Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2013, 15:59   #1
LastDance
 
Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 - Frage

Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903



Hallo alle zusammen,
ich habe mich hier angemeldet, weil ich in letzter Zeit Probleme mit meinem Computer habe.. Wie man schon an der Überschrift erkennen kann, gab es einen Vorfall. Als ich vor ein paar Tagen einen Song via iTunes kaufen wollte, stand bei iTunes "Unbekannter Pc, bitte Bankdaten eingeben". Das habe ich natürlich nicht gemacht, weil mir das spanisch vorkam und kurz danach kam eine Meldung von AntiVir: "Die Datei 'C:\Users\Pauls\AppData\Roaming\Yfwu\cynus.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.1903' [trojan]." Daraufhin habe ich mehrere Scans gemacht, und es kam nichts dabei heraus (später auch mit Kaspersky, BitDefender und HouseCall). Während des Kaspersky-Scans meldete sich Avira mit mehreren Viren wieder, Kaspersky aber hat nichts gefunden. Die Viren waren: TR/PSW.Fareit.I.191, EXP/JS.Expack.EM und 4-Mal ADWARE/InstallCore.Gen.
Der Spyware Terminator, den ich aber mittlerweile schon deinstalliert habe, hat lediglich "affilicate tracking cookies" gefunden.
Ich habe leider auch keine Ahnung von Computern und ich weiß, dass mein Pc zugemüllt ist, wobei ich ihn letztens erst "entmüllt" habe
Naja, ich habe dann halt einen Scan mit OTL gemacht, weil ich mir nicht sicher bin, [U]ob[U] ich überhaupt Viren auf dem Computer habe.
Hier der Logfile von OTL und der "Extra-Logfile":OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2013 14:53:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 67,94% Memory free
5,72 Gb Paging File | 4,37 Gb Available in Paging File | 76,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 188,75 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.10 14:52:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.02.09 13:18:04 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.01.14 06:03:52 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.01 08:48:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:27:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:27:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:27:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.10 12:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008.09.10 12:11:09 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008.05.23 13:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008.01.21 03:34:31 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008.01.21 03:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:33:42 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.01.16 17:26:01 | 002,212,304 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.11.15 16:38:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012.11.15 16:38:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012.11.15 16:38:35 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012.11.15 16:38:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012.11.15 16:38:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012.11.15 16:37:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.09.10 12:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008.09.10 12:11:09 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
MOD - [2008.09.10 11:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008.09.10 11:28:45 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008.09.10 11:28:44 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008.09.10 11:08:35 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.27 04:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.core.dll
MOD - [2008.05.27 04:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.common.dll
MOD - [2008.05.27 04:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008.05.23 13:02:14 | 000,188,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdudatr.dll
MOD - [2008.05.23 13:02:05 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxducats.dll
MOD - [2008.03.25 05:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013.02.09 13:18:04 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2013.02.09 10:18:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.11.15 19:41:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.08 16:27:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:27:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2008.05.23 13:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.05.23 13:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\kdgwrmg.sys -- (xtgmvng)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.08 16:27:12 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 16:27:12 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.13 13:07:49 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.07 09:24:08 | 001,040,544 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.11.15 14:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.09.11 08:19:20 | 000,123,424 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.09.11 08:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.07.16 11:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=b0d8b2010000000000000026186d409d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=b0d8b2010000000000000026186d409d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 8F 93 E3 4D 02 CB 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=b0d8b2010000000000000026186d409d
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{FEDCA981-8C87-4EE8-924F-EF0A994E2157}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=b0d8b2010000000000000026186d409d"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.24 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.18 17:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 18:00:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.10 14:40:52 | 000,000,000 | ---D | M]
 
