Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   appround.net, ad.yieldmanager Fenster tauchen ständig auf! Virus? (https://www.trojaner-board.de/133760-appround-net-ad-yieldmanager-fenster-tauchen-staendig-virus.html)

sellinchen 15.04.2013 16:51
appround.net, ad.yieldmanager Fenster tauchen ständig auf! Virus?
 
Hallo liebes trojaner-board.de-Team! :)
Ich habe ein Problem mit der Software meines Pc's. Ich habe vor kurzem Photoscape geöffnet, als eine Meldung kam, dass eine neue Version vorhanden ist. (Ich habe auf "Ja, neue Version installieren" geklickt, da ich diese Meldung bereits von einem Musikdownload Programm kenne und weiß, dass das Programm nicht mehr funktioniert, wenn ich es nicht aktualisiere.)
Ich wurde auf eine Seite geleitet, auf der ein Download Link abgebildet war. Ich habe die Datei heruntergeladen und ausgeführt, aber es passierte nichts, außer dass irgendwelche undefinierbaren Dateien gedownloadet wurden, mit denen ich nix anfangen konnte also habe ich sie wieder gelöscht. Es gab aber auch keine neue Photoscape-Verknüpfung oder ähnliches. Seitdem tauchen ständig Fenster auf, wenn ich ins Internet gehe oder im Internet auf Links klicke. Sogar wenn ich mich in mein Email-Fach einlogge, tauchen die auf. Meist steht in der Browserzeile etwas von appdata, appround.net oder ad.yieldmanager... Laut meinem Avira ist mein Pc sicher, aber im Internet kommen ständig Meldungen als Werbung an der Seite, dass mein Pc zu langsam sei und ich das verbessern könnte. Ich habe bis jetzt nichts davon angeklickt und mich in Google informiert. Dabei habe ich herausgefunden, dass das anderen auch schon passiert ist und das ein Virus sein könnte. Auf einer eurer Forumsseiten habe ich bereits einen Beitrag mit dem Titel "Habe " bprotector for windows " als Programm auf meinem Rechner gefunden - ist das ein Virus?" entdeckt. Ich habe mir die Anleitung angeschaut und bereits die Dateien gedownloadet, aber ich wollte mich trotzdem noch bei euch melden, da ich ja nicht sicher war, ob ich das gleiche Problem habe. Ich hoffe, ihr könnt mir helfen, denn mein Pc ist sehr wichtig für mich und ich habe Angst, meine gespeicherten Dateien zu verlieren, denn ich schreibe gerade meine Facharbeit...
Liebe Grüße und :dankeschoen: im Voraus, Sellinchen

PS: ich sollte vielleicht noch erwähnen, dass ich absolut unwissend bin, was Technikfachsprache angeht, also falls ihr euch dazu entschließen solltet, mir zu helfen, wäre ich dankbar, wenn ich nicht mit all zu viel Fachchinesisch überrannt werde ;)

aharonov 15.04.2013 18:12
Hallo Sellinchen,

Zitat:
ich habe Angst, meine gespeicherten Dateien zu verlieren,
Du solltest immer deine wichtigen Daten noch auf einem externen Datenträgen sichern!

Ich brauch mal einen ersten Überblick:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.

sellinchen 16.04.2013 20:06
Halli hallo, danke erstmal fürs melden. :)
Ich hab jetzt den Scan gestartet, das Fenster ist übrigens auf Deutsch, also weiß nicht ob das richtig war, dass ich auf Scan geklickt habe, aber irgendwie passiert da nix :D
Und nu? Wo werden die Fenster denn dann angezeigt?

aharonov 16.04.2013 20:38
Dann übersetz ich die Anleitung mal auf deutsch. :D


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registrierung, wähle bitte Benutze SafeList.
  • Setze den Haken bei Scanne alle Benutzer.
  • Klicke nun auf Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.


Nachdem du auf Scan drückst, passiert gar nichts? Der Scan kann schon ein Weilchen dauern. Zum Schluss öffnen sich zwei Textfiles mit dem Inhalt der Logs. Und sie werden auch wie beschrieben auf den Desktop gespeichert.
Immer noch nix? :)

sellinchen 16.04.2013 20:41
Also ich geh erstmal schlafen, sonst wird das heir nix :D
Bis morgen, dann versuch ich das nochmal :)

aharonov 16.04.2013 20:42
In Ordnung, gute Nacht. :)

sellinchen 17.04.2013 14:43
Hallo Leo,
also ich bin jetzt wieder da. Ich mache gerade seit ca. einer Minute den Scan und er lädt immerhin :D
Ich schreibe dann hier wenn ich die Dateien habe, die du genannt hast.
Sellinchen

das war im OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 17.04.2013 15:40:03 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\selina\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,10 Mb Total Physical Memory | 278,61 Mb Available Physical Memory | 27,50% Memory free
1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 179,08 Gb Free Space | 81,48% Space Free | Partition Type: NTFS
Drive D: | 14,91 Gb Total Space | 0,83 Gb Free Space | 5,57% Space Free | Partition Type: FAT32
Drive F: | 29,70 Gb Total Space | 6,98 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
 
