| jakobine | 06.08.2012 18:08 |
mehrere Viren...
Hei,
Antivir meldete 6 Viren, dann ging nix mehr, antivir gelöscht, neu installiert, malwarebytes drüberlaufen lassen, fund 3 viren, emisoft, fund 1 virus, alles in Quarantäne, leider nix mehr beweisbar...
Die Dokumentation vom 1. virenscanner antivir ist futsch, leider, aber ich weiß, dass es ein explosiv trojaner war...
Lange Rede kurzer Sinn:
Folgendes kann ich zur Verfügung stellen und bitte um eine Rückmeldung, ob daraus etwas ersehbar ist - und was ich jetzt machen muss...
Denn neu aufsetzen, so was alles kann ich nicht...
1015 Danke für Eure Mühe - bin in guter Hoffnung...
dass alles sich zum Guten wendet. Zitat:
Zitat von jakobine
(Beitrag 885363)
Folgendes kann ich zur Verfügung stellen und bitte um eine Rückmeldung, ob daraus etwas ersehbar ist - und was ich jetzt machen muss...
| OTL Logfile: Code:
OTL logfile created on: 06.08.2012 18:12:03 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ulla\Documents\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 63,51% Memory free
7,73 Gb Paging File | 5,95 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS
Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-81031156-1337381111-699570776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions
[2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions
[2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com
[2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml
[2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml
[2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-81031156-1337381111-699570776-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKU\S-1-5-21-81031156-1337381111-699570776-1000..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.06 18:08:02 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\OTL
[2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware
[2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes
[2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3}
[2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B}
[2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC}
[2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047}
[2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira
[2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun
[2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus
[2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera
[2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc
[2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D}
[2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784}
[2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB}
[2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5}
[2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help
[2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner
[2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme
[2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken
[2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172}
[2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3}
[2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2}
[2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0}
[2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344}
[2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84}
[2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE}
[2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB}
[2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551}
[2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264}
[2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3}
[2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC}
[2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12}
[2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0}
[2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE}
[2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809}
[2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF}
[2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734}
[2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C}
[2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516}
[2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998}
[2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892}
[2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A}
[2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE}
[2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516}
[2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC}
[2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B}
[2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C}
[2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3}
[2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC}
[2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507}
[2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35}
[2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5}
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A}
[2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM
[2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9}
[2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744}
========== Files - Modified Within 30 Days ==========
[2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
========== Files Created - No Company Name ==========
[2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat
[2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt
[2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt
[2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf
[2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab
========== LOP Check ==========
[2012.03.23 17:02:14 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\calibre
[2011.10.17 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Canneverbe Limited
[2012.08.04 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2011.02.24 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Fabulous Finds
[2011.09.09 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Faerie Solitaire
[2011.03.19 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\FirstColony
[2011.06.11 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gaijin Ent
[2011.08.18 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Gogii Games
[2012.08.04 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\ICQ
[2012.02.19 17:49:01 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Leadertech
[2011.10.14 10:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\OpenOffice.org
[2012.08.04 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Opera
[2010.09.25 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Packard Bell
[2010.10.22 18:15:31 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\SNS
[2012.08.04 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2011.10.17 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Template
