Trojaner-Board - schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt....

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt.... (https://www.trojaner-board.de/110805-schwarzer-bildschirm-bibliotheksordner-leer-festplatte-angeblich-defekt.html)

schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt....

Hallo guten Morgen, nun hat mich anscheinend dieser Virus, von dem ich hier mehrfach gelesen habe, auch erwischt. Da ich sehr unsicher bin in diesen Dingen, habe ich bisher nichts ausprobiert, was in den anderen Strängen steht. Ich bräuchte bitte dringend Hilfe, wie ich diesen Mist wieder los werde. Im Moment läuft die Virensuche von Antivir (der gleich danach wieder runtergeschmissen wird und mit Avast ausgetauscht wird!) Derzeitig weiss ich noch nicht einmal, wie der Virus heisst. Gestern wurde der Bildschirm schwarz, es öffneten sich zahlreiche Fehlermeldungen und ein Systemscan wurde angeboten. Da ich dachte, das sei von Windows, habe ich diesen gemacht und als am Ende rauskam, ich solle die Vollversion kaufen, um die Fehler zu beheben, war mir klar, das ich mir irgendwas eingefangen habe.
Wie gehe ich nun weiter vor? Kann mir hier jemand helfen?

hi,
starte mal bitte neu, drücke f8 wähle abgesicherter modus mit netzwerk.
melde dich im betroffenen konto an.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Die OLT lade ich mir vor dem Neustart runter? Der Link funktioniert nicht, ich erhalte da einen Fehler.

nimm mal den zweiten link in der anleitung.
kannst du vor oder nach neustart laden, im abgesicherten modus mit netzwerk hast du ebenfalls internet

Wie lange dauert so ein Scan?

ne weile. kann man nicht sagen, aber vllt 40 min

Hier der Extras Text
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 03.03.2012 11:47:37 - Run 1

OTL by OldTimer - Version 3.2.35.0     Folder = C:\Users\Yvi\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 3,32 Gb Available Physical Memory | 84,37% Memory free

7,86 Gb Paging File | 7,28 Gb Available in Paging File | 92,66% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 307,17 Gb Total Space | 219,82 Gb Free Space | 71,56% Space Free | Partition Type: NTFS

Drive E: | 146,48 Gb Total Space | 75,45 Gb Free Space | 51,51% Space Free | Partition Type: NTFS

Drive G: | 292,97 Gb Total Space | 290,38 Gb Free Space | 99,12% Space Free | Partition Type: NTFS

Drive H: | 292,97 Gb Total Space | 201,64 Gb Free Space | 68,83% Space Free | Partition Type: NTFS

Drive I: | 195,31 Gb Total Space | 159,73 Gb Free Space | 81,78% Space Free | Partition Type: NTFS

Drive J: | 150,26 Gb Total Space | 149,88 Gb Free Space | 99,75% Space Free | Partition Type: NTFS

 

Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{3BC6E87B-7E7B-3F78-9BD1-708B199B1EB5}" = Microsoft .NET Framework 4 Extended ESN Language Pack

"{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centro de dispositivos de Windows Mobile

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007C-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 64-bit

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CutePDF Writer Installation" = CutePDF Writer 2.8

"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Paquete de controladores de Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content

"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4

"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{061C0698-385C-46B3-A02B-B126CEFAD272}" = ASEOPS 7

"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod

"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34

"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{135F4C34-F92A-49CA-9CEC-16001F6DB3F2}" = Verificador Firma Digital 2.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 27

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{28F46DFD-F535-4306-BDEB-C5E7FCA2026E}" = Windows Live Sync

"{2BCD8416-F432-4642-BF33-582720A0265C}" = Windows Live Writer

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist

"{3055CB72-68BC-4D81-9561-5F33AEC1EC12}" = MAGIX PC Check & Tuning Free 2011

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT

"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call

"{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works

"{3929824B-9502-4A02-B3F6-B9D2CD0CE617}" = Hofmann 7.3

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite

"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A8DFA73-06E7-43EB-BF2D-4E8B942C2F4F}" = Google Apps Sync™ for Microsoft Outlook® 2.5.3122.12

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL

"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{66D82F7B-CA1E-4368-963A-33A097929645}" = Windows Live Mail

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7BE3AA17-03CD-4D1F-B5D5-8B91C03E496C}_is1" = meinCRM 3.1

"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3

"{7EB405E9-073D-4407-B70A-40F047766C03}_is1" = AquaSoft "DiaShow 6 für YouTube"

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content

"{80A29FE1-4390-4996-B213-EB703832D8B3}" = Galería fotográfica de Windows Live

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{853BAA28-5C1E-4678-ADAC-6A37B8A526AB}" = Windows Live Essentials

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}" = calibre

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AE948007-92AE-4328-9403-C363AFD6D5D5}" = ContaSol

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B63DFA23-5C10-44B4-881D-45EFBF4A4761}" = MAGIX Screenshare

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw

"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR

"{BD1BBE79-BB25-460D-A2BD-D496A5E13786}" = Windows Live Messenger

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES

"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE

"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin

"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.88.610

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters

"{FA7D44BB-6182-4AC3-AF83-EB73991799AA}" = Pop Art Studio 4.4

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"3971-4815-1971-1205" = Renta2009 1.23

"7-Zip" = 7-Zip 9.20

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Bus-Simulator 2009_is1" = Bus-Simulator 2009

"Button Maker 1" = Button Maker 1

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cheat Engine 6.1_is1" = Cheat Engine 6.1

"cleanlab Toolbar" = cleanlab Toolbar

"CoffeeCup Free DHTML Menu Builder" = CoffeeCup Free DHTML Menu Builder

"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor

"CoffeeCup HTML Editor" = CoffeeCup HTML Editor

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"Convert PDF To Image_is1" = Convert PDF To Image

