Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: My Start Incredibar bei Google Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.03.2013, 13:53   #1
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Ich hab google durchforstet aber da ich die enddateien von OTL hier hinposten soll, tu ich das auch direkt mal. Ich muss dazu sagen ich bin was das angeht ein totaler Anfänger. Daher bitte ich direkt mal um eure Hilfe und hoffe ich krieg das durch euch schnell gebacken


also einmal der OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.03.2013 13:40:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Günter\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,62% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 19,13 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 12,70 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
 
Computer Name: GÜNTER-LAPTOP | User Name: Günter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Günter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Günter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\System32\dmwu.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\GNTER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe (Avira GmbH)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll ()
MOD - C:\Users\Günter\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll ()
MOD - C:\Users\GNTER~1\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (vToolbarUpdater14.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (avgfws9) -- C:\Programme\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AGCoreService) -- C:\Programme\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe (Avira GmbH)
SRV - (antivirwebservice) -- C:\Programme\Avira\Avira Premium Security Suite\avwebgrd.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\Avira Premium Security Suite\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\Avira\Avira Premium Security Suite\sched.exe (Avira GmbH)
SRV - (AVEService) -- C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe (Avira GmbH)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (IpInIp) --  File not found
DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found
DRV - (avgntflt) -- C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys File not found
DRV - (avgio) -- C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETwNv32) -- C:\Windows\System32\drivers\NETwNv32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (AvgRkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b192b99f8-1d2a-48eb-9325-c854dd12e530%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b192b99f8-1d2a-48eb-9325-c854dd12e530%7d&q={searchTerms}
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=5cb91d6700000000000000215d82da3a
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F19740F4-7F5B-41F0-9062-FAC97039BA49}&mid=7cf9315d36f641d49b51ff45d9b47d75-be0d922b36032992389c396b29a85254d8cb69b8&lang=de&ds=AVG&pr=pa&d=2011-12-01 14:55:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{BAB617A1-BFC3-4F26-B170-22079220EE32}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE308DE308
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCASogBE&i=26
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-2047451371-61689433-22939536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Günter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\GNTER~1\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Günter\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 00:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.10 01:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.10 01:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.13.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012.11.20 23:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.13.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins
 