[2009.08.06 13:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2013.02.10 14:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\extensions
[2010.04.27 12:24:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.10 14:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\extensions\ffxtlbr@babylon.com
[2013.02.10 14:40:35 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\extensions\ffxtlbr@delta.com
[2012.02.26 12:12:50 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\11-suche.xml
[2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\conduit.xml
[2013.02.10 14:40:43 | 000,001,294 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\delta.xml
[2012.02.26 12:12:50 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\englische-ergebnisse.xml
[2012.02.26 12:12:50 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\gmx-suche.xml
[2012.02.26 12:12:50 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\lastminute.xml
[2011.07.22 15:25:29 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\sweetim.xml
[2012.02.26 12:12:50 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8byq6b74.default\searchplugins\webde-suche.xml
[2012.11.15 19:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.15 19:40:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 19:40:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.15 19:40:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.15 19:41:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.16 05:42:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.10 14:40:28 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.16 05:42:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.16 05:42:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 05:42:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 05:42:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 05:42:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=b0d8b2010000000000000026186d409d
CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=b0d8b2010000000000000026186d409d
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\miklbmibpiblilbfhchnknmgmimfaida\1.4_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{4B16624E-D7E9-AD7E-B415-B57BB07D9666}] C:\Users\***\AppData\Roaming\Yfwu\cynus.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [downloadsourcede] File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{106B278F-B977-4CC0-8A09-2E2223E2ADDE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0123099f-7fbd-11df-a9fc-806e6f6e6963}\Shell\AutOpLay\coMmanD - "" = wfyviy.pif
O33 - MountPoints2\{0123099f-7fbd-11df-a9fc-806e6f6e6963}\Shell\AutoRun\command - "" = wfyviy.pif
O33 - MountPoints2\{0123099f-7fbd-11df-a9fc-806e6f6e6963}\Shell\exPlore\cOmmaNd - "" = wfyviy.pif
O33 - MountPoints2\{0123099f-7fbd-11df-a9fc-806e6f6e6963}\Shell\open\Command - "" = wfyviy.pif
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.02.10 14:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.10 14:40:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Delta
[2013.02.10 14:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.02.10 14:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.10 14:39:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2013.02.10 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.02.10 12:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.02.10 12:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.02.09 13:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013.02.09 13:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
[2013.02.09 13:15:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\a-squared Free
[2013.02.09 13:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2013.02.09 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.02.09 12:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.02.09 12:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.10 14:38:57 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.10 14:34:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 14:34:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 14:18:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.10 14:07:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665759635-485721837-2390138397-1000UA.job
[2013.02.10 14:07:06 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665759635-485721837-2390138397-1000Core.job
[2013.02.10 12:52:54 | 000,286,086 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2013.02.10 12:51:29 | 000,201,312 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2013.02.10 12:26:07 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2013.02.10 12:14:03 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.10 12:01:48 | 000,000,920 | ---- | M] () -- C:\Users\***\Desktop\Kaspersky Security Scan.lnk
[2013.02.10 10:34:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.10 10:34:08 | 2950,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 12:52:07 | 000,194,048 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.08 15:20:49 | 000,002,088 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.10 14:38:57 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.10 12:52:54 | 000,286,086 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2013.02.10 12:51:29 | 000,201,312 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2013.02.10 12:26:07 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2013.02.10 12:02:26 | 000,000,920 | ---- | C] () -- C:\Users\***\Desktop\Kaspersky Security Scan.lnk
[2013.02.09 13:34:47 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.11.30 14:56:26 | 000,005,323 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.13 14:54:03 | 000,001,044 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.01 14:55:38 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011.11.29 12:06:05 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2011.11.29 12:04:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.11.29 12:04:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.19 18:23:54 | 000,000,333 | ---- | C] () -- C:\Windows\MENSA.INI
[2011.11.04 20:42:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.17 18:17:31 | 000,033,533 | ---- | C] () -- C:\Users\***\Trauriges-blaues-auge.jpg
[2011.07.17 18:16:22 | 000,025,221 | ---- | C] () -- C:\Users\***\i304229192_68006_6.jpg
[2011.07.17 18:16:00 | 000,030,145 | ---- | C] () -- C:\Users\***\liebeskummer2.jpg
[2011.07.17 18:15:01 | 000,038,144 | ---- | C] () -- C:\Users\***\013.jpg
[2011.03.10 14:23:37 | 000,975,140 | ---- | C] () -- C:\Users\***\AppData\Roaming\PandaIDProtectHelp_de.chm
[2011.01.08 17:40:30 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.12.30 16:23:25 | 000,077,922 | ---- | C] () -- C:\Users\***\Unbenannt.jpg
[2010.10.11 10:44:15 | 000,000,172 | ---- | C] () -- C:\Users\***\AppData\Local\RAExpertHistory.xml
[2010.10.11 10:38:17 | 000,000,172 | ---- | C] () -- C:\Users\***\AppData\Local\rahistory.xml
[2010.01.10 19:36:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.07 21:03:29 | 000,194,048 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.05 08:26:45 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.05 08:26:43 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.18 17:20:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.03.01 14:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5600-6600 Series
[2012.10.10 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.12.20 16:36:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AquaSoft
[2013.01.24 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2013.02.10 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.01 15:20:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.10 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Delta
[2012.12.24 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.12.24 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.20 08:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fastest Free YouTube Downloader
[2011.12.26 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intermedia Software
[2012.03.22 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lateintrainer
[2010.11.27 17:07:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexmark Productivity Studio
[2011.11.29 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.05.19 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2009.08.11 09:45:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.11.04 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.12.06 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.12.06 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2013.02.10 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.07.27 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SurfSecret Privacy Suite
[2012.09.07 13:42:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2010.08.25 10:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.11.01 14:18:33 | 000,694,717 | ---- | M] ()(C:\Users\***\Documents\dipsi?.png) -- C:\Users\***\Documents\dipsi?.png
[2012.11.01 14:17:37 | 000,694,717 | ---- | C] ()(C:\Users\***\Documents\dipsi?.png) -- C:\Users\***\Documents\dipsi?.png
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:661DFA1C
 