"Digital Editions" = Adobe Digital Editions

"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER

"E.M. Free Photo Collage 1.30_is1" = E.M. Free Photo Collage 1.30

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch

"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.79

"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454

"Free Batch Photo Resizer_is1" = Free Batch Photo Resizer 2.1

"Free Monitor for Google_is1" = Free Monitor for Google 2.5

"FXWebPlayer" = Lanzador de juegos de FX Interactive

"Good Keywords v3_is1" = Good Keywords v3 051710

"Google Calendar Sync" = Google Calendar Sync

"Google Chrome" = Google Chrome

"GridVista" = Acer GridVista

"IBP11_is1" = IBP 11.9.1

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"IrfanView" = IrfanView (remove only)

"LEGO LOCO" = LEGO LOCO

"LEGOIsland" = Abenteuer Auf der LEGO Insel

"Lidl-Fotos_is1" = Lidl-Fotos

"Linktausch pro_is1" = Linktausch pro

"LManager" = Launch Manager

"MAGIX_MSI_PC_Check_Tuning_Free_2011" = MAGIX PC Check & Tuning Free 2011

"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)

"NetObjects Fusion Essentials" = NetObjects Fusion Essentials

"Notepad++" = Notepad++

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Phoner_is1" = Phoner 2.68

"PhraseExpress_is1" = PhraseExpress v8.0.142

"Picasa 3" = Picasa 3

"profiSUBMIT_is1" = profiSUBMIT

"RealPlayer 12.0" = RealPlayer

"Rmtablet" = Pen Pad Driver with Macro Key Manager

"seopowersuite" = SEO PowerSuite

"ShapeCollage" = Shape Collage

"Sigel Enjoy Your Photo" = Sigel Enjoy Your Photo

"ST6UNST #1" = OrBePRO

"Tarjetas de felicitación Para Dummies_is1" = Tarjetas de felicitación Para Dummies

"TomTom HOME" = TomTom HOME 2.8.2.2264

"UltraISO_is1" = UltraISO Premium V9.33

"Universal Document Converter_is1" = Universal Document Converter (Demo)

"UseNeXT_is1" = UseNeXT

"VoipStunt_is1" = VoipStunt

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"xampp" = XAMPP 1.7.7

"XING Connector" = XING Connector 1.2

"X-Plane 8 Flight Simulator" = X-Plane 8 Flight Simulator

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"4435c09f5cdefce5" = MyLiveChat

"Dropbox" = Dropbox

"Spotify" = Spotify

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02.03.2012 17:32:52 | Computer Name = Yvi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Error en la extracción de la lista raíz de terceros del archivo .CAB

 actualizado automáticamente: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 con el error: Un certificado requerido no se encuentra dentro del periodo de validez

 cuando se ha realizado la comprobación con el reloj de sistema actual o con la 

marca de tiempo en el archivo firmado.  .

 

Error - 02.03.2012 17:32:52 | Computer Name = Yvi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Error en la extracción de la lista raíz de terceros del archivo .CAB

 actualizado automáticamente: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 con el error: Un certificado requerido no se encuentra dentro del periodo de validez

 cuando se ha realizado la comprobación con el reloj de sistema actual o con la 

marca de tiempo en el archivo firmado.  .

 

Error - 02.03.2012 17:33:23 | Computer Name = Yvi-PC | Source = System Restore | ID = 8210

Description = 

 

Error - 03.03.2012 02:50:27 | Computer Name = Yvi-PC | Source = VmbService | ID = 0

Description = conflictManagerTypeValue

 

Error - 03.03.2012 02:50:33 | Computer Name = Yvi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Error en la extracción de la lista raíz de terceros del archivo .CAB

 actualizado automáticamente: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 con el error: Un certificado requerido no se encuentra dentro del periodo de validez

 cuando se ha realizado la comprobación con el reloj de sistema actual o con la 

marca de tiempo en el archivo firmado.  .

 

Error - 03.03.2012 02:50:33 | Computer Name = Yvi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Error en la extracción de la lista raíz de terceros del archivo .CAB

 actualizado automáticamente: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 con el error: Un certificado requerido no se encuentra dentro del periodo de validez

 cuando se ha realizado la comprobación con el reloj de sistema actual o con la 

marca de tiempo en el archivo firmado.  .

 

Error - 03.03.2012 02:52:18 | Computer Name = Yvi-PC | Source = Application Error | ID = 1000

Description = Nombre de la aplicación con errores: vprot.exe, versión: 10.0.0.7,

 marca de tiempo: 0x4f05f447  Nombre del módulo con errores: vprot.exe, versión: 10.0.0.7,

 marca de tiempo: 0x4f05f447  Código de excepción: 0xc00000fd  Desplazamiento de errores:

 0x000a5747  Id. del proceso con errores: 0x1514  Hora de inicio de la aplicación con

 errores: 0x01ccf90a21755b1d  Ruta de acceso de la aplicación con errores: C:\Program

 Files (x86)\AVG Secure Search\vprot.exe  Ruta de acceso del módulo con errores: C:\Program

 Files (x86)\AVG Secure Search\vprot.exe  Id. del informe: 6ab2f1c1-64fd-11e1-989b-bb783c4a2f20

 

Error - 03.03.2012 02:54:38 | Computer Name = Yvi-PC | Source = Application Error | ID = 1000

Description = Nombre de la aplicación con errores: vprot.exe, versión: 10.0.0.7,

 marca de tiempo: 0x4f05f447  Nombre del módulo con errores: vprot.exe, versión: 10.0.0.7,

 marca de tiempo: 0x4f05f447  Código de excepción: 0xc00000fd  Desplazamiento de errores:

 0x000a5747  Id. del proceso con errores: 0x1aac  Hora de inicio de la aplicación con

 errores: 0x01ccf90a7e38e645  Ruta de acceso de la aplicación con errores: C:\Program

 Files (x86)\AVG Secure Search\vprot.exe  Ruta de acceso del módulo con errores: C:\Program

 Files (x86)\AVG Secure Search\vprot.exe  Id. del informe: bdc1c1d8-64fd-11e1-989b-bb783c4a2f20

 

Error - 03.03.2012 02:54:55 | Computer Name = Yvi-PC | Source = Application Error | ID = 1000