[2012.11.04 23:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions
[2013.02.28 19:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\SeaMonkey\Profiles\oferoeix.default\extensions
[2013.02.28 19:44:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Günter\AppData\Roaming\mozilla\SeaMonkey\Profiles\oferoeix.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\G\u00FCnter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Users\G\u00FCnter\AppData\Roaming\Mozilla\plugins\NpFv530.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\G\u00FCnter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Günter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Günter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyA0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Plus_Download-Version\Trayserver_DE.exe (MAGIX AG)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [Facebook Update] "C:\Users\Günter\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [Spotify Web Helper] C:\Users\Günter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2047451371-61689433-22939536-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01120D52-1D46-4A2F-84EE-0BE33A189691}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -  File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\eaudio.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\framework.launcher.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3193a71f-84d6-11df-bb0c-00238b43c858}\Shell\AutoRun\command - "" = lot.exe
O33 - MountPoints2\{3193a71f-84d6-11df-bb0c-00238b43c858}\Shell\open\Command - "" = lot.exe
O33 - MountPoints2\{6ff921de-be09-11dd-af64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ff921de-be09-11dd-af64-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\sel für max
[2013.03.06 00:36:59 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Neuer Ordner
[2013.03.04 00:28:45 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\miley cyrus
[2013.03.03 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\für elliot
[2013.03.02 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\für  sets
[2013.02.23 12:12:00 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\christina
[2013.02.22 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\ron und mine gifs
[2013.02.18 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\katie holmes
[2013.02.18 00:53:16 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\dieser moment
[2013.02.17 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\victoria justice
[2013.02.16 19:17:17 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Backgrounds
[2013.02.16 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Camera
[2013.02.16 02:31:28 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\disney
[2013.02.15 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\Originals
[2013.02.14 01:41:22 | 000,000,000 | ---D | C] -- C:\3e341421702493874daa524a4f0b32
[2013.02.13 14:36:46 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 14:36:43 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 14:36:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.02.13 14:36:43 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 14:36:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.02.13 14:36:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.02.13 14:36:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.02.13 14:36:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 14:36:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 14:36:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 14:36:42 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.13 14:36:41 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 14:36:41 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.12 15:41:24 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\FTT
[2013.02.10 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Günter\Desktop\babes
[2013.02.10 19:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.10 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.10 19:37:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.14 23:15:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Günter\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.10 13:13:51 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:13:51 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 13:13:12 | 001,333,420 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013.03.10 04:31:15 | 000,028,402 | ---- | M] () -- C:\Users\Günter\Desktop\victoria.rtf
[2013.03.10 04:09:40 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2013.03.10 03:45:47 | 000,207,008 | ---- | M] () -- C:\Users\Günter\.recently-used.xbel
[2013.03.10 01:49:56 | 112,772,527 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.03.10 01:49:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2047451371-61689433-22939536-1000UA.job
[2013.03.09 22:49:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2047451371-61689433-22939536-1000Core.job
[2013.03.09 18:27:12 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini
[2013.03.09 03:13:11 | 000,000,213 | ---- | M] () -- C:\Users\Günter\Desktop\trivia.rtf
[2013.03.09 01:27:37 | 000,033,792 | ---- | M] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.06 00:34:41 | 000,180,013 | ---- | M] () -- C:\Users\Günter\Desktop\tumblr_mfai8mBSDS1rb4y31o8_250.gif
[2013.03.05 02:42:42 | 000,088,360 | ---- | M] () -- C:\Users\Günter\Desktop\avatar-3829bb77-12.png
[2013.03.04 12:19:58 | 000,323,659 | ---- | M] () -- C:\Users\Günter\Desktop\anigif.gif
[2013.03.04 10:00:56 | 001,052,976 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.03.04 09:58:40 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.04 09:09:40 | 000,315,878 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt1.jpg
[2013.03.04 09:07:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.03.04 09:07:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.03.04 09:07:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013.03.04 09:07:24 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013.03.04 09:07:24 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013.03.04 08:54:38 | 000,043,226 | ---- | M] () -- C:\Users\Günter\Desktop\OEeGFwtk8tAnfiMuRp00QjaTwMb5NlnvlvY2xAnKdEpMXLCrCG3Tfb9YEhbtaDXe.jpg