< End of report >
         
--- --- ---

Extra.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2013 14:53:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 67,94% Memory free
5,72 Gb Paging File | 4,37 Gb Available in Paging File | 76,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 188,75 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
 
Computer Name: PAULS-PC | User Name: Pauls | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FCC3C4-A895-4E61-913E-9413D12B1F25}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0663AEE6-B098-4616-8419-5312F505E2F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0725D3C1-381A-49DE-B55E-F162A89ABE68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{09C87D4A-BDAF-4111-AE54-D14427E21775}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28E7F8B8-2326-402D-80A4-F82B05A498D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{32BB093D-075B-41A2-8CCC-FEC3EEB618A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{338EAA3F-DDC3-4465-8554-B602BDB46B52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{48FC0D2B-1792-45A6-9F9D-1F52E05E895F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56C77A85-6CD5-4A6B-8B7F-F09989B297B3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57BC6159-856C-4F4B-AC80-A3273468B68F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A1F1230-A7B0-49E5-B96B-D7225D598A0B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D88FB60-3FCE-42C3-B990-A2D78BF30E21}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{68980793-D79D-4560-B94D-1BB44A1F5CAF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68AE90FD-CD71-4D48-9F0A-39F8CB59189F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{737C72CB-212E-4509-A9B1-99AB9959C553}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{74F5A72B-9549-4CAA-B1CE-7D05CE1028C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{796494AA-D59A-4020-8066-984D72B1BCDA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8548ACA6-9C63-4800-A931-DDD72280288A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85A632C0-2F74-41DC-885C-8BD5EB1F6AEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{88AE6583-2A98-44B8-B717-7419DD460773}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B23D4566-CA7D-4064-A1F3-5F51D033D130}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4A50F66-138E-4E62-AA50-4381283E6B1D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C9C2B5AE-B236-407F-8924-026DD8F0D7DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA92F242-510B-4FEB-93F8-7797DDA77AA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D939C192-4C5B-42A0-96B7-9716283DDCB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DD2A596F-4BD8-4CDF-B93A-CBE7DB318A5D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E1B91F19-211B-472C-8DDA-51616C9E416E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F7C3C6B1-9610-459E-A372-CF6419F34F90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C82849-B5B8-49FA-998E-3E44109D1F82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{019E5ADE-C482-4C5E-9383-FF28A311E79F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0209AC31-522C-47A0-BAB6-836D51D9A46B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{046B330C-7E4D-4DA5-9951-255CB7D6E30A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{0A8E54C7-9951-4139-A377-66D46B132039}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E6C98A8-4519-47C9-A3D2-415DB47E21E0}" = protocol=17 | dir=in | app=c:\users\pauls\appdata\local\google\chrome\application\chrome.exe | 
"{254E5F40-694A-4248-B822-9A7524AA554B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{32271736-0138-4D82-AEAE-A05234CAE8EE}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{38FF08B9-59D7-4781-A4DF-74AB7725FB5F}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{39A175BD-1395-4F93-9C7D-963648043B7D}" = protocol=6 | dir=in | app=c:\users\***\downloads\facemoods.exe | 
"{3B5081A0-59C0-451B-B6AD-F8462D07C522}" = protocol=6 | dir=out | app=system | 
"{3B7B9E44-E1C6-44C4-9C50-32062956B35C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{44E6750F-6961-40CA-A5E0-F689CE65DE7D}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{488E7F88-29A2-4135-BF92-4B620A96F606}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{495FF1CC-2FC6-4BE9-947A-E7B979634768}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4A9CCACC-2375-469B-AA8D-B7D4DF3E741A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{4ABEB1EE-EED6-4EEF-B8FC-022CD0A796CD}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{4D41BAB0-FF1A-4161-8CBC-354304DD0D3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{53C36DE9-C889-4F81-8D95-35FBFC65C36A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{581C9001-C09A-4F13-83D6-FAF3830C9544}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B5B5A55-C7EA-43AA-B050-F42187EFF285}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5C22899