[2011.11.15 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Uniblue
[2012.07.06 20:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\WildTangent
[2012.08.04 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2011.04.27 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Ulla\AppData\Roaming\Windows Live Writer
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012.02.22 15:27:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 06.08.2012 17:49:54 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ulla\Documents\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,35% Memory free
7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 211,21 Gb Free Space | 74,37% Space Free | Partition Type: NTFS
Computer Name: ULLA-PC | User Name: Ulla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ulla\Documents\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm85&r=273609108455l04e4z105f4602c469
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F60036E0-9D52-411C-9945-6C5C2B7E03EE}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE398DE401
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6F55E6DB-8385-46B5-899E-E4043819C9A2}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={E8DF148B-7453-4E27-B51F-CDEC06E7BEDA}
IE - HKCU\..\SearchScopes\{F60036E0-9D52-411C-9945-6C5C2B7E03EE}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ulla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.04 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.11.15 20:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Extensions
[2012.06.18 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions
[2012.05.21 11:24:42 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Ulla\AppData\Roaming\mozilla\Firefox\Profiles\jb2f5sm4.default\extensions\ffxtlbra@softonic.com
[2012.02.26 18:28:55 | 000,002,060 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\softonic.xml
[2012.06.18 18:44:49 | 000,003,915 | ---- | M] () -- C:\Users\Ulla\AppData\Roaming\Mozilla\Firefox\Profiles\jb2f5sm4.default\searchplugins\sweetim.xml
[2012.07.04 16:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.11.15 20:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.04 16:35:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.18 22:56:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 22:56:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.18 22:56:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 22:56:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 22:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 22:56:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found
O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Ulla\AppData\Roaming\Google Inc.\{2ACE8A69-A35A-42DA-9D64-30868A3A0A65}\UpgradeHelper.exe File not found
O4 - Startup: C:\Users\Ulla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6952C9A9-FF9C-4B34-8A2E-689CC8CF6B95}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.06 13:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.08.06 13:30:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Anti-Malware
[2012.08.06 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Malwarebytes
[2012.08.06 11:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.06 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FEC742B3-6BD8-4B52-A1B6-EFAD465306A3}
[2012.08.06 09:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B881558F-50C9-48EC-B8BB-F94A1098AA8B}
[2012.08.05 22:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.05 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{4A4954FB-C205-49AE-88FF-155867D3BEBC}
[2012.08.05 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0C3B557C-1DB5-4A82-81F1-6979D3E92047}
[2012.08.04 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Avira
[2012.08.04 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.04 21:53:53 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.04 21:53:53 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.04 21:53:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.04 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.04 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Dropbox
[2012.08.04 18:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Windows Desktop Search
[2012.08.04 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Sun
[2012.08.04 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Recherche virus
[2012.08.04 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Opera
[2012.08.04 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Google Inc
[2012.08.04 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0579F993-B289-4BCC-8642-95827179BE4D}
[2012.08.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{CC1E722A-BF62-4BD4-B9B5-F80A2A8C4784}
[2012.08.03 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{B0E673D3-5CC8-4A20-88CE-4E80651076EB}
[2012.08.03 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F61D28D7-D6C3-4CD9-BA1A-D03C960419E5}
[2012.08.02 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\Help
[2012.08.02 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Roaming\TeamViewer
[2012.08.02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.08.02 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Neuer Ordner
[2012.08.02 18:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.02 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.02 18:17:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.02 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Programme
[2012.08.02 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Ulla\Documents\Stic ken
[2012.08.02 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{32BECA99-31BB-4530-8ABA-D9B9C7EAA172}
[2012.08.02 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{22BF7EA5-D756-4FCC-96EB-6D6D775935B3}
[2012.08.01 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D5E15078-B618-4192-94C0-AD232E0FBBD2}
[2012.08.01 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{43B7413B-6971-4D4F-9DB1-73ECC9FD53A0}
[2012.07.30 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6A119CA8-F700-457A-85CB-FA9F61B63344}
[2012.07.30 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AD271BAB-DFA6-4E9E-BE11-605BE413DB84}
[2012.07.29 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{F4111AD1-A094-4885-AAF7-CC82C98DF4AE}
[2012.07.29 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{50F191E2-85CA-4803-B7AF-D8B3269F42DB}
[2012.07.29 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0981E10A-9204-4E3C-89E2-E9678C697551}
[2012.07.29 08:42:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D28674A2-73B3-47D9-B56B-8638B8F26264}
[2012.07.28 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FE7E8F8A-A762-4BF7-A313-5B2664C968A3}
[2012.07.28 22:56:05 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{9B49A3D1-A430-43FA-8465-B5254A1224FC}