[2013.03.04 02:45:31 | 000,090,685 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-1.jpg
[2013.03.04 02:21:14 | 000,056,201 | ---- | M] () -- C:\Users\Günter\Desktop\pg3.jpeg
[2013.03.03 13:50:54 | 003,843,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.02 14:42:21 | 000,448,050 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-1.psd
[2013.03.02 14:42:16 | 000,609,532 | ---- | M] () -- C:\Users\Günter\Desktop\Unbenannt-2.psd
[2013.02.24 16:36:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.24 16:36:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.24 16:36:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.24 16:36:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.19 00:30:09 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.02.12 01:46:16 | 012,792,379 | ---- | M] () -- C:\Users\Günter\Desktop\tom-felton-001.psd
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.10 03:45:47 | 000,207,008 | ---- | C] () -- C:\Users\Günter\.recently-used.xbel
[2013.03.09 03:13:11 | 000,000,213 | ---- | C] () -- C:\Users\Günter\Desktop\trivia.rtf
[2013.03.06 00:34:44 | 000,180,013 | ---- | C] () -- C:\Users\Günter\Desktop\tumblr_mfai8mBSDS1rb4y31o8_250.gif
[2013.03.05 02:35:19 | 000,088,360 | ---- | C] () -- C:\Users\Günter\Desktop\avatar-3829bb77-12.png
[2013.03.04 12:19:58 | 000,323,659 | ---- | C] () -- C:\Users\Günter\Desktop\anigif.gif
[2013.03.04 09:09:39 | 000,315,878 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt1.jpg
[2013.03.04 08:54:38 | 000,043,226 | ---- | C] () -- C:\Users\Günter\Desktop\OEeGFwtk8tAnfiMuRp00QjaTwMb5NlnvlvY2xAnKdEpMXLCrCG3Tfb9YEhbtaDXe.jpg
[2013.03.04 02:48:55 | 000,028,402 | ---- | C] () -- C:\Users\Günter\Desktop\victoria.rtf
[2013.03.04 02:45:30 | 000,090,685 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-1.jpg
[2013.03.04 02:21:17 | 000,056,201 | ---- | C] () -- C:\Users\Günter\Desktop\pg3.jpeg
[2013.03.02 14:14:37 | 000,609,532 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-2.psd
[2013.03.02 14:14:33 | 000,448,050 | ---- | C] () -- C:\Users\Günter\Desktop\Unbenannt-1.psd
[2013.02.12 01:46:12 | 012,792,379 | ---- | C] () -- C:\Users\Günter\Desktop\tom-felton-001.psd
[2012.11.29 21:12:03 | 003,402,281 | ---- | C] () -- C:\Users\Günter\DSCI1730.JPG
[2012.11.29 21:12:03 | 003,336,365 | ---- | C] () -- C:\Users\Günter\DSCI1731.JPG
[2012.11.29 21:12:03 | 003,271,172 | ---- | C] () -- C:\Users\Günter\DSCI1729.JPG
[2012.10.04 02:38:20 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.09.14 23:15:55 | 000,087,608 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\inst.exe
[2012.09.14 23:15:55 | 000,007,887 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\pcouffin.cat
[2012.09.14 23:15:55 | 000,001,144 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\pcouffin.inf
[2012.09.14 04:41:11 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.09.10 01:13:31 | 000,030,008 | ---- | C] () -- C:\Windows\unvpeye.ini
[2012.09.10 01:07:10 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2012.08.29 19:08:47 | 001,052,976 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.08.29 19:08:47 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.07.29 22:52:14 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe
[2012.07.29 22:52:14 | 000,002,331 | ---- | C] () -- C:\Windows\unins001.dat
[2012.07.29 22:47:45 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.29 22:47:45 | 000,000,861 | ---- | C] () -- C:\Windows\unins000.dat
[2012.07.14 04:18:08 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2012.06.18 16:34:20 | 001,050,665 | ---- | C] () -- C:\Users\Günter\loveu46k0lajie9sqtnf86xi.png
[2012.06.03 13:02:44 | 000,001,456 | ---- | C] () -- C:\Users\Günter\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.05.25 19:26:15 | 000,000,132 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.14 09:22:04 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini
[2012.03.21 21:37:37 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2011.12.15 00:33:07 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2010.12.09 17:11:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.26 17:48:20 | 000,001,057 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\vso_ts_preview.xml
[2010.09.17 19:26:38 | 000,008,592 | ---- | C] () -- C:\Users\Günter\AppData\Local\d3d9caps.dat
[2010.06.09 00:28:20 | 000,033,792 | ---- | C] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.29 18:11:44 | 000,000,046 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\AVSMediaPlayer.m3u
[2010.05.27 18:30:51 | 000,000,000 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\AVSDVDPlayer.m3u
[2009.01.03 16:50:37 | 000,000,000 | ---- | C] () -- C:\Users\Günter\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2013.02.05 01:23:54 | 000,005,693 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\L.png
[2013.02.05 01:24:50 | 000,007,753 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\N.png
[2013.02.05 01:26:20 | 000,006,896 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2047451371-61689433-22939536-1000\$RI8UHG0\U.png
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.05 11:04:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Abra Academy2
[2008.10.31 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console
[2010.11.03 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Alawar
[2012.03.13 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Alawar Entertainment
[2011.06.29 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Ambient Design
[2012.11.02 06:03:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AnvSoft
[2010.09.15 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Artifex Mundi
[2010.05.29 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Ashampoo
[2011.12.23 04:16:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\avidemux
[2010.09.20 21:24:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\BarbarianGames