D-29EF-4CC8-8D55-770F766EF0A1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5F1D72B2-B32F-43FC-B636-B700F437390B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{6C40C1EB-1FA3-4E8A-A26D-F258010415DF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{6C572540-460E-44B3-9EE6-ACCAA61A8207}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{6D6645F0-5050-449A-87F1-ED8B51FADBE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7086C03E-CB6A-48C8-92C3-B21461179FC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7B51D4E0-E327-4BE5-AA19-5D51ABDD5C0D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{80D7273E-8E5D-4AF5-A6A4-5F6FA0FF594F}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{86181C7A-D56E-4CCA-81A6-24E29837EDE4}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\chrome\application\chrome.exe | 
"{87823FC1-5C4F-4381-A714-67D04AD3FF39}" = protocol=17 | dir=in | app=c:\users\***\downloads\sweetimsetup.exe | 
"{9119BA29-B4A4-4273-9C81-417A7E5CE3CE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{A84559C2-0747-422D-8AB2-6F2D252ADDA8}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{AC2E98EE-1AD3-45FE-9AFD-536450D941F5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{B1A36794-6DFC-4F2D-81DB-ACA07A11B33F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{B3398F4F-20BF-485F-867A-D33910D15806}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B4BC75CE-1A7C-4540-8E2E-1855214E9C72}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{B929C6CE-3DB2-4A26-8215-2786988CB6C7}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{BA441684-1671-49CB-B15C-D03E857BF568}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{C659E8DB-B1F1-4464-A0ED-23729B957951}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{CCC08AC8-1FB9-4F8F-BF90-2422CD748861}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{D01161D5-83EC-4920-98A2-0A8D0BA0C4FE}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D39DCB0A-01E9-40BD-B459-AF02750B5711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DA190DA6-F22C-4EFF-8D61-EF2EADC2447E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{DD6BA93D-BE04-4A49-97F4-F48F6FC32D5B}" = protocol=17 | dir=in | app=c:\users\***\downloads\facemoods.exe | 
"{E1ECA501-F128-47A4-86D1-E1805254BE58}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{E72E1AA6-A157-4B19-9A83-0C92D7925361}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{EE22B30C-565C-4EA9-AF23-E89CFBD602D5}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{F74F192C-1634-479E-8483-5986FE26BB82}" = protocol=6 | dir=in | app=c:\users\***\downloads\sweetimsetup.exe | 
"{FE9EC96D-E26D-4355-9234-2B47DB55C80C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"TCP Query User{135B46C9-C620-4DCC-9CC9-63F2675FCB0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9FF39D36-7FDB-44DE-9CC3-E2B80BCD1A1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{A23874F9-065D-42AE-B3C2-A600163A6010}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{B49705DC-FABC-4A35-9C76-3B362A8F7D09}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C2099989-FBEC-4FEF-8ABB-F518DD652FBE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{EBE56825-3366-43C4-BE58-05B7D097D702}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{59144A67-A10B-453E-97D7-B9C7C9524161}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{907E63FE-EED3-42FC-8432-8DA1E4BA2B8A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{B6AEC8FD-970C-470F-BD06-7C556744054F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{BC59E0A0-4478-4CF8-87EA-04983FD2A8BF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CEEB3312-3C42-43F7-9E1C-3DEAC6978660}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DB988ACE-7E36-431A-B65B-AA92CAE27FC9}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1" = Helium Audio Converter (build 245)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = Die Sims - Hokus Pokus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9B1473-A3BF-763F-BB5C-06B2E2216216}" = Connect Service
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DFDD0C5-5AC1-484B-ACF8-0F3E1041750B}_is1" = AquaSoft "DiaShow 7 für YouTube"
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"a-squared Free_is1" = a-squared Free 4.5
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"delta" = Delta toolbar 
"DriverAgent.exe" = DriverAgent by eSupport.com
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 5.0.17.903
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.36.824
"GIMP-2_is1" = GIMP 2.8.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Just sing_is1" = Just sing
"Latein - Trainer" = Latein - Trainer
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"Security Task Manager" = Security Task Manager 1.8d
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2012 06:49:38 | Computer Name = Pauls-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15616
 