Description = Nombre de la aplicación con errores: MXSAS.exe, versión: 1.1.1.0, 

marca de tiempo: 0x4cd29cc5  Nombre del módulo con errores: MXSAS.exe, versión: 1.1.1.0,

 marca de tiempo: 0x4cd29cc5  Código de excepción: 0xc0000417  Desplazamiento de errores:

 0x0000eee6  Id. del proceso con errores: 0x6cc  Hora de inicio de la aplicación con

 errores: 0x01ccf909d7502cc5  Ruta de acceso de la aplicación con errores: C:\Program

 Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe  Ruta de acceso del módulo 

con errores: C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe  Id.

 del informe: c83e63b7-64fd-11e1-989b-bb783c4a2f20

 

Error - 03.03.2012 06:50:21 | Computer Name = Yvi-PC | Source = System Restore | ID = 8193

Description = 

 

[ Media Center Events ]

Error - 07.01.2010 07:18:50 | Computer Name = Yvi-PC | Source = MCUpdate | ID = 0

Description = 12:18:49 - Error al conectarse a Internet.  12:18:50 -     No se puede

 establecer contacto con el servidor..  

 

Error - 07.01.2010 07:19:01 | Computer Name = Yvi-PC | Source = MCUpdate | ID = 0

Description = 12:18:55 - Error al conectarse a Internet.  12:18:55 -     No se puede

 establecer contacto con el servidor..  

 

[ System Events ]

Error - 03.03.2012 07:01:11 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:01 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:01 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:01 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:11 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:11 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:03:11 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:05:09 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:05:09 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

Error - 03.03.2012 07:05:09 | Computer Name = Yvi-PC | Source = Service Control Manager | ID = 7001

Description = El servicio Examinador de equipos depende del servicio Servidor, el

 cual no pudo iniciarse debido al siguiente error:   %%1068

 

 

< End of report >

--- --- ---

wie krieg ich die otl hier rein, die ist zu lang, soll ich die splitten und in 2 Beiträgen reinschreiben?

Hier Teil 1

Zitat:

OTL logfile created on: 03.03.2012 11:47:37 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Yvi\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 3,32 Gb Available Physical Memory | 84,37% Memory free
7,86 Gb Paging File | 7,28 Gb Available in Paging File | 92,66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 307,17 Gb Total Space | 219,82 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 75,45 Gb Free Space | 51,51% Space Free | Partition Type: NTFS
Drive G: | 292,97 Gb Total Space | 290,38 Gb Free Space | 99,12% Space Free | Partition Type: NTFS
Drive H: | 292,97 Gb Total Space | 201,64 Gb Free Space | 68,83% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 159,73 Gb Free Space | 81,78% Space Free | Partition Type: NTFS
Drive J: | 150,26 Gb Total Space | 149,88 Gb Free Space | 99,75% Space Free | Partition Type: NTFS

Computer Name: YVI-PC | User Name: Yvi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.03 11:38:23 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012.01.31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.24 07:19:11 | 000,909,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011.09.09 18:46:10 | 008,158,720 | ---- | M] () [Auto | Stopped] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.29 06:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010.11.04 11:45:14 | 000,186,368 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe -- (MAGIX StartUp Analyze Service)
SRV - [2010.06.15 17:08:28 | 000,861,696 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\atwtusb.exe -- (WTService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.06 18:18:54 | 000,311,592 | -H-- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.06 05:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Archivos de programa\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Archivos de programa\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.07.21 11:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.21 11:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.24 07:53:02 | 000,219,008 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.03.24 07:53:02 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2011.03.24 07:53:02 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2011.03.24 07:53:02 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.03.24 07:53:02 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2011.03.24 07:53:02 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.03.24 07:53:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.09 12:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2010.05.01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.01 07:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.03.25 18:09:36 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.11.13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.26 12:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009.08.10 04:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.07 10:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.03.08 18:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010.05.01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.10 16:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {0b1be383-efa8-44d5-a7c2-9a39594575a1} - C:\Program Files (x86)\cleanlab\prxtbclea.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106250

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0b1be383-efa8-44d5-a7c2-9a39594575a1} - C:\Program Files (x86)\cleanlab\prxtbclea.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_esES353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deES470
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1D054FFA-7943-41F9-B84C-9BF4EE104A79}&mid=428854b4d0e447d19f12d16f64c224fb-b22b328c7626898b659af29c4c95b33d9a2ddc69&lang=en&ds=tg027&pr=sa&d=2011-09-14 16:30:41&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106250
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "cleanlab Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3106250&SearchSource=13"
FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.75
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106250&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@fxinteractive.com/fxplanet: C:\ProgramData\FXWebPlayer\npfxplanet.dll (FX Interactive)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Programme\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Yvi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Yvi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yvi\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yvi\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.02 22:29:54 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.14 11:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.20 12:06:57 | 000,000,000 | ---D | M]