[2011.02.07 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bluefishv1002
[2012.05.28 02:33:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.23 04:12:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.12.12 20:17:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2012.10.28 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DVDVideoSoft
[2010.09.24 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\EleFun Games
[2010.07.29 00:00:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ERS G-Studio
[2009.01.03 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi
[2013.02.12 21:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FileZilla
[2012.07.29 22:47:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Flatcast
[2010.10.28 12:37:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Flood Light Games
[2010.05.30 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FloodLightGames
[2010.06.14 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FlyWheelGames
[2010.12.17 07:03:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Freeze Tag
[2012.03.14 03:05:03 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\freshgames
[2010.07.28 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Fugazo
[2010.09.08 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FUJIFILM
[2010.09.16 21:21:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Gaijin Ent
[2010.06.04 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Game Mill Entertainment
[2011.02.19 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Games
[2011.02.17 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Green Clover Games
[2013.03.10 03:45:47 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0
[2011.02.27 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\HdO Adventure
[2013.03.04 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ICQ
[2010.11.01 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\iMaxGen
[2012.11.15 02:02:44 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IMVU
[2012.11.14 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IMVUClient
[2010.05.26 21:50:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\iWin
[2012.03.13 15:56:24 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\JaiboGames
[2011.02.11 00:49:40 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Jetsetter
[2012.05.21 23:17:10 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\kiosk__
[2010.07.29 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Magic3
[2012.10.14 03:51:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\MAGIX
[2012.03.11 22:25:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Meridian93
[2010.12.20 06:54:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Mutant Arcade
[2010.09.21 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\My Games
[2011.08.05 11:04:27 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2010.09.18 02:39:58 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Nevosoft Games
[2013.01.20 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Notepad++
[2011.06.24 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ooVoo Details
[2012.10.30 14:36:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenCandy
[2012.04.07 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Opera
[2010.09.15 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PeaceCraft2
[2011.01.13 01:21:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PhotoFiltre
[2012.09.30 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PhotoScape
[2012.03.11 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PlayFirst
[2012.03.16 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PlayPond
[2010.08.27 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Playrix Entertainment
[2011.02.25 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PoBros
[2010.08.09 22:18:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Purple Patch Games
[2010.08.09 14:04:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Registry Mechanic
[2011.07.06 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Samsung
[2010.09.24 20:32:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\ShinyTales
[2011.02.18 17:44:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Silverback Productions
[2011.03.04 04:44:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Spooky Runes
[2013.03.10 13:33:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Spotify
[2012.05.30 17:19:59 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.13 20:35:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Stand O'Food 3
[2011.04.16 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TeamViewer
[2009.01.03 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template
[2011.06.24 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TIPP10
[2012.07.14 06:55:13 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrojanHunter
[2011.10.30 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software
[2012.07.04 15:35:06 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Unity
[2010.07.20 07:23:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\URSE Games
[2010.05.26 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\URSoft
[2012.02.23 23:02:06 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\UseNeXT
[2011.02.24 16:04:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\V-Games
[2010.09.16 00:46:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\VeniceMysteryData
[2012.10.18 02:17:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Vso
[2011.02.18 06:46:26 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\World-Loom
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.09.03 18:12:27 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쐈Ĝ
[2012.09.03 18:12:27 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쐈Ĝ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00F78F7C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8247A199
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:E54FC174
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >
         