Error - 09.05.2012 11:32:00 | Computer Name = Pauls-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 18.0.1025.168 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 17fc Anfangszeit: 01cd2de44c68f240 Zeitpunkt
der Beendigung: 140
 
Error - 17.05.2012 03:34:09 | Computer Name = Pauls-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 618 Anfangszeit: 01cd33ff16cc6ccb Zeitpunkt
der Beendigung: 13
 
Error - 17.05.2012 13:44:47 | Computer Name = Pauls-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.46 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1030 Anfangszeit: 01cd342cd9c85feb Zeitpunkt der
Beendigung: 12179
 
Error - 19.05.2012 10:43:04 | Computer Name = Pauls-PC | Source = VSS | ID = 8194
Description = 
 
Error - 19.05.2012 10:45:57 | Computer Name = Pauls-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 19.05.2012 12:33:36 | Computer Name = Pauls-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nfsw.exe, Version 1.0.0.922, Zeitstempel 0x4fb4b9c5,
fehlerhaftes Modul nfsw.exe, Version 1.0.0.922, Zeitstempel 0x4fb4b9c5, Ausnahmecode
0xc0000005, Fehleroffset 0x00473632, Prozess-ID 0x1f60, Anwendungsstartzeit 01cd35d7720e952c.
 
Error - 19.05.2012 12:33:39 | Computer Name = Pauls-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nfsw.exe, Version 1.0.0.922, Zeitstempel 0x4fb4b9c5,
fehlerhaftes Modul nfsw.exe, Version 1.0.0.922, Zeitstempel 0x4fb4b9c5, Ausnahmecode
0xc00000fd, Fehleroffset 0x0027877e, Prozess-ID 0x1f60, Anwendungsstartzeit 01cd35d7720e952c.
 
Error - 21.05.2012 09:18:25 | Computer Name = Pauls-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 22.05.2012 08:08:34 | Computer Name = Pauls-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.46 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 6d8 Anfangszeit: 01cd37e34fa3bdef Zeitpunkt der
Beendigung: 11
 
[ System Events ]
Error - 23.09.2010 12:56:09 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:12 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:15 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:26 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:29 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:49 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:56:51 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.09.2010 12:58:47 | Computer Name = Pauls-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.09.2010 um 18:57:53 unerwartet heruntergefahren.
 