Computer Name: SELINA-PC | User Name: selina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.16 20:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
PRC - [2013.04.08 21:02:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.08 21:02:10 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.08 21:02:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.08 21:02:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.25 18:26:56 | 000,079,384 | ---- | M] (Google) -- C:\Users\selina\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013.03.12 21:45:05 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.09 01:35:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.18 20:32:08 | 000,462,888 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2010.02.04 05:05:58 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 2600 Series\ezprint.exe
PRC - [2010.02.04 05:05:56 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
PRC - [2010.01.13 11:03:48 | 000,109,648 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.01.12 15:05:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.01.12 15:05:56 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.12.11 10:21:48 | 001,160,272 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.09.30 23:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009.09.30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009.09.30 23:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.11.28 16:12:40 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.12 21:45:05 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.09 01:35:57 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.04 05:05:56 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
MOD - [2010.01.12 15:06:06 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.23 15:49:06 | 000,782,336 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdndrs.dll
MOD - [2009.07.23 15:48:30 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnscw.dll
MOD - [2009.05.14 09:46:42 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007.10.12 14:24:46 | 000,364,544 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\iptk.dll
MOD - [2007.10.02 10:51:10 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007.05.29 03:39:08 | 000,589,824 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdndatr.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2013.04.08 21:02:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.08 21:02:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.12 21:45:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 01:35:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 20:32:08 | 000,462,888 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.13 11:03:48 | 000,109,648 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.12 15:05:56 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe -- (DfSdkS)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.11.28 16:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.04.08 21:03:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.08 21:03:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.08 21:03:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.08 21:03:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.01.09 21:03:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.03.09 16:25:42 | 000,228,904 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2010.03.03 10:30:26 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2010.03.03 10:30:24 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2010.02.22 12:03:34 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.03 12:06:00 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.01.25 19:57:48 | 000,054,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e36wscard.sys -- (e36wscard)
DRV - [2010.01.22 18:55:02 | 000,368,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2010.01.22 18:54:58 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2010.01.22 18:54:54 | 000,351,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2010.01.22 18:54:46 | 000,301,440 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010.01.05 02:55:00 | 001,252,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.12.14 10:03:40 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 18:46:22 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.06.02 13:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.02 13:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.02 13:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.vodafone.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=BA1ECE17-B9C1-4071-9E22-9AF37CF6C9E1
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{2C54CC4A-6DF6-45D2-B85E-5DFC056E51DA}: "URL" = hxxp://www.google.de
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.10
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.3
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:6.1
FF - prefs.js..extensions.enabledAddons: lrcspal%40xinghao.net:1.110
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.13.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\selina\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\selina\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 01:35:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 17:02:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files\XingHaoLyrics\FF\ [2013.03.20 16:33:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 01:35:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 17:02:02 | 000,000,000 | ---D | M]
 