[2009.12.25 09:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Extensions
[2009.12.25 09:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.09 17:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions
[2011.12.04 09:13:43 | 000,000,000 | ---D | M] (cleanlab Community Toolbar) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions\{0b1be383-efa8-44d5-a7c2-9a39594575a1}
[2011.12.06 20:22:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011.10.09 07:51:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.12.18 12:51:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.07.14 10:56:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Yvi\AppData\Roaming\mozilla\Firefox\Profiles\mi8f0oue.default\extensions\engine@conduit.com
[2011.11.20 16:45:50 | 000,000,919 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\mi8f0oue.default\searchplugins\conduit.xml
[2011.11.29 09:56:42 | 000,002,379 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\mi8f0oue.default\searchplugins\news-reader.xml
[2011.11.10 11:56:19 | 000,001,492 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\mi8f0oue.default\searchplugins\web-search-powered-by-google.xml
[2012.01.25 08:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 07:46:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.14 09:19:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.07.14 09:19:41 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
() (No name found) -- C:\USERS\YVI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MI8F0OUE.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\YVI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MI8F0OUE.DEFAULT\EXTENSIONS\FIREXPATH@PIERRE.THOLENCE.COM.XPI
[2012.02.14 11:02:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 10:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll
[2012.01.25 08:18:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 07:19:05 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.01.25 08:18:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.25 08:18:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.25 08:18:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.25 08:18:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.25 08:18:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv522.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Yvi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Yvi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Plugin de juegos de FX Interactive (Enabled) = C:\ProgramData\FXWebPlayer\npfxplanet.dll
CHR - plugin: Picasa (Enabled) = E:\Programme\Picasa\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Internetradio Deutschland = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\
CHR - Extension: Mallorca Finca Landhaus, Ferienhaus und Ferienwohnung = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmcbgfoopknkmgkbofgmbbaocpihbcc\2012.1.29.41556_0\
CHR - Extension: Chrome Tips Beta (by Google) = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.6_0\
CHR - Extension: YouTube = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Calculator = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja\2.5.4.2_0\
CHR - Extension: Google Analytics | Offizielle Website = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhodbjdjlnheceaiaaaljkgljnengjfd\2012.1.29.41562_0\
CHR - Extension: Offline Google Mail = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: Immobilien Mallorca » NOVA Immobilienmakler Mallorca, Ihr Mallorca Immobilien Spezialist = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekecccnjogejbcjmcnlhbhjlhdemdbgm\2012.1.29.41572_0\
CHR - Extension: Wunderlist = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.1_0\
CHR - Extension: Smartr Inbox for Gmail = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli\0.61_0\
CHR - Extension: TweetDeck = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.1.3_0\
CHR - Extension: https://www.google.com/calendar/b/2/render?pl = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifilmdffbghehioghofenhgjnanennje\2012.1.29.41600_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Evernote Web = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: Google Maps = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Grass = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Google Books = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.2_0\
CHR - Extension: Fiabee = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmpodmhlhciagihcjpdggoihakcahf\1.0.0.65_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: hxxp://www.ourgroceries.com/your-lists/ = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcbkheomapaoobacnjaooldjlfebiee\2012.1.29.46615_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Yvi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.1.22.1457_0\

O1 HOSTS File: ([2011.08.16 10:13:29 | 000,436,434 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (cleanlab Toolbar) - {0b1be383-efa8-44d5-a7c2-9a39594575a1} - C:\Program Files (x86)\cleanlab\prxtbclea.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (cleanlab Toolbar) - {0b1be383-efa8-44d5-a7c2-9a39594575a1} - C:\Program Files (x86)\cleanlab\prxtbclea.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (cleanlab Toolbar) - {0B1BE383-EFA8-44D5-A7C2-9A39594575A1} - C:\Program Files (x86)\cleanlab\prxtbclea.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Archivos de programa\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Archivos de programa\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\SysWow64\WTMKM.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_SCB3E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Yvi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [VoipStunt] C:\Program Files (x86)\VoipStunt.com\VoipStunt\VoipStunt.exe (VoipStunt)
O4 - Startup: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Yvi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Sitios de confianza)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www2.agenciatributaria.gob.es/es13/h/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135CD127-26E3-48E5-9B2D-ACAE62100904}: NameServer = 212.166.132.109 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{980C7731-22EB-47DE-97DC-2476E35BF945}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A729E68B-3A94-40E8-A015-57D6A51D66E8}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C7FB51-BF1A-4661-96D1-E81A6CD82ACC}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{121847f8-e5b1-11e0-ab40-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{121847f8-e5b1-11e0-ab40-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{121847fb-e5b1-11e0-ab40-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{121847fb-e5b1-11e0-ab40-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{189d501e-b0fd-11e0-bb7c-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{189d501e-b0fd-11e0-bb7c-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{18ac315b-b1c2-11e0-8aa3-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{18ac315b-b1c2-11e0-8aa3-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{18ac316c-b1c2-11e0-8aa3-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{18ac316c-b1c2-11e0-8aa3-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1aed14bd-a3b9-11e0-8b62-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{1aed14bd-a3b9-11e0-8b62-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1aed14bf-a3b9-11e0-8b62-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{1aed14bf-a3b9-11e0-8b62-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1aed14d8-a3b9-11e0-8b62-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{1aed14d8-a3b9-11e0-8b62-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{493354b9-e594-11e0-8bfb-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{493354b9-e594-11e0-8bfb-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4ad5d14d-ab87-11e0-9764-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad5d14d-ab87-11e0-9764-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4ad5d155-ab87-11e0-9764-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad5d155-ab87-11e0-9764-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7fabfa5a-2cf6-11e0-ae3f-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{7fabfa5a-2cf6-11e0-ae3f-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7fabfa6a-2cf6-11e0-ae3f-00262226cd08}\Shell - "" = AutoRun
O33 - MountPoints2\{7fabfa6a-2cf6-11e0-ae3f-00262226cd08}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Hier Teil 1

Zitat:

Und Teil 2

Zitat:

