera
[2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc
[2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D}
[2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784}
[2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB}
[2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5}
[2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help
[2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner
[2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme
[2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken
[2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172}
[2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3}
[2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2}
[2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0}
[2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344}
[2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84}
[2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE}
[2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB}
[2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551}
[2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264}
[2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3}
[2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC}
[2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12}
[2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0}
[2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE}
[2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809}
[2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF}
[2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734}
[2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C}
[2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516}
[2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998}
[2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892}
[2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A}
[2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE}
[2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516}
[2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC}
[2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B}
[2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C}
[2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3}
[2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC}
[2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507}
[2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35}
[2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5}
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A}
[2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM
[2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9}
[2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat
[2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt
[2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt
[2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf
[2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F

< End of report >
         
--- --- ---

Alt 13.08.2012, 16:36   #2
t'john
/// Helfer-Team
 
mehrere Viren... - Standard

mehrere Viren...





wo sind die Logs mit den Funden?
__________________

__________________

Alt 27.09.2012, 13:37   #3
t'john
/// Helfer-Team
 
mehrere Viren... - Standard

mehrere Viren...



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu mehrere Viren...
askbar, aufsetzen, daraus, emsisoft, fund, futsch, gelöscht, guten, guter, installier, installiert, kurzer, launch, malwarebytes, melde, neu, neu aufsetzen, packard bell, plug-in, quarantäne, rückmeldung, scan, scanner, stelle, sweetim, sweetpacks, troja, trojaner, viren, virenscan, virenscanner, virus, wildtangent games



Ähnliche Themen: mehrere Viren...


  1. mehrere PUP.optional viren
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (10)
  2. Avast! hat mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (22)
  3. Mehrere Viren, u.a. Dropper.gen
    Log-Analyse und Auswertung - 31.12.2013 (5)
  4. Mehrere Unbekannte Kontos und Viren
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (24)
  5. Mehrere Viren in Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (9)
  6. mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (9)
  7. Mehrere Viren! 8Backdoor usw.)
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (2)
  8. Mehrere Viren und Trojaner!!!Hilfe!!!!
    Log-Analyse und Auswertung - 08.04.2010 (39)
  9. mehrere Viren!
    Log-Analyse und Auswertung - 01.04.2010 (52)
  10. Mehrere Viren/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (5)
  11. mehrere Viren
    Log-Analyse und Auswertung - 29.04.2009 (0)
  12. Mehrere Viren eingefangen.
    Mülltonne - 06.02.2009 (1)
  13. Glaube mehrere Viren zu haben
    Mülltonne - 02.11.2008 (0)
  14. Hilfe! mehrere Viren eingefangen!
    Log-Analyse und Auswertung - 02.05.2008 (8)
  15. mehrere viren!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2008 (8)
  16. Hilfe....mehrere Viren auf dem Rechner!
    Plagegeister aller Art und deren Bekämpfung - 13.08.2005 (10)
  17. Mehrere Viren
    Log-Analyse und Auswertung - 13.06.2005 (1)

Zum Thema mehrere Viren... - Hei, Antivir meldete 6 Viren, dann ging nix mehr, antivir gelöscht, neu installiert, malwarebytes drüberlaufen lassen, fund 3 viren, emisoft, fund 1 virus, alles in Quarantäne, leider nix mehr beweisbar... - mehrere Viren......
Archiv
Du betrachtest: mehrere Viren... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.