[2011.12.09 18:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\Extensions
[2013.04.15 17:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions
[2012.10.04 15:13:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.04 15:13:25 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.09.07 12:46:54 | 000,560,397 | ---- | M] () (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\extensions\toolbar@web.de.xpi
[2012.10.04 15:12:55 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.09.07 12:47:00 | 000,002,209 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\englische-ergebnisse.xml
[2012.09.07 12:47:00 | 000,010,506 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\gmx-suche.xml
[2012.09.07 12:47:00 | 000,002,368 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\lastminute.xml
[2012.09.07 12:47:00 | 000,005,489 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\webde-suche.xml
[2013.03.09 01:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 01:35:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.20 16:33:40 | 000,000,000 | ---D | M] ("LyricsPal") -- C:\PROGRAM FILES\XINGHAOLYRICS\FF
[2013.03.09 01:35:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 16:58:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.27 16:58:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.27 16:58:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 16:58:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 16:58:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 16:58:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: No name found = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe\2_0\
CHR - Extension: Google Mail = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Programme\XingHaoLyrics\lrcspal.dll (XingHao Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-3165585071-2602327114-958861805-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418970DA-69C4-45E9-B08B-9BF553F3AC9B}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D8EABA-FB39-4265-975D-9B6E20F03D92}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20a00efb-f2aa-11e1-bb47-d48bdb1d77b3}\Shell - "" = AutoRun
O33 - MountPoints2\{20a00efb-f2aa-11e1-bb47-d48bdb1d77b3}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{b25ab738-6e99-11e0-8751-cfc68a77eebc}\Shell - "" = AutoRun
O33 - MountPoints2\{b25ab738-6e99-11e0-8751-cfc68a77eebc}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec4d2c83-1a94-11e1-a550-bc00b0584bb8}\Shell - "" = AutoRun
O33 - MountPoints2\{ec4d2c83-1a94-11e1-a550-bc00b0584bb8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.16 20:50:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
[2013.04.15 17:26:34 | 005,054,270 | ---- | C] (Swearware) -- C:\Users\selina\Desktop\ComboFix.exe
[2013.04.15 17:26:10 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\selina\Desktop\JRT.exe
[2013.04.10 17:00:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 17:00:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 16:59:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 16:59:52 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 16:59:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 16:59:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 16:54:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 16:54:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 16:54:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 16:54:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 16:54:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.08 22:13:56 | 000,000,000 | ---D | C] -- C:\Users\selina\AppData\Roaming\Avira
[2013.04.08 22:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.08 22:02:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.08 22:02:00 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.08 22:02:00 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.08 22:02:00 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.08 22:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.08 22:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.07 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.07 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.01 22:52:43 | 000,000,000 | ---D | C] -- C:\Temp
[2013.03.26 17:16:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.24 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.03.23 12:52:40 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.03.20 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\selina\Local Settings
[2013.03.20 16:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\XingHaoLyrics
[2013.03.20 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.04.16 10:53:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.17 15:42:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3165585071-2602327114-958861805-1000UA.job