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.03.03 11:37:18 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe
[2012.03.02 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.01 07:35:19 | 000,000,000 | ---D | C] -- C:\Users\Yvi\.seospyglass
[2012.03.01 07:33:26 | 000,000,000 | ---D | C] -- C:\Users\Yvi\.websiteauditor
[2012.03.01 07:29:27 | 000,000,000 | ---D | C] -- C:\Users\Yvi\.ranktracker
[2012.03.01 07:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEO PowerSuite
[2012.03.01 07:27:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\SEO PowerSuite
[2012.02.18 08:11:37 | 000,000,000 | ---D | C] -- C:\Users\Yvi\Desktop\Visitenkarten
[2012.02.18 07:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.18 07:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.02.18 07:39:59 | 024,222,344 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Yvi\Desktop\SkypeSetupFull.exe
[2012.02.18 07:39:26 | 111,406,201 | ---- | C] (ADITO Software GmbH ) -- C:\Users\Yvi\Desktop\meinCRM3-setup.exe
[2012.02.18 07:38:27 | 001,528,832 | ---- | C] (Irfan Skiljan) -- C:\Users\Yvi\Desktop\iview432_setup.exe
[2012.02.17 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Yvi\Desktop\Como llegar
[2012.02.13 07:26:31 | 000,000,000 | ---D | C] -- C:\Users\Yvi\Desktop\Rechnungen Vodafone
[2012.02.10 10:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoner
[2012.02.10 10:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phoner
[2012.02.09 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Yvi\Desktop\Texte Mallorca Website
[2012.02.09 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\MySEOSolution_DB_Dir
[2012.02.09 14:48:55 | 000,000,000 | -H-D | C] -- C:\Users\Yvi\AppData\Local\MySEOSolution
[2012.02.09 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard
[2012.02.09 14:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Article Wizard
[2012.02.09 14:46:46 | 000,000,000 | ---D | C] -- C:\Users\Yvi\Desktop\ArticleWizard
[2012.02.08 18:08:19 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Phoner
[2012.02.08 18:07:38 | 004,236,646 | ---- | C] (Heiko Sommerfeldt ) -- C:\Users\Yvi\Desktop\PhonerSetup.exe
[1 C:\Users\Yvi\*.tmp files -> C:\Users\Yvi\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.03 11:41:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.03 11:41:02 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.03 11:39:38 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2012.03.03 11:38:23 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Yvi\Desktop\OTL.exe
[2012.03.03 10:53:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.03 10:45:35 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356958005-3255567285-3307477115-1001UA.job
[2012.03.03 08:01:59 | 001,680,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 08:01:59 | 000,749,296 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.03.03 08:01:59 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 08:01:59 | 000,159,334 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.03.03 08:01:59 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.03 07:58:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 07:58:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 07:51:09 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.02 22:05:37 | 000,000,456 | -H-- | M] () -- C:\ProgramData\x78cU946dy6RsG
[2012.03.02 22:02:54 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~x78cU946dy6RsG
[2012.03.02 22:02:54 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~x78cU946dy6RsGr
[2012.03.02 14:35:31 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356958005-3255567285-3307477115-1001Core.job
[2012.03.02 11:08:03 | 000,586,464 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\mdbu.bin
[2012.03.01 20:32:36 | 000,445,205 | ---- | M] () -- C:\Users\Yvi\.websiteauditor.properties
[2012.03.01 08:54:25 | 000,127,508 | ---- | M] () -- C:\Users\Yvi\.ranktracker.properties
[2012.03.01 08:47:55 | 000,200,571 | ---- | M] () -- C:\Users\Yvi\.spyglass.properties
[2012.03.01 07:28:44 | 000,002,320 | ---- | M] () -- C:\Users\Yvi\Desktop\LinkAssistant.lnk
[2012.03.01 07:28:28 | 000,002,349 | ---- | M] () -- C:\Users\Yvi\Desktop\WebSite Auditor.lnk
[2012.03.01 07:28:12 | 000,002,295 | ---- | M] () -- C:\Users\Yvi\Desktop\Rank Tracker.lnk
[2012.03.01 07:27:56 | 000,002,295 | ---- | M] () -- C:\Users\Yvi\Desktop\SEO SpyGlass.lnk
[2012.03.01 07:26:26 | 056,386,761 | ---- | M] () -- C:\Users\Yvi\Desktop\seopowersuite-jre.zip
[2012.02.29 16:10:28 | 000,001,348 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.02.28 09:17:33 | 000,000,341 | ---- | M] () -- C:\Users\Yvi\.JavaPowUpload.properties
[2012.02.26 02:55:26 | 002,392,952 | ---- | M] () -- C:\Users\Yvi\Desktop\DSC02274.JPG
[2012.02.24 06:42:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.24 06:42:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.23 13:03:57 | 000,020,992 | -H-- | M] () -- C:\Users\Yvi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.18 08:17:26 | 000,030,515 | ---- | M] () -- C:\Users\Yvi\Desktop\meinCRM3 ADITO online.pdf
[2012.02.18 07:47:11 | 087,031,672 | ---- | M] () -- C:\Users\Yvi\Desktop\avira_free_antivirus_en.exe
[2012.02.18 07:46:24 | 111,406,201 | ---- | M] (ADITO Software GmbH ) -- C:\Users\Yvi\Desktop\meinCRM3-setup.exe