--- --- ---

und einmal der extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.03.2013 13:40:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Günter\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,62% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 19,13 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 12,70 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
 
Computer Name: GÜNTER-LAPTOP | User Name: Günter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2047451371-61689433-22939536-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36CCB4A3-40CF-4634-AD8B-D55189C32775}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{818CCB94-0D15-4030-8028-3A4BA0780747}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A10E9278-5A8A-4C63-98E9-D6EFAD0DE59E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CF9DE8AC-CA70-4AD5-AA1C-2CB77AC61E61}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0733F101-C962-40F1-9BBE-5F3F5128A37C}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{0D8AEE10-96C2-498F-AEB7-7902F449EFB9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{10437D36-35DE-4A86-B6DE-9352D775BB86}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{108321D7-3947-446D-BFAC-2BBF8065AB33}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{174A65DF-7D01-4F73-A290-D5F0CC637A8D}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{18AADF8E-F7E3-4E4D-8DA4-EC6E85CD2D99}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{194D9E78-D10D-4C8D-A171-D48CBE43EF07}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{204BB525-027C-44C4-B6FC-9BB59DF775CF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe | 
"{2C4BDA9E-1363-48BE-B1BC-A8306B62FF43}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{36BE8D3B-84C9-43EE-9F89-AADE1DFFA481}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{410E5F48-924B-416B-9A96-0F70F76FA965}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{41F02926-51A5-432F-AAA6-FD467BC3631E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{42E91586-7AA7-4EC4-85E7-2A590B91CB38}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{45442FB8-E642-4AF9-9CE9-F0C4EFFA0066}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe | 
"{4766B1A4-ED58-4D64-9C93-FBA6619BECFA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{5B019B3C-45CB-4A74-BD12-608FE374CDB6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{5BDF34A1-E198-49C5-932B-BB16B8AC3AD0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{5D000235-4036-425E-9F37-5759E5E48319}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5E497CCD-B043-49E6-B442-B18F5BEBA680}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{657C286D-07D4-4594-844A-1DE59C1CE584}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{6D2AD79B-A713-4C19-AE8F-B3A9F922F89F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{6D41BBC8-3313-46DE-AE4A-8441CFF5CF1E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{71C466A5-3F28-4C6B-8FE3-F41AA9F5BD18}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{7E9309F2-9442-4C5D-9A67-506E8CE8D6AE}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{7F40A20A-ECCF-4B08-AAE4-34BB517B06C5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{86AB5221-F056-4E52-9DC5-F94A59240ECC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{8E021C0A-7D58-4FCC-AC55-2F9A1A3C2521}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{95D9C668-E86E-49CE-A073-D46DE976CD15}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{999A10A1-859C-488D-A12E-056C08BBEA04}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{AACAD7E7-4107-4CDF-89F8-344FCF345033}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{BCF0C634-BACC-424A-9A65-D88148DBF9CD}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 
"{C1406FE9-9EA8-4C2D-A079-8E0672AE1CB3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{D0699951-BE88-49F6-8611-FC8F47C514C3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{D16BE595-3874-447A-8280-A56BDB9E64C6}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{D803DF9D-805F-4730-AD9E-B058E98F7FAC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D8428B6B-E8F2-45DF-8D77-AA10181D3F15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7BC0F42-8139-48E4-A226-EE254FD3E9F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{F09D74FE-1D02-4500-8A0B-146401C0526E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{F627B85B-D91B-4F56-8332-0536570C6223}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{F85A475D-AA77-4C6F-B954-28B8370D6943}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0710A0C4-05D9-412D-AC50-5136B11A95B7}" = ArtRage 2 Starter Edition
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09EEB39E-9CDC-4376-917A-E9AF098C40DC}" = O&O Defrag Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Conceptronic CLLCHATCAM webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = Kiwee Toolbar for Internet Explorer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"AVG Secure Search" = AVG Security Toolbar
"AVG9Uninstall" = AVG 9.0
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Escape Whisper Valley_is1" = Escape Whisper Valley
"facemoods" = Facemoods Toolbar
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Firestorm" = Firestorm
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"FormatFactory" = FormatFactory 3.0.1
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.903
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Jewel Charm_is1" = Jewel Charm
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Mysteries of Horus_is1" = Mysteries of Horus
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"PhotoScape" = PhotoScape
"SeaMonkey 2.13.2 (x86 de)" = SeaMonkey 2.13.2 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 3" = Topaz Detail 3
"Topaz ReMask 3" = Topaz ReMask 3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"Utherverse VWW Client" = Utherverse VWW Client
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WNLT" = IB Updater Service
"YU2010_is1" = Your Uninstaller! 2010
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2047451371-61689433-22939536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"PhotoFiltre" = PhotoFiltre
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2012 16:13:05 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.03.2012 21:39:30 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.03.2012 23:44:40 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2012 14:57:05 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2012 07:38:15 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2012 07:49:37 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2012 08:10:31 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2012 10:36:31 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.03.2012 09:11:08 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.03.2012 19:04:08 | Computer Name = Günter-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.03.2013 06:34:49 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.03.2013 08:13:59 | Computer Name = Günter-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 11.03.2013, 11:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.03.2013, 18:14   #3
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



danke fürs Willkommen heißen.
also eigentlich nein. also keine Logs. Ich hab einen Virentest mal mit AVG Anti-Virus gemacht. was anderes hab ich hier auch nicht. Und Logs habe ich davon jetzt nicht hier.
__________________

Alt 11.03.2013, 21:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Hatte AVG denn jemals etwas gefunden?


Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logs bitte immer in CODE-Tags posten

Alt 11.03.2013, 21:08   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Hatte AVG denn jemals etwas gefunden?


Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
Logs bitte immer in CODE-Tags posten

Alt 12.03.2013, 03:56   #6
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



also ich hab das mal eben vorzeitig gestoppt denn ich hab das bekommen ich habe die mbar.exe gestartet und da wusste ich jetzt nicht was ich da machen soll daher hab ich erstmal aufgehört


Alt 12.03.2013, 16:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Da bitte auf nein klicken und normal weitermachen
__________________
Logs bitte immer in CODE-Tags posten

Alt 12.03.2013, 23:02   #8
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



also der Scan von GMER:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-12 03:46:59
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\GNTER~1\AppData\Local\Temp\awriykow.sys


---- System - GMER 2.1 ----

SSDT            8CBF4774                                                                                      ZwCreateThread
SSDT            8CBF4760                                                                                      ZwOpenProcess
SSDT            8CBF4765                                                                                      ZwOpenThread
SSDT            8CBF476F                                                                                      ZwTerminateProcess
SSDT            8CBF476A                                                                                      ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                 82CB28E4 4 Bytes  [74, 47, BF, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                 82CB2AB4 4 Bytes  [60, 47, BF, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                 82CB2AD0 4 Bytes  [65, 47, BF, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                 82CB2CE4 4 Bytes  [6F, 47, BF, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                 82CB2D44 4 Bytes  [6A, 47, BF, 8C]
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                         entry point in "" section [0xAAD3941C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                         unknown last code section [0xAAD3A000, 0x1000, 0xE0000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[2516] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                    7696B37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD [ES:EAX], DL}
.text           C:\Program Files\OO Software\Defrag\oodag.exe[2616] kernel32.dll!SetUnhandledExceptionFilter  7620A8B5 5 Bytes  JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                       Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                       Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                       avfwot.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                       avfwot.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                     avfwot.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                         
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL         A9BCE75049BCA8A9CED073DC8FBCE9EF7C61177E4E41AB1C1A573E97ECD66C3BD3A04508F4815B202114EB577DD9EE91A6561274F9475093E053CC8946398F409DCF445110022FABCDFB638B89357C599D205DFBEB18394663DB757551AB107A5CE9A87954B65FB6367E17E986ECD3A3EEB14A42B59ECD9C00F73F6A7D819A06D9AECD12ADF97EAEB237D4A201848ACF201CBBBA1EA5C80A8754C2BD6D6D3081558523F03C88F0050E64812E35E30BBD2999AC1D205DB77E3F43AD86790BA294007829AD5507EEAE8768134415D691577605FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808A6171C11EC38DE3DA895364ED0FB687EF98F336EA6DD788D79E2559DA9C13AEB2476B6119C2945871C98552FC45FDF0F59E9BFEEC3711D97A6DC204D3A35C8DB74C38CCB48DCA684F874B087CC9EFB811E6E3BD888EDECF7C89E27047D3D28B860ACCF042CD7E6CC38DAD55119C8B39237EFCECCAB4F8CE0613DD1304CE54B4C2025440FE6D8E465E8BE046AAEEEF21EA98459D4B59994AB0B8D3A9F56C596880263E0A56F2671F9AD5BB116E5A518A88A85EAD905D39054F0AC2E889EF26204E56651668A0854D5BCAC85F9EC0876D98691C9ADCA880079527931037B097CF5C06C7451554

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                         unknown MBR code

---- EOF - GMER 2.1 ----
         
und der erste MBAR Scan:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]

12.03.2013 22:35:25
mbar-log-2013-03-12 (22-35-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31258
Time elapsed: 18 minute(s), 5 second(s)

Memory Processes Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 2232 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKLM\SOFTWARE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Api (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\INPROCSERVER32 (Adware.Yontoo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKCU\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\Program Files\yontoo layers runtime\yontooieclient.dll (Adware.Yontoo) -> Delete on reboot.
c:\Users\Günter\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Delete on reboot.
c:\Users\Günter\AppData\Roaming\Adobe\plugs\mmc30.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.

(end)
         
und nach dem zweiten scan
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]

12.03.2013 22:57:22
mbar-log-2013-03-12 (22-57-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31188
Time elapsed: 16 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 13.03.2013, 00:11   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Zitat:
Database version: v2013.02.15.09
Warum bitte wurde MBAR vorher nicht aktualisiert?
__________________
Logs bitte immer in CODE-Tags posten

Alt 13.03.2013, 00:14   #10
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



hatte ich doch zumindest dachte ich ich hatte das.
soll ich nen update machen und nochmal scannen?