[2013.04.17 15:38:39 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.17 15:38:39 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.17 15:38:39 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.17 15:38:39 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.17 15:32:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 15:32:37 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 15:25:15 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\LyricsPal Update.job
[2013.04.17 15:24:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 15:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.16 21:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.16 20:57:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.16 20:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
[2013.04.16 20:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3165585071-2602327114-958861805-1000Core.job
[2013.04.16 00:15:44 | 000,265,153 | ---- | M] () -- C:\Users\selina\Desktop\JeannedArc2.jpg
[2013.04.16 00:11:30 | 000,084,363 | ---- | M] () -- C:\Users\selina\Desktop\niederwald-denkmal-ruedesheim.JPG
[2013.04.16 00:09:54 | 000,043,425 | ---- | M] () -- C:\Users\selina\Desktop\germania.jpg
[2013.04.16 00:08:05 | 000,039,878 | ---- | M] () -- C:\Users\selina\Desktop\JeannedArc.jpg
[2013.04.15 17:27:03 | 005,054,270 | ---- | M] (Swearware) -- C:\Users\selina\Desktop\ComboFix.exe
[2013.04.15 17:26:42 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\selina\Desktop\JRT.exe
[2013.04.15 17:00:28 | 000,613,083 | ---- | M] () -- C:\Users\selina\Desktop\adwcleaner.exe
[2013.04.12 13:30:05 | 000,139,403 | ---- | M] () -- C:\Users\selina\Documents\Einfacher Nudelteig.pdf
[2013.04.12 12:45:46 | 000,017,632 | ---- | M] () -- C:\Users\selina\Documents\Roter Nudelteig.pdf
[2013.04.11 14:28:57 | 000,436,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.10 21:30:31 | 000,126,744 | ---- | M] () -- C:\Users\selina\Desktop\480663_10151400262024200_2030477925_n.jpg
[2013.04.10 19:09:26 | 000,016,690 | ---- | M] () -- C:\Users\selina\Desktop\magritte2.jpg
[2013.04.10 18:41:14 | 000,201,778 | ---- | M] () -- C:\Users\selina\Desktop\Dalí - Beständigkeit.jpg
[2013.04.08 22:02:19 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.08 21:03:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.08 21:03:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.08 21:03:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.08 21:03:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.06 15:57:40 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.28 21:21:50 | 000,012,288 | -H-- | M] () -- C:\Users\selina\Desktop\photothumb.db
[2013.03.26 18:39:34 | 000,994,436 | ---- | M] () -- C:\Users\selina\Documents\Scheitern WR.jpg
[2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.20 16:40:04 | 000,000,993 | ---- | M] () -- C:\Users\selina\Desktop\PhotoScape.lnk
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 00:15:43 | 000,265,153 | ---- | C] () -- C:\Users\selina\Desktop\JeannedArc2.jpg
[2013.04.16 00:11:29 | 000,084,363 | ---- | C] () -- C:\Users\selina\Desktop\niederwald-denkmal-ruedesheim.JPG
[2013.04.16 00:09:52 | 000,043,425 | ---- | C] () -- C:\Users\selina\Desktop\germania.jpg
[2013.04.16 00:07:30 | 000,039,878 | ---- | C] () -- C:\Users\selina\Desktop\JeannedArc.jpg
[2013.04.15 17:00:03 | 000,613,083 | ---- | C] () -- C:\Users\selina\Desktop\adwcleaner.exe
[2013.04.12 13:30:03 | 000,139,403 | ---- | C] () -- C:\Users\selina\Documents\Einfacher Nudelteig.pdf
[2013.04.12 12:45:31 | 000,017,632 | ---- | C] () -- C:\Users\selina\Documents\Roter Nudelteig.pdf
[2013.04.10 21:30:26 | 000,126,744 | ---- | C] () -- C:\Users\selina\Desktop\480663_10151400262024200_2030477925_n.jpg
[2013.04.10 19:09:18 | 000,016,690 | ---- | C] () -- C:\Users\selina\Desktop\magritte2.jpg
[2013.04.10 18:40:59 | 000,201,778 | ---- | C] () -- C:\Users\selina\Desktop\Dalí - Beständigkeit.jpg
[2013.04.08 22:02:19 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.01 20:53:17 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.26 18:39:33 | 000,994,436 | ---- | C] () -- C:\Users\selina\Documents\Scheitern WR.jpg
[2013.03.20 16:40:04 | 000,000,993 | ---- | C] () -- C:\Users\selina\Desktop\PhotoScape.lnk
[2013.03.20 16:33:46 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\LyricsPal Update.job
[2012.09.01 19:16:50 | 004,480,000 | ---- | C] () -- C:\Windows\es.exe
[2012.03.26 21:23:14 | 000,004,608 | ---- | C] () -- C:\Users\selina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.01 16:41:56 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2011.12.01 16:41:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2011.11.26 18:53:08 | 000,007,599 | ---- | C] () -- C:\Users\selina\AppData\Local\resmon.resmoncfg
[2010.09.14 16:54:26 | 000,000,004 | ---- | C] () -- C:\Users\selina\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >
--- --- ---