Error - 23.09.2010 12:58:43 | Computer Name = Pauls-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 24.09.2010 14:16:27 | Computer Name = Pauls-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.09.2010 um 20:14:57 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

P.S.: Die ganzen Bilder und Programme hat hauptsächlich meine Schwester heruntergeladen

LG

Alt 10.02.2013, 19:33   #2
DerJazzer
/// Malwareteam
 
Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 - Standard

Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 11.02.2013, 13:25   #3
DerJazzer
/// Malwareteam
 
Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 - Standard

Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903



Hallo und
Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

Mehrere Anti-Virus-Programme

Code:
ATTFilter
Avira Antivirus Free 
Spyware Terminator
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Außerdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.




Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 4

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • AdwCleaner[S1].txt
  • JRT.txt
  • OTl.txt & Extras.txt
__________________
__________________

Alt 14.02.2013, 09:25   #4
DerJazzer
/// Malwareteam
 
Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 - Standard

Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903



Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Antwort

Themen zu Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903
adware, akamai, antivir, avira, bonjour, computer, computern, converter, delta search, delta toolbar, desktop, error, excel, firefox, flash player, home, install.exe, kaspersky, logfile, mp3, nvidia update, office 2007, programm, realtek, security, server, software, spotify web helper, spyware, svchost.exe, tr/psw.zbot., tr/psw.zbot.1903, trojaner, viren, virus, vista, zugemüllt



Ähnliche Themen: Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903


  1. Refog Keylogger nach Kauf funktioniert nicht
    Log-Analyse und Auswertung - 16.08.2015 (15)
  2. Windows 8: Outlook & iTunes werden nach kurzer Zeit automatische geschlossen
    Log-Analyse und Auswertung - 01.04.2015 (8)
  3. Nach iTunes Installation Probleme u. a. mit Lollipop
    Log-Analyse und Auswertung - 02.02.2014 (9)
  4. Windows7 X64: Antivir Fund: "TR/Spy.ZBot.aaop" Meldung: Zugriff auf Datei wurde blockiert. Datei war in E-Mail- Anhang.
    Log-Analyse und Auswertung - 28.11.2013 (9)
  5. PC befall nach itunes fakeinstaller
    Log-Analyse und Auswertung - 22.10.2013 (5)
  6. Nach PWS:WIN32/Zbot.gen!Am jetzt PWS:WIN32/Zbot.AJB - wie werde ich diesen los
    Log-Analyse und Auswertung - 16.08.2013 (10)
  7. TR/Spy.ZBot.akt von avirus antivir entdeckt
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (14)
  8. PWS:Win32/Zbot.gen!Y Meldung, nach Windows Update
    Log-Analyse und Auswertung - 15.06.2013 (11)
  9. Trojan.ZBot.ED Meldung - wie werde ich den los?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (9)
  10. Zeus/Zbot Trojaner Meldung von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (7)
  11. Keine Verbindung zu iTunes, Avira Guard, Windows Updates nach Sirefef.CH-Bekämpfung
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (9)
  12. komische meldung bei itunes start/installation/deinstallation dringend!
    Alles rund um Windows - 25.12.2010 (4)
  13. AntiVir meldet: TR/Spy.ZBot.apcm
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (1)
  14. Videohardwareproblem unmittelbar nach PC Kauf (LiveKernelEvent)
    Netzwerk und Hardware - 03.08.2010 (21)
  15. Nach Sicherheitsproblemen im iTunes Store: Apple sperrt App-Anbieter
    Nachrichten - 07.07.2010 (0)
  16. Nach Sicherheitsproblemen im iTunes Store: Appe sperrt App-Anbieter
    Nachrichten - 07.07.2010 (0)
  17. HiJackThis Log nach meldung von AntiVir.
    Log-Analyse und Auswertung - 22.09.2009 (4)

Zum Thema Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 - Hallo alle zusammen, ich habe mich hier angemeldet, weil ich in letzter Zeit Probleme mit meinem Computer habe.. Wie man schon an der Überschrift erkennen kann, gab es einen Vorfall. - Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903...
Archiv
Du betrachtest: Nach iTunes Kauf Meldung von AntiVir: TR/PSW.Zbot.1903 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.