Word Datei verschlüsselt oder kann Sie nicht öffnen

J3142 · 25.05.2013, 11:42

TL logfile created on: 19.05.2013 10:40:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herrmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free
6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32

Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Herrmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - c:\Programme\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
PRC - C:\Programme\A Note\A Note.exe (A Note)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
PRC - C:\Programme\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbtcoms.exe ( )

========== Modules (No Company Name) ==========

MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Lexmark 5200 Series\lxbtdrec.dll ()
MOD - C:\Programme\Lexmark 5200 Series\iptk.dll ()

========== Services (SafeList) ==========

SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ColorZillaStatsUpdater) -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpKsl0ea6c5c3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl0ea6c5c3.sys (Microsoft Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\Windows\System32\drivers\avmwan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01 [binary data]
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M]

[2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227)
[2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228)
[2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229)
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com
[2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com
[2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml
[2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml
[2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml
[2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml
[2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml
[2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\
CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\
CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\

O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3)
[2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip
[2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express
[2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt
[2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10
[2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution
[2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899}
[2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid
[2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei
[2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar
[2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170}
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18)
[2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19)
[2013.05.18 17:58:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.18 15:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier
[2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly
[2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8}
[2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E}
[2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8}
[2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710}
[2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70}
[2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4}
[2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg
[2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94}
[2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06}
[2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49}
[2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253}
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job
[2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:42:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.23 15:42:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job
[2013.05.19 10:41:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.19 10:41:07 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:41:07 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:41:07 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:41:07 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.19 10:36:08 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.05.19 10:34:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.19 10:34:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.19 10:34:37 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini
[2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep
[2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk
[2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini
[2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.05.19 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note
[2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon
[2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon
[2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard
[2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite
[2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro
[2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite
[2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ!
[2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy
[2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org
[2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft
[2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater
[2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus
[2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w
[2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution
[2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify
[2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software
[2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue
[2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer
[2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo

========== Purity Check ==========

< End of report >

upload hat geklappt

markusg · 25.05.2013, 11:48

ok.
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte

wenn erledigt kurz melden bitte

J3142 · 25.05.2013, 11:48

upload hat geklappt

markusg · 25.05.2013, 11:51

hatte dein Antimalware programm angeschlagen in der Zwischenzeit?
der Upload des java Caches hat nich geklappt.
falls zu groß:
www.file-upload.net
da hochladen, link als private Nachicht an mich

J3142 · 25.05.2013, 12:06

hab ein upload gesendet

markusg · 25.05.2013, 12:07

frage beantworten noch bitte.
gab es Funde, wenn ja welche?

J3142 · 25.05.2013, 12:12

ja es kam eine Meldung weiß aber nicht mehr was da stand :-(

markusg · 25.05.2013, 12:25

dann schau deine Programme durch, mse oder avast, denn ich weis erst recht nich was da stand, sitze ja nich an dem PC :-)
bei avast evtl. auch in die Quarantäne schaun

J3142 · 25.05.2013, 12:37

was anderes sind jetzt meine Word-Dateien und Bilder nicht mehr zu gebrauchen.

markusg · 25.05.2013, 12:38

weis ich bisher nicht, ich benötige die angeforderten infos, also wer hat gelöscht?

J3142 · 25.05.2013, 13:04

hab noch einmal mit Avast geprüft und es kam keine Meldung

markusg · 25.05.2013, 13:08

stand was von ner weiteren Prüfung? du musst das machen was ich poste sonst hatts halt auch nich so viel sinn... programme durchgehen, avast, mse und gucken ob es in den quarantäne ordnern, logs, protokollen etc funde gibt

J3142 · 25.05.2013, 13:19

Virus Container:

invoice copy.zip Mail/Inbox/>Subj:invoice copy<

hoffentlich kann ich damit helfen

markusg · 25.05.2013, 13:21

gibts noch mehr funde? falls nein schau als nächstes in microsoft security essencials (mse)

markusg · 25.05.2013, 13:23

weitere Frage, hattest du diese Zip datei geöffnet? scheint via mail gekommen zu seinb

25.05.2013, 11:48	#17
markusg /// Malware-holic	Word Datei verschlüsselt oder kann Sie nicht öffnen ok. für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte wenn erledigt kurz melden bitte __________________ __________________

25.05.2013, 12:07	#21
markusg /// Malware-holic	Word Datei verschlüsselt oder kann Sie nicht öffnen frage beantworten noch bitte. gab es Funde, wenn ja welche? __________________ --> Word Datei verschlüsselt oder kann Sie nicht öffnen

Word Datei verschlüsselt oder kann Sie nicht öffnen

Plagegeister aller Art und deren Bekämpfung: Word Datei verschlüsselt oder kann Sie nicht öffnen