das war im Extra.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 17.04.2013 15:40:03 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\selina\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,10 Mb Total Physical Memory | 278,61 Mb Available Physical Memory | 27,50% Memory free
1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 179,08 Gb Free Space | 81,48% Space Free | Partition Type: NTFS
Drive D: | 14,91 Gb Total Space | 0,83 Gb Free Space | 5,57% Space Free | Partition Type: FAT32
Drive F: | 29,70 Gb Total Space | 6,98 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
 
Computer Name: SELINA-PC | User Name: selina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD742E0-5B0E-46D4-B53E-25718049D4FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C71B977B-39E0-48FF-ABEC-1846164AB4B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E0D9F50C-86EF-4495-B983-87F2EB58CD39}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084FDBE0-740D-476B-B475-20514E4599E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1C5A9217-1152-462F-89B2-1067AA2AF698}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{28C58257-B541-4D41-807A-96CAC3BE8BB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{45721525-7EE2-4F99-BDE0-925E0A826D8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EB1EB0C-3462-4BA6-B218-1E35324245F5}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{5723B0BE-F403-4368-A4DB-E79700FCBFE8}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{5DD16892-B797-4CEB-93BB-E75E213FC659}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{674DCB02-C3A4-4EEC-98E6-5E76583EB657}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{6ABB4BA8-3CD7-40B3-B99A-9181F33B399A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7AAE938B-1C2E-45B0-93DF-6093DB8E788A}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{7F86EB98-F41B-43A6-8E21-4E7D2A0EBAED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F5A8E4D-47F8-421A-8790-474313C12E6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8F66CB4B-3BCF-4E0B-B1AD-C35A17C75DC6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{92881AE3-81CF-4B49-8CC5-79FF9077FFA9}" = protocol=17 | dir=in | app=c:\users\selina\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A36880F8-6065-4BA9-BD46-A234BA3144DD}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{A7615C47-A707-4D8C-BD70-C336626B96D1}" = protocol=6 | dir=in | app=c:\users\selina\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A8A4BE37-A78D-4E91-AC5C-431F22403BB2}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{A9932E3C-A214-432B-BD49-4F49357489F1}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{AFFD8D7A-D8A5-47C4-836F-8E7B597B0789}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{B42320CC-C455-48F2-B104-D6D1A0F1D54A}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C2394D40-0F13-4732-8DED-98C8A1290A98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D065EEE6-17FB-4B6B-84A4-701C08CF8017}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D4BE0455-6EE8-4C13-8EE1-E8CF600026F2}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{DC8AC040-D590-405F-9E63-90CD6F538EB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E2C64E36-D6B3-4630-86F2-0EB3F29A4CF8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E7AFDF30-127F-43A2-9CCB-440A9E5A03B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{ECC2037E-517A-4C4E-A980-1611AD6683E3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{F01CB790-110D-4C8A-B578-22950EF9C3CD}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{F4EDB521-4A10-4727-857D-15AA49048387}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{0C243D10-2C34-42E9-A23E-39905A4E76F3}C:\users\selina\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\selina\appdata\local\temp\rarsfx0\bie_kms.exe |
"TCP Query User{26440B4F-C7D2-4DCC-A2AE-9A74905B8EA7}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"TCP Query User{AC9B4F38-BB65-4BA6-AE2E-C38106C03650}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"TCP Query User{EC353131-853C-4074-9975-7C0B1E2D7144}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{17D77493-19BA-45A5-BAD9-10E7594B9376}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{2C9B1F77-0768-46BC-A33C-699A6956D8C7}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{60A717EC-FA33-4B65-837D-6811EDB6CFAF}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"UDP Query User{D49D0B61-452C-4F7F-B13E-D0207FB24047}C:\users\selina\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\selina\appdata\local\temp\rarsfx0\bie_kms.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1164B166-AE7D-4CD2-B641-E30A9A7AC992}" = Mobile Broadband drivers
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B8DAC83-5C2D-4A2A-9732-310CEBC28892}" = Acer 3G Connection Manager
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCD137DD-C226-4295-9F88-7F47F5698BCD}" = Internet Explorer
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.161.210
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Lite" = DAEMON Tools Lite
"DE2125E012D72160B897E92D7A49EC7624408D83" = Windows Driver Package - Broadcom Bluetooth  (01/06/2010 6.2.0.9416)
"Electric Sheep" = Electric Sheep 2.7b34c
"F94ACD30712C936BE5D0CD41569BF4F7018B888B" = ENE USB Card Reader Driver
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.3.1206
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Lexmark 2600 Series" = Lexmark 2600 Series
"LManager" = Launch Manager
"loadtbs-3.0" = loadtbs-3.0
"lrcspal@xinghao.net" = LyricsPal
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Reader" = PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.09.2012 12:10:45 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 06.09.2012 14:37:58 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.09.2012 15:07:44 | Computer Name = selina-PC | Source = System Restore | ID = 8193
Description =
 
Error - 07.09.2012 05:49:32 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 09.09.2012 16:31:42 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.09.2012 08:41:42 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.09.2012 12:04:31 | Computer Name = selina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f9207d9  Name des fehlerhaften Moduls: xul.dll, Version: 12.0.0.4493,
 Zeitstempel: 0x4f92069e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001115b8  ID des fehlerhaften
 Prozesses: 0x9a4  Startzeit der fehlerhaften Anwendung: 0x01cd90e3fe29e1bb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 89371fd6-fcf3-11e1-a752-b973b273b3a4
 
Error - 15.09.2012 05:16:05 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.09.2012 13:31:58 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.09.2012 14:38:13 | Computer Name = selina-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 15.04.2013 12:35:01 | Computer Name = selina-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 15.04.2013 12:41:03 | Computer Name = selina-PC | Source = DCOM | ID = 10016
Description =
 
Error - 15.04.2013 17:57:15 | Computer Name = selina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson OMSI download service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 15.04.2013 23:27:15 | Computer Name = selina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson OMSI download service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 16.04.2013 11:54:17 | Computer Name = selina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson OMSI download service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 16.04.2013 11:55:16 | Computer Name = selina-PC | Source = DCOM | ID = 10016
Description =
 
Error - 16.04.2013 12:00:37 | Computer Name = selina-PC | Source = DCOM | ID = 10016
Description =
 
Error - 16.04.2013 14:38:01 | Computer Name = selina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 20:35:41 unerwartet heruntergefahren.
 