[2012.02.18 07:43:40 | 000,001,898 | ---- | M] () -- C:\Users\Yvi\Desktop\IrfanView Thumbnails.lnk
[2012.02.18 07:43:40 | 000,001,006 | ---- | M] () -- C:\Users\Yvi\Desktop\IrfanView.lnk
[2012.02.18 07:42:25 | 024,222,344 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Yvi\Desktop\SkypeSetupFull.exe
[2012.02.18 07:38:58 | 001,506,149 | ---- | M] () -- C:\Users\Yvi\Desktop\wrar410.exe
[2012.02.18 07:38:29 | 001,528,832 | ---- | M] (Irfan Skiljan) -- C:\Users\Yvi\Desktop\iview432_setup.exe
[2012.02.17 19:43:02 | 000,001,013 | ---- | M] () -- C:\Users\Yvi\Desktop\Dropbox.lnk
[2012.02.17 19:43:02 | 000,000,993 | ---- | M] () -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.17 19:38:15 | 000,446,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 13:24:58 | 001,736,704 | -H-- | M] () -- E:\Kontakte-Webdatenbank.accdb
[2012.02.15 13:19:55 | 000,021,640 | ---- | M] () -- C:\Users\Yvi\Desktop\Cambio
[2012.02.10 13:33:22 | 002,379,080 | ---- | M] () -- C:\Users\Yvi\Desktop\daten orte.csv
[2012.02.10 12:55:56 | 000,019,655 | ---- | M] () -- C:\Users\Yvi\Desktop\Ortsinfos Mallorca.csv
[2012.02.10 11:48:40 | 000,019,549 | ---- | M] () -- C:\Users\Yvi\Desktop\20120210-1149.pdf
[2012.02.10 10:32:00 | 000,000,987 | ---- | M] () -- C:\Users\Yvi\Desktop\Phoner.lnk
[2012.02.10 08:42:33 | 006,389,005 | ---- | M] () -- C:\Users\Yvi\Desktop\landing_page_seo.pdf
[2012.02.09 17:55:12 | 000,003,722 | ---- | M] () -- C:\Users\Yvi\Desktop\Orte.csv
[2012.02.09 14:48:26 | 000,003,027 | ---- | M] () -- C:\Users\Yvi\Desktop\Article Wizard.lnk
[2012.02.09 14:46:43 | 016,126,365 | ---- | M] () -- C:\Users\Yvi\Desktop\ArticleWizard.rar
[2012.02.08 18:07:49 | 004,236,646 | ---- | M] (Heiko Sommerfeldt ) -- C:\Users\Yvi\Desktop\PhonerSetup.exe
[2012.02.08 10:08:33 | 046,066,627 | ---- | M] () -- C:\Users\Yvi\Desktop\Die Müller-Diät1.pdf
[2012.02.08 10:05:09 | 002,391,189 | ---- | M] () -- C:\Users\Yvi\Desktop\Die Müller-Diät.pdf
[2012.02.08 08:05:10 | 000,004,444 | ---- | M] () -- C:\Users\Yvi\Desktop\pdf_schlank-im-schlaf-durch-die-neue-kalorien-ampel-pressemitteilung94959.pdf
[2012.02.05 08:12:09 | 000,131,280 | ---- | M] () -- C:\Users\Yvi\Desktop\397267_3270533045977_1346901613_3329924_333068369_n.jpg
[2012.02.05 08:11:48 | 000,021,922 | ---- | M] () -- C:\Users\Yvi\Desktop\429392_3270525565790_1346901613_3329921_738132583_n.jpg
[2012.02.03 10:20:37 | 000,916,284 | ---- | M] () -- C:\Users\Yvi\Desktop\com_acymailing_starter_3.5.0_2012-02-03.zip
[2012.02.02 18:32:18 | 000,011,661 | ---- | M] () -- C:\Users\Yvi\Desktop\Ebaybosquerro.htm
[1 C:\Users\Yvi\*.tmp files -> C:\Users\Yvi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.02 14:34:53 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~x78cU946dy6RsG
[2012.03.02 14:34:53 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~x78cU946dy6RsGr
[2012.03.02 14:34:49 | 000,000,456 | -H-- | C] () -- C:\ProgramData\x78cU946dy6RsG
[2012.03.01 20:32:36 | 000,445,205 | ---- | C] () -- C:\Users\Yvi\.websiteauditor.properties
[2012.03.01 08:47:50 | 000,200,571 | ---- | C] () -- C:\Users\Yvi\.spyglass.properties
[2012.03.01 07:48:47 | 000,127,508 | ---- | C] () -- C:\Users\Yvi\.ranktracker.properties
[2012.03.01 07:28:44 | 000,002,320 | ---- | C] () -- C:\Users\Yvi\Desktop\LinkAssistant.lnk
[2012.03.01 07:28:28 | 000,002,349 | ---- | C] () -- C:\Users\Yvi\Desktop\WebSite Auditor.lnk
[2012.03.01 07:28:12 | 000,002,295 | ---- | C] () -- C:\Users\Yvi\Desktop\Rank Tracker.lnk
[2012.03.01 07:27:56 | 000,002,295 | ---- | C] () -- C:\Users\Yvi\Desktop\SEO SpyGlass.lnk
[2012.03.01 07:24:13 | 056,386,761 | ---- | C] () -- C:\Users\Yvi\Desktop\seopowersuite-jre.zip
[2012.02.28 10:48:20 | 002,392,952 | ---- | C] () -- C:\Users\Yvi\Desktop\DSC02274.JPG
[2012.02.28 08:54:04 | 000,000,341 | ---- | C] () -- C:\Users\Yvi\.JavaPowUpload.properties
[2012.02.24 06:42:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.24 06:42:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.18 08:17:44 | 000,030,515 | ---- | C] () -- C:\Users\Yvi\Desktop\meinCRM3 ADITO online.pdf
[2012.02.18 07:43:40 | 000,001,898 | ---- | C] () -- C:\Users\Yvi\Desktop\IrfanView Thumbnails.lnk
[2012.02.18 07:43:40 | 000,001,006 | ---- | C] () -- C:\Users\Yvi\Desktop\IrfanView.lnk
[2012.02.18 07:41:11 | 087,031,672 | ---- | C] () -- C:\Users\Yvi\Desktop\avira_free_antivirus_en.exe
[2012.02.18 07:38:52 | 001,506,149 | ---- | C] () -- C:\Users\Yvi\Desktop\wrar410.exe
[2012.02.15 13:19:55 | 000,021,640 | ---- | C] () -- C:\Users\Yvi\Desktop\Cambio
[2012.02.14 11:51:24 | 001,736,704 | -H-- | C] () -- E:\Kontakte-Webdatenbank.accdb
[2012.02.10 13:33:21 | 002,379,080 | ---- | C] () -- C:\Users\Yvi\Desktop\daten orte.csv
[2012.02.10 12:54:57 | 000,019,655 | ---- | C] () -- C:\Users\Yvi\Desktop\Ortsinfos Mallorca.csv
[2012.02.10 11:48:38 | 000,019,549 | ---- | C] () -- C:\Users\Yvi\Desktop\20120210-1149.pdf
[2012.02.10 10:32:00 | 000,000,987 | ---- | C] () -- C:\Users\Yvi\Desktop\Phoner.lnk
[2012.02.10 08:41:46 | 006,389,005 | ---- | C] () -- C:\Users\Yvi\Desktop\landing_page_seo.pdf
[2012.02.09 17:55:11 | 000,003,722 | ---- | C] () -- C:\Users\Yvi\Desktop\Orte.csv
[2012.02.09 14:48:26 | 000,003,027 | ---- | C] () -- C:\Users\Yvi\Desktop\Article Wizard.lnk
[2012.02.09 14:46:04 | 016,126,365 | ---- | C] () -- C:\Users\Yvi\Desktop\ArticleWizard.rar
[2012.02.08 10:09:57 | 046,066,627 | ---- | C] () -- C:\Users\Yvi\Desktop\Die Müller-Diät1.pdf