Alt 13.03.2013, 08:35   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Ja sicher sollst du das - ein Scan mit vier Wochen alten Sigs ist ziemlich sinnfrei

Außerdem hast du meine bzgl. AVG Antivirus gestellte Frage nicht beantwortet
__________________
Logs bitte immer in CODE-Tags posten

Alt 13.03.2013, 17:57   #12
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Zitat:
11.03.2013 18:14
Sasaleinx333
AW: My Start Incredibar bei Google Chrome
danke fürs Willkommen heißen.
also eigentlich nein. also keine Logs. Ich hab einen Virentest mal mit AVG Anti-Virus gemacht. was anderes hab ich hier auch nicht. Und Logs habe ich davon jetzt nicht hier.
natürlich habe ich das
sprich ich habe keine ahnung wo und ob AVG logs macht und bisher hatte ich keinen Grund mir sowas zu speichern von mir aus weil ich vorher nicht auf diesem Board hier war und wie gesagt ANFÄNGERIN bin. und ich dachte bei dem download ist das die neuste version ich hab doch davon keine ahnung

Alt 13.03.2013, 21:37   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Meine Frage zu Avast ob es jemals was gefunden hat, dann erst stellt sich die Frage nach Logs
Und bitte den Scan mit MBAR machen, mit aktuellen Sigs bitte
__________________
Logs bitte immer in CODE-Tags posten

Alt 16.03.2013, 04:33   #14
Sasaleinx333
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Ja gefunden hatte er was, aber zu den Zeitpunkten wurden die auch direkt gelöscht.
und nun nach dem update:

MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-LAPTOP [administrator]

16.03.2013 04:27:26
mbar-log-2013-03-16 (04-27-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31040
Time elapsed: 16 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 16.03.2013, 18:47   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
My Start Incredibar bei Google Chrome - Standard

My Start Incredibar bei Google Chrome



Zitat:
Ja gefunden hatte er was, aber zu den Zeitpunkten wurden die auch direkt gelöscht.
Und warum postest du die Logs nicht?
Ich hab dich doch schon in meiner ersten Antwort gebeten alle Logs zu posten!
__________________
Logs bitte immer in CODE-Tags posten

Antwort

Themen zu My Start Incredibar bei Google Chrome
avg, avg secure search, avg security toolbar, avira, bho, browser, cid, converter, defender, error, firefox, flash player, format, freeze, google, home, install.exe, logfile, my start incredibar loswerden, object, plug-in, presentationhost.exe, realtek, recycle.bin, registry, rundll, scan, secure search, security, software, spotify web helper, svchost.exe, vista, vtoolbarupdater



Ähnliche Themen: My Start Incredibar bei Google Chrome


  1. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Log-Analyse und Auswertung - 26.08.2015 (1)
  2. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Alles rund um Windows - 25.08.2015 (1)
  3. Kaum mache ich Google Chrome an sagt Avast ich hätte Virenseiten am start
    Plagegeister aller Art und deren Bekämpfung - 28.06.2015 (20)
  4. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  5. Computer wird beim Start von Google Chrome extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (11)
  6. kurz nach google chrome start funktioniert Internetverbindung teilweise nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (6)
  7. Google Chrome ist abgestherzt...Meldung erscheint bei jedem Browser Start
    Log-Analyse und Auswertung - 29.01.2014 (19)
  8. bei jedem start von google chrome erscheint trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (6)
  9. newtab incredibar in Google-Chrome
    Log-Analyse und Auswertung - 16.04.2013 (5)
  10. my start by incredibar bei neuem Tap in Chrome
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (3)
  11. Programme und Spiele crashen direkt nach Start.- Google chrome lädt keine Internet Seiten.
    Alles rund um Windows - 10.03.2013 (0)
  12. MY start Incredibar auf google chrome
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (27)
  13. Incredibar bei google chrome nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (2)
  14. Startfenster.com bei Start von Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (9)
  15. Mystart incredibar verschwindet nicht aus Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (17)
  16. MY start incredibar entfernen durch Downloads auf Google startseite
    Log-Analyse und Auswertung - 13.10.2012 (2)
  17. mystart.incredibar infiziert mit Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (38)

Zum Thema My Start Incredibar bei Google Chrome - Ich hab google durchforstet aber da ich die enddateien von OTL hier hinposten soll, tu ich das auch direkt mal. Ich muss dazu sagen ich bin was das angeht ein - My Start Incredibar bei Google Chrome...
Archiv
Du betrachtest: My Start Incredibar bei Google Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.