Error - 16.04.2013 14:38:18 | Computer Name = selina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson OMSI download service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
Error - 17.04.2013 09:24:30 | Computer Name = selina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson OMSI download service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
 
< End of report >
--- --- ---

aharonov 17.04.2013 15:43
Hey,

gut gemacht. Dann so weiter:


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort folgenden Eintrag:
    • LyricsPal
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL

sellinchen 17.04.2013 16:29
Code:
# AdwCleaner v2.200 - Datei am 17/04/2013 um 17:06:27 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : selina - SELINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\selina\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxjsi8.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\selina\AppData\Roaming\Mozilla\Firefox\Profiles\p1oey37w.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mh3wdef3.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ydxxjsi8.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27802 octets] - [15/04/2013 17:01:27]
AdwCleaner[S2].txt - [1665 octets] - [17/04/2013 17:06:27]

########## EOF - C:\AdwCleaner[S2].txt - [1725 octets] ##########

aharonov 17.04.2013 16:44
Fehlt nur noch das frische OTL-Log. :)

sellinchen 17.04.2013 16:52
OTL Logfile:
Code:
OTL logfile created on: 17.04.2013 17:31:11 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\selina\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,10 Mb Total Physical Memory | 255,13 Mb Available Physical Memory | 25,18% Memory free
1,99 Gb Paging File | 1,05 Gb Available in Paging File | 52,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 179,13 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
Drive D: | 14,91 Gb Total Space | 0,83 Gb Free Space | 5,57% Space Free | Partition Type: FAT32
Drive F: | 29,70 Gb Total Space | 6,98 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
 
Computer Name: SELINA-PC | User Name: selina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.16 20:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
PRC - [2013.04.08 21:02:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.08 21:02:10 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.08 21:02:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.08 21:02:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.09 01:35:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.18 20:32:08 | 000,462,888 | R--- | M] (Ericsson AB) -- C:\Programme\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2010.02.04 05:05:58 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 2600 Series\ezprint.exe
PRC - [2010.02.04 05:05:56 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
PRC - [2010.01.13 11:03:48 | 000,109,648 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.01.12 15:05:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.01.12 15:05:56 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.12.11 10:21:48 | 001,160,272 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.09.30 23:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009.09.30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009.09.30 23:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.11.28 16:12:40 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.09 01:35:57 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.04 05:05:56 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
MOD - [2010.01.12 15:06:06 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.23 15:49:06 | 000,782,336 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdndrs.dll
MOD - [2009.07.23 15:48:30 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnscw.dll
MOD - [2009.05.14 09:46:42 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007.10.12 14:24:46 | 000,364,544 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\iptk.dll
MOD - [2007.10.02 10:51:10 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007.05.29 03:39:08 | 000,589,824 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdndatr.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2013.04.08 21:02:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.08 21:02:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.12 21:45:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 01:35:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 20:32:08 | 000,462,888 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.13 11:03:48 | 000,109,648 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.12 15:05:56 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.30 23:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe -- (DfSdkS)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.11.28 16:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.04.08 21:03:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.08 21:03:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.08 21:03:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.08 21:03:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.01.09 21:03:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.03.09 16:25:42 | 000,228,904 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2010.03.03 10:30:26 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2010.03.03 10:30:24 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2010.02.22 12:03:34 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.03 12:06:00 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.01.25 19:57:48 | 000,054,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e36wscard.sys -- (e36wscard)
DRV - [2010.01.22 18:55:02 | 000,368,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2010.01.22 18:54:58 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2010.01.22 18:54:54 | 000,351,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2010.01.22 18:54:46 | 000,301,440 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010.01.05 02:55:00 | 001,252,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.12.14 10:03:40 | 000,045,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 18:46:22 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.06.02 13:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.02 13:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.02 13:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.vodafone.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao532h&r=27b50910x265l0464ww85w56n2r775
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=BA1ECE17-B9C1-4071-9E22-9AF37CF6C9E1
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{2C54CC4A-6DF6-45D2-B85E-5DFC056E51DA}: "URL" = hxxp://www.google.de
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.10
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.3
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\selina\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\selina\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\selina\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 01:35:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 17:02:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 01:35:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 17:02:02 | 000,000,000 | ---D | M]
 