[2012.02.08 10:05:02 | 002,391,189 | ---- | C] () -- C:\Users\Yvi\Desktop\Die Müller-Diät.pdf
[2012.02.08 08:05:09 | 000,004,444 | ---- | C] () -- C:\Users\Yvi\Desktop\pdf_schlank-im-schlaf-durch-die-neue-kalorien-ampel-pressemitteilung94959.pdf
[2012.02.05 08:12:08 | 000,131,280 | ---- | C] () -- C:\Users\Yvi\Desktop\397267_3270533045977_1346901613_3329924_333068369_n.jpg
[2012.02.05 08:11:00 | 000,021,922 | ---- | C] () -- C:\Users\Yvi\Desktop\429392_3270525565790_1346901613_3329921_738132583_n.jpg
[2012.02.03 10:20:33 | 000,916,284 | ---- | C] () -- C:\Users\Yvi\Desktop\com_acymailing_starter_3.5.0_2012-02-03.zip
[2012.02.02 18:32:18 | 000,011,661 | ---- | C] () -- C:\Users\Yvi\Desktop\Ebaybosquerro.htm
[2012.01.19 12:19:28 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011.12.18 15:12:14 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.18 15:12:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.18 15:12:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.18 15:12:14 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.18 15:12:14 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.18 15:12:14 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.18 15:12:14 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.18 15:12:14 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.18 15:12:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.18 15:12:14 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.18 15:12:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.18 15:12:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.18 15:12:14 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.18 15:12:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.18 15:12:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.18 15:12:14 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.18 15:12:14 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.18 15:12:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.18 15:12:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.18 15:07:50 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2011.12.14 18:47:25 | 001,220,608 | ---- | C] () -- C:\Windows\SysWow64\pdf2bmp.dll
[2011.12.14 18:47:23 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2011.12.14 18:47:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2011.11.22 20:39:37 | 000,038,430 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2011.07.14 09:20:58 | 000,017,408 | -H-- | C] () -- C:\Users\Yvi\AppData\Local\WebpageIcons.db
[2011.06.07 18:00:09 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.05.08 08:45:10 | 000,586,464 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\mdbu.bin
[2011.04.26 20:38:46 | 000,000,079 | ---- | C] () -- C:\Windows\SiteSpiderforms.ini
[2011.04.24 20:11:41 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.21 14:01:44 | 000,020,992 | -H-- | C] () -- C:\Users\Yvi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.04 20:34:47 | 000,038,426 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.03.26 11:20:57 | 000,861,696 | ---- | C] () -- C:\Windows\SysWow64\atwtusb.exe
[2011.03.26 11:20:55 | 000,151,272 | ---- | C] () -- C:\Windows\SysWow64\Calibration.exe
[2011.03.26 11:20:55 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\InstallService.exe
[2011.03.26 11:20:52 | 006,259,432 | ---- | C] () -- C:\Windows\SysWow64\WTMKM.exe
[2011.03.26 11:20:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2011.03.26 11:20:50 | 000,126,696 | ---- | C] () -- C:\Windows\RmTablet.exe
[2011.03.26 11:20:48 | 000,022,856 | ---- | C] () -- C:\Windows\SysWow64\Photoshop Elements.ini
[2011.03.26 11:20:48 | 000,015,605 | ---- | C] () -- C:\Windows\SysWow64\PhotoImpact XL SE.ini
[2011.03.26 11:20:48 | 000,010,513 | ---- | C] () -- C:\Windows\SysWow64\Windows7.ini
[2011.03.26 11:20:48 | 000,010,251 | ---- | C] () -- C:\Windows\SysWow64\Vista.ini
[2011.03.26 11:20:48 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\XP_2000.ini
[2011.03.26 11:20:48 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini
[2011.03.26 11:20:48 | 000,000,924 | ---- | C] () -- C:\Windows\SysWow64\Corel Draw.ini
[2011.03.26 11:20:48 | 000,000,792 | ---- | C] () -- C:\Windows\SysWow64\MKProfile.ini
[2011.03.24 07:50:52 | 000,226,366 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011.03.17 21:47:41 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.03.09 06:57:21 | 000,012,955 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2011.03.09 06:56:01 | 000,011,407 | ---- | C] () -- C:\Users\Yvi\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
[2010.09.06 17:17:12 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.09.06 17:17:12 | 000,001,193 | ---- | C] () -- C:\Windows\unins000.dat
[2010.08.31 10:06:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.29 08:31:11 | 000,002,473 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.25 18:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 18:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 18:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.08.25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.11 22:45:14 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010.08.11 22:45:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.06.10 18:53:36 | 000,000,365 | ---- | C] () -- C:\Windows\{AE948007-92AE-4328-9403-C363AFD6D5D5}_WiseFW.ini

