| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mehrere Viren...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2012, 18:08
| #1 | |
| |  mehrere Viren... Hei, Antivir meldete 6 Viren, dann ging nix mehr, antivir gelöscht, neu installiert, malwarebytes drüberlaufen lassen, fund 3 viren, emisoft, fund 1 virus, alles in Quarantäne, leider nix mehr beweisbar... Die Dokumentation vom 1. virenscanner antivir ist futsch, leider, aber ich weiß, dass es ein explosiv trojaner war... Lange Rede kurzer Sinn: Folgendes kann ich zur Verfügung stellen und bitte um eine Rückmeldung, ob daraus etwas ersehbar ist - und was ich jetzt machen muss... Denn neu aufsetzen, so was alles kann ich nicht... 1015 Danke für Eure Mühe - bin in guter Hoffnung... dass alles sich zum Guten wendet. Zitat:
Code:
ATTFilter OTL logfile created on: 06.08.2012 18:12:03 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ulla\Documents\Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 63,51% Memory free 7,73 Gb Paging File | 5,95 Gb Available in Paging File | 76,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll () MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE} IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401 IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions [2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions [2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com [2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml [2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml [2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 18:08:02 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\OTL [2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware [2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes [2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3} [2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B} [2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC} [2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047} [2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira [2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox [2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search [2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun [2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus [2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera [2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc [2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D} [2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784} [2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB} [2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5} [2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help [2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer [2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner [2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme [2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken [2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172} [2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3} [2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2} [2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0} [2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344} [2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84} [2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE} [2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB} [2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551} [2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264} [2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3} [2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC} [2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12} [2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0} [2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE} [2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809} [2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF} [2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734} [2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C} [2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516} [2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998} [2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892} [2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A} [2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE} [2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516} [2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC} [2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B} [2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C} [2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3} [2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC} [2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507} [2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35} [2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5} [2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A} [2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM [2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9} [2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744} ========== Files - Modified Within 30 Days ========== [2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys [2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt [2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png [2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk [2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk ========== Files Created - No Company Name ========== [2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt [2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png [2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk [2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat [2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt [2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt [2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf [2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab ========== LOP Check ========== [2012.03.23 17:02:14 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\calibre [2011.10.17 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Canneverbe Limited [2012.08.04 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Dropbox [2011.02.24 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Fabulous Finds [2011.09.09 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Faerie Solitaire [2011.03.19 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\FirstColony [2011.06.11 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gaijin Ent [2011.08.18 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gogii Games [2012.08.04 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\ICQ [2012.02.19 17:49:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Leadertech [2011.10.14 10:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\OpenOffice.org [2012.08.04 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Opera [2010.09.25 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Packard Bell [2010.10.22 18:15:31 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\SNS [2012.08.04 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\TeamViewer [2011.10.17 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Template [2011.11.15 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Uniblue [2012.07.06 20:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\WildTangent [2012.08.04 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search [2011.04.27 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Live Writer [2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2012.02.22 15:27:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2012 17:49:54 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ulla\Documents\Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,35% Memory free 7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll () MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA} IE - HKCU\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions [2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions [2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com [2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml [2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml [2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware [2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes [2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3} [2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B} [2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC} [2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047} [2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira [2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox [2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search [2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun [2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus [2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera [2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc [2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D} [2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784} [2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB} [2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5} [2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help [2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer [2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner [2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme [2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken [2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172} [2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3} [2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2} [2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0} [2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344} [2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84} [2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE} [2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB} [2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551} [2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264} [2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3} [2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC} [2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12} [2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0} [2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE} [2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809} [2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF} [2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734} [2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C} [2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516} [2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998} [2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892} [2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A} [2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE} [2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516} [2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC} [2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B} [2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C} [2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3} [2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC} [2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507} [2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35} [2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5} [2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A} [2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM [2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9} [2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744} ========== Files - Modified Within 30 Days ========== [2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys [2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt [2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png [2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk [2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk ========== Files Created - No Company Name ========== [2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt [2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png [2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk [2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat [2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt [2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt [2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf [2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F < End of report > |
|
13.08.2012, 16:36
| #2 |
| /// Helfer-Team  | mehrere Viren... wo sind die Logs mit den Funden?
__________________ |
|
27.09.2012, 13:37
| #3 |
| /// Helfer-Team | mehrere Viren... Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu mehrere Viren... |
| askbar, aufsetzen, daraus, emsisoft, fund, futsch, gelöscht, guten, guter, installier, installiert, kurzer, launch, malwarebytes, melde, neu, neu aufsetzen, packard bell, plug-in, quarantäne, rückmeldung, scan, scanner, stelle, sweetim, sweetpacks, troja, trojaner, viren, virenscan, virenscanner, virus, wildtangent games |
Linear-Darstellung