[2011.12.09 18:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\Extensions
[2013.04.15 17:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions
[2012.10.04 15:13:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.04 15:13:25 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\selina\AppData\Roaming\mozilla\Firefox\Profiles\p1oey37w.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012.09.07 12:46:54 | 000,560,397 | ---- | M] () (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\extensions\toolbar@web.de.xpi
[2012.10.04 15:12:55 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.09.07 12:47:00 | 000,002,209 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\englische-ergebnisse.xml
[2012.09.07 12:47:00 | 000,010,506 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\gmx-suche.xml
[2012.09.07 12:47:00 | 000,002,368 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\lastminute.xml
[2012.09.07 12:47:00 | 000,005,489 | ---- | M] () -- C:\Users\selina\AppData\Roaming\mozilla\firefox\profiles\p1oey37w.default\searchplugins\webde-suche.xml
[2013.03.09 01:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 01:35:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.09 01:35:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 16:58:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.27 16:58:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.27 16:58:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 16:58:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 16:58:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 16:58:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: No name found = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe\2_0\
CHR - Extension: Google Mail = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\selina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3165585071-2602327114-958861805-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-3165585071-2602327114-958861805-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418970DA-69C4-45E9-B08B-9BF553F3AC9B}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D8EABA-FB39-4265-975D-9B6E20F03D92}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20a00efb-f2aa-11e1-bb47-d48bdb1d77b3}\Shell - "" = AutoRun
O33 - MountPoints2\{20a00efb-f2aa-11e1-bb47-d48bdb1d77b3}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{b25ab738-6e99-11e0-8751-cfc68a77eebc}\Shell - "" = AutoRun
O33 - MountPoints2\{b25ab738-6e99-11e0-8751-cfc68a77eebc}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec4d2c83-1a94-11e1-a550-bc00b0584bb8}\Shell - "" = AutoRun
O33 - MountPoints2\{ec4d2c83-1a94-11e1-a550-bc00b0584bb8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.16 20:50:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
[2013.04.15 17:26:34 | 005,054,270 | ---- | C] (Swearware) -- C:\Users\selina\Desktop\ComboFix.exe
[2013.04.15 17:26:10 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\selina\Desktop\JRT.exe
[2013.04.08 22:13:56 | 000,000,000 | ---D | C] -- C:\Users\selina\AppData\Roaming\Avira
[2013.04.08 22:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.08 22:02:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.08 22:02:00 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.08 22:02:00 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.08 22:02:00 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.08 22:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.08 22:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.07 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.07 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.01 22:52:43 | 000,000,000 | ---D | C] -- C:\Temp
[2013.03.24 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\selina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.03.23 12:52:40 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.03.20 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\selina\Local Settings
[2013.03.20 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.04.16 10:53:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.17 17:42:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3165585071-2602327114-958861805-1000UA.job
[2013.04.17 17:33:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 17:33:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 17:25:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 17:24:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.17 17:21:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.17 16:57:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 16:19:25 | 000,045,067 | ---- | M] () -- C:\Users\selina\Desktop\558007_432921606802586_67468698_n.jpg
[2013.04.17 15:38:39 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.17 15:38:39 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.17 15:38:39 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.17 15:38:39 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.16 20:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\selina\Desktop\OTL.exe
[2013.04.16 20:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3165585071-2602327114-958861805-1000Core.job
[2013.04.15 17:27:03 | 005,054,270 | ---- | M] (Swearware) -- C:\Users\selina\Desktop\ComboFix.exe
[2013.04.15 17:26:42 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\selina\Desktop\JRT.exe
[2013.04.15 17:00:28 | 000,613,083 | ---- | M] () -- C:\Users\selina\Desktop\adwcleaner.exe
[2013.04.12 13:30:05 | 000,139,403 | ---- | M] () -- C:\Users\selina\Documents\Einfacher Nudelteig.pdf
[2013.04.12 12:45:46 | 000,017,632 | ---- | M] () -- C:\Users\selina\Documents\Roter Nudelteig.pdf
[2013.04.11 14:28:57 | 000,436,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.08 22:02:19 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.08 21:03:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.08 21:03:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.08 21:03:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.08 21:03:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.06 15:57:40 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.28 21:21:50 | 000,012,288 | -H-- | M] () -- C:\Users\selina\Desktop\photothumb.db
[2013.03.26 18:39:34 | 000,994,436 | ---- | M] () -- C:\Users\selina\Documents\Scheitern WR.jpg
[2013.03.20 16:40:04 | 000,000,993 | ---- | M] () -- C:\Users\selina\Desktop\PhotoScape.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.17 16:19:14 | 000,045,067 | ---- | C] () -- C:\Users\selina\Desktop\558007_432921606802586_67468698_n.jpg
[2013.04.15 17:00:03 | 000,613,083 | ---- | C] () -- C:\Users\selina\Desktop\adwcleaner.exe
[2013.04.12 13:30:03 | 000,139,403 | ---- | C] () -- C:\Users\selina\Documents\Einfacher Nudelteig.pdf
[2013.04.12 12:45:31 | 000,017,632 | ---- | C] () -- C:\Users\selina\Documents\Roter Nudelteig.pdf
[2013.04.08 22:02:19 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.01 20:53:17 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.26 18:39:33 | 000,994,436 | ---- | C] () -- C:\Users\selina\Documents\Scheitern WR.jpg
[2013.03.20 16:40:04 | 000,000,993 | ---- | C] () -- C:\Users\selina\Desktop\PhotoScape.lnk
[2012.09.01 19:16:50 | 004,480,000 | ---- | C] () -- C:\Windows\es.exe
[2012.03.26 21:23:14 | 000,004,608 | ---- | C] () -- C:\Users\selina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.01 16:41:56 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2011.12.01 16:41:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2011.11.26 18:53:08 | 000,007,599 | ---- | C] () -- C:\Users\selina\AppData\Local\resmon.resmoncfg
[2010.09.14 16:54:26 | 000,000,004 | ---- | C] () -- C:\Users\selina\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.06 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\convert
[2012.06.04 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012.05.15 17:07:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vodafone
[2011.10.28 16:03:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2010.09.15 20:43:48 | 000,000,000 | -HSD | M] -- C:\Users\selina\AppData\Roaming\.#
[2013.01.09 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\DAEMON Tools Lite
[2013.01.09 22:20:57 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\DriverCure
[2013.04.12 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\DVDVideoSoft
[2011.12.09 18:20:17 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\FreeMediaCatcher
[2010.09.15 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\GameConsole
[2011.12.09 18:55:29 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\MusicNet
[2013.02.03 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\MyPhoneExplorer
[2011.11.20 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\OpenOffice.org
[2013.01.09 22:20:56 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\ParetoLogic
[2011.04.29 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\PC Suite
[2011.07.31 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\PhotoScape
[2011.01.17 21:57:00 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\SYSTEMAX Software Development
[2010.10.19 16:16:19 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\Template
[2011.04.24 19:49:12 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\Vodafone
[2012.02.05 16:21:44 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\WirelessManager
[2010.09.08 20:43:07 | 000,000,000 | ---D | M] -- C:\Users\selina\AppData\Roaming\WMCore
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >
--- --- ---