[2012.07.28 07:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{14DEAD38-92A7-4FE0-9C0B-F5B21DEA3C12}
[2012.07.28 07:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{C5077A9A-03A8-409C-B71D-10447EA41FF0}
[2012.07.28 07:51:46 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{1FAFBE76-4235-4BBD-893B-297A9D549DDE}
[2012.07.27 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AAB762F5-19D3-4380-830C-FB8213206809}
[2012.07.24 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{085932CA-7675-4A93-81BC-CAD8084A7BBF}
[2012.07.24 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{3333EC0C-A8FF-418F-8A50-A74DCF633734}
[2012.07.24 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E2FD3C77-3341-4C0F-91CA-76AD5BCBC47C}
[2012.07.24 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{AC693DEE-9BBC-4331-BAA6-45041684F516}
[2012.07.24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{70804163-E7B0-454A-AA69-A9A72F68C998}
[2012.07.24 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{643E3A85-62A4-47FC-81DF-D7BFEEBFD892}
[2012.07.24 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{6AF98836-6FC2-4B84-9B2F-5AC3174D8A1A}
[2012.07.20 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2BF940F6-025F-4732-B21B-35B0F8D67EEE}
[2012.07.20 13:27:25 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{62D4644F-326B-4556-B627-EEC86C419516}
[2012.07.19 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{E81865E3-3185-4291-A5E0-3464D8B11EFC}
[2012.07.19 18:46:29 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{D00C9288-BF26-4F16-B171-D6E6AD45067B}
[2012.07.18 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{FB7D7459-7F90-4B7D-8CFD-A9261F04167C}
[2012.07.18 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{0AAE31A2-BC81-4B40-ADCD-B928C393EFC3}
[2012.07.17 20:39:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.17 20:39:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.17 20:39:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.17 20:39:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.17 20:39:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.17 20:39:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.17 20:39:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.17 20:39:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.17 20:39:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.17 20:39:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.17 20:39:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.17 20:39:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.17 20:39:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{2F1A7CD3-E767-48F0-A62B-E99A38AEB0EC}
[2012.07.16 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{8F492BDC-0F6C-4520-BB71-DA0480C00507}
[2012.07.14 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{85643DB1-8B3D-4577-B740-119DB009FF35}
[2012.07.14 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{605BC352-4983-493C-A910-F09C6B9B29C5}
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.13 22:26:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.13 22:26:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.13 22:26:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.13 22:26:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{A018226F-98F0-46FB-8065-16849895FD6A}
[2012.07.10 12:55:35 | 000,000,000 | RH-D | C] -- C:\Users\Ulla\AppData\Roaming\SecuROM
[2012.07.08 09:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{DC6C6442-9255-450F-9F95-A7E50957FAD9}
[2012.07.08 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ulla\AppData\Local\{29745F5E-A331-4B34-BE66-2F3738B09744}
========== Files - Modified Within 30 Days ==========
[2012.08.06 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 17:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:11:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 17:03:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 17:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.08.06 17:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 17:02:36 | 3113,259,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 13:31:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.05 19:04:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 19:04:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 19:04:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 19:04:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 19:04:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 21:54:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 21:18:29 | 000,025,436 | ---- | M] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.03 13:21:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 13:21:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 18:59:45 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | M] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.18 20:46:06 | 000,364,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.16 23:09:54 | 000,001,265 | ---- | M] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.16 20:51:47 | 000,002,730 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk
========== Files Created - No Company Name ==========
[2012.08.06 13:31:09 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.04 21:54:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 18:57:10 | 000,025,436 | ---- | C] () -- C:\Users\Ulla\Documents\Virus 04 08 2012.odt
[2012.08.02 18:59:45 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.08.02 18:17:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.02 18:05:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.02 18:05:16 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.20 13:41:13 | 000,011,508 | ---- | C] () -- C:\Users\Ulla\Desktop\classicplus.png
[2012.07.16 23:09:54 | 000,001,265 | ---- | C] () -- C:\Users\Ulla\Desktop\farbtabellen____sticken - Verknüpfung.lnk
[2012.07.06 17:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.18 18:43:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.04.10 21:03:20 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.17 11:37:46 | 000,000,276 | ---- | C] () -- C:\Users\Ulla\AppData\Roaming\wklnhst.dat
[2011.10.16 11:26:19 | 000,013,747 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1.odt
[2011.10.15 22:01:35 | 000,011,593 | ---- | C] () -- C:\Users\Ulla\Unbenannt 1ulla.odt
[2011.09.20 23:26:34 | 000,254,676 | ---- | C] () -- C:\Users\Ulla\19.pdf
[2011.06.09 21:21:02 | 000,003,584 | ---- | C] () -- C:\Users\Ulla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 23:08:14 | 000,003,178 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Ulla\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Ulla\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Ulla\openofficeorg1.cab
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6BF0805F
< End of report >
--- --- --- |