aharonov 17.04.2013 17:01
Ist das ursprüngliche Problem immer noch vorhanden?

sellinchen 17.04.2013 17:08
Moment, ich probiers aus.:)

Ist ja cool, es ist weg:)
Vielen Dank! :applaus: Was war es denn nun? Wirklich ein Virus? ._.

Irgendwelche Tipps für die Zukunft? Achso: ist es ok, wenn ich die Logs lösche? Muss ja nicht jeder wissen, was ich den ganzen Tag so am Pc mache, nor ;)

aharonov 17.04.2013 17:20
Das war nicht wirklich ein "Virus" (sondern Adware), aber wenn wir schon dabei sind, dann kontrollieren wir doch nochmals gründlich und schliessen Sicherheitslücken.

Zitat:
Muss ja nicht jeder wissen, was ich den ganzen Tag so am Pc mache
Ich glaub aber nicht, dass irgendjemand anhand dieser Logs überhaupt weiss, wer du bist.. ;)


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:93DE1838
[2010.09.15 20:43:48 | 000,000,000 | -HSD | M] -- C:\Users\selina\AppData\Roaming\.#

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 1, Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck

sellinchen 17.04.2013 17:31
Code:
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.
C:\Users\selina\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 56285462 bytes
->Temporary Internet Files folder emptied: 50308350 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 159422940 bytes
->Google Chrome cache emptied: 381543063 bytes
->Flash cache emptied: 4856 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 1073849 bytes
->Temporary Internet Files folder emptied: 224919 bytes
->FireFox cache emptied: 67848019 bytes
->Google Chrome cache emptied: 6994217 bytes
->Flash cache emptied: 1753 bytes
 
User: Public
 
User: selina
->Temp folder emptied: 3513605 bytes
->Temporary Internet Files folder emptied: 34461591 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64565425 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1040 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32320636 bytes
RecycleBin emptied: 166870 bytes
 
Total Files Cleaned = 819,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04172013_182225

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Ich mache gerade Schritt 2 und kopiere dann noch den Dateinhalt heir rein, aber mit Schritt 3 mache ich erstmal nicht weiter, habe keine Zeit mehr. Bis später. :)

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
selina :: SELINA-PC [Administrator]

Schutz: Aktiviert

17.04.2013 18:38:59
mbam-log-2013-04-17 (18-38-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250039
Laufzeit: 16 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:31 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19