========== LOP Check ==========

[2010.04.30 19:15:08 | 000,000,000 | -HSD | M] -- C:\Users\Yvi\AppData\Roaming\.#
[2009.11.14 11:32:37 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\1&1
[2011.09.07 07:29:16 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\AceBIT
[2011.12.14 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Anuman Interactive
[2011.05.28 06:10:07 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\AquaSoft
[2011.12.17 16:40:13 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Audacity
[2012.01.05 11:11:17 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\calibre
[2011.11.11 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.04.24 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\CoffeeCup Software
[2011.11.04 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.14 09:25:44 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.03 07:52:07 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Dropbox
[2011.12.18 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\EPSON
[2010.09.06 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Flatcast
[2011.10.07 12:47:53 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Free Monitor for Google
[2009.11.14 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\GameConsole
[2012.01.15 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\GoContactSyncMOD
[2012.02.01 11:10:10 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\gtk-2.0
[2011.11.23 10:12:44 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\HTC
[2011.02.23 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.03.02 22:29:31 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\IBP
[2012.03.02 22:29:31 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\IrfanView
[2011.08.15 17:09:28 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\MAGIX
[2012.01.26 07:40:46 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\mresreg
[2012.02.10 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\MySEOSolution_DB_Dir
[2011.01.17 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Netviewer
[2011.10.14 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Notepad++
[2011.09.14 10:50:22 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\OpenCandy
[2011.05.04 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Outlook
[2010.08.30 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\PC Suite
[2012.02.10 10:33:15 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Phoner
[2010.12.03 06:05:32 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\PhraseExpress
[2010.08.11 08:12:01 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Playrix Entertainment
[2009.11.14 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\PowerCinema
[2011.03.26 11:04:41 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Samsung
[2009.11.22 14:37:04 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\SecondLife
[2009.11.29 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Sigel
[2009.11.11 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\SoftDMA
[2011.12.14 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Softinterface, Inc
[2012.03.03 07:53:03 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Spotify
[2011.12.26 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Titanium
[2009.12.25 09:14:10 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\TomTom
[2010.06.04 14:17:30 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\UBitMenu
[2011.12.08 08:29:34 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\UDC Profiles
[2012.01.24 07:18:25 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\UseNeXT
[2011.02.10 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Vodafone
[2012.02.29 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\VoipStunt
[2010.12.02 06:46:45 | 000,000,000 | ---D | M] -- C:\Users\Yvi\AppData\Roaming\Windows Live Writer
[2012.03.03 11:39:38 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job
[2011.07.18 06:17:00 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009.11.11 19:02:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.10 20:22:47 | 000,000,000 | ---D | M] -- C:\aeat
[2009.11.11 19:01:11 | 000,000,000 | -HSD | M] -- C:\Archivos de programa
[2009.08.27 16:32:39 | 000,000,000 | ---D | M] -- C:\book
[2010.05.08 06:25:08 | 000,000,000 | ---D | M] -- C:\Casino
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.14 07:50:21 | 000,000,000 | ---D | M] -- C:\Help
[2009.08.14 11:07:17 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.02 22:30:16 | 000,000,000 | ---D | M] -- C:\Languages
[2011.02.23 21:10:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.02 22:30:16 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.29 16:20:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.01 07:27:45 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.02 22:29:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.11 19:01:11 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.03 11:20:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.24 08:42:10 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.11.11 19:01:17 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.03 11:41:02 | 000,000,000 | ---D | M] -- C:\Windows
[2011.09.27 18:46:25 | 000,000,000 | ---D | M] -- C:\xampp

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaSt orV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvsto r.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.02.28 09:17:33 | 000,000,341 | ---- | M] () -- C:\Users\Yvi\.JavaPowUpload.properties
[2012.03.01 08:54:25 | 000,127,508 | ---- | M] () -- C:\Users\Yvi\.ranktracker.properties
[2012.02.01 11:10:10 | 000,002,138 | ---- | M] () -- C:\Users\Yvi\.recently-used.xbel
[2012.03.01 08:47:55 | 000,200,571 | ---- | M] () -- C:\Users\Yvi\.spyglass.properties
[2012.03.01 20:32:36 | 000,445,205 | ---- | M] () -- C:\Users\Yvi\.websiteauditor.properties
[2011.11.06 14:32:05 | 000,066,117 | ---- | M] () -- C:\Users\Yvi\himmel.jpg
[2011.11.06 14:31:45 | 001,316,637 | ---- | M] () -- C:\Users\Yvi\himmel.xcf
[2012.03.03 11:51:53 | 013,107,200 | ---- | M] () -- C:\Users\Yvi\ntuser.dat
[2011.08.15 17:38:14 | 006,815,744 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat.bak
[2011.08.15 17:36:40 | 000,000,000 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat.efr.LOG1
[2011.08.15 17:36:40 | 000,000,000 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat.efr.LOG2
[2012.03.03 11:51:53 | 000,262,144 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat.LOG1
[2009.11.11 19:01:20 | 000,000,000 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat.LOG2
[2009.11.11 19:33:55 | 000,065,536 | -HS- | M] () -- C:\Users\Yvi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.11 19:33:55 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.11 19:33:55 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.12.04 15:15:35 | 000,065,536 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{01fd4bcf-fe9a-11df-aca3-00262226cd08}.TM.blf
[2010.12.04 15:15:35 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{01fd4bcf-fe9a-11df-aca3-00262226cd08}.TMContainer00000000000000000001.regtrans-ms
[2010.12.04 15:15:35 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{01fd4bcf-fe9a-11df-aca3-00262226cd08}.TMContainer00000000000000000002.regtrans-ms
[2011.08.16 08:14:55 | 000,065,536 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{66306972-c748-11e0-8f2a-00262226cd08}.TM.blf
[2011.08.16 08:14:55 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{66306972-c748-11e0-8f2a-00262226cd08}.TMContainer00000000000000000001.regtrans-ms
[2011.08.16 08:14:55 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{66306972-c748-11e0-8f2a-00262226cd08}.TMContainer00000000000000000002.regtrans-ms
[2011.02.16 05:40:16 | 000,065,536 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{b7609ee2-379b-11e0-8e67-00262226cd08}.TM.blf
[2011.02.16 05:40:16 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{b7609ee2-379b-11e0-8e67-00262226cd08}.TMContainer00000000000000000001.regtrans-ms
[2011.02.16 05:40:16 | 000,524,288 | -HS- | M] () -- C:\Users\Yvi\ntuser.dat{b7609ee2-379b-11e0-8e67-00262226cd08}.TMContainer00000000000000000002.regtrans-ms
[2009.11.11 19:01:20 | 000,000,020 | -HS- | M] () -- C:\Users\Yvi\ntuser.ini
[2011.05.19 21:19:37 | 000,000,016 | ---- | M] () -- C:\Users\Yvi\persistent_state
[2011.11.09 21:19:08 | 000,005,120 | -HS- | M] () -- C:\Users\Yvi\Thumbs.db
[1 C:\Users\Yvi\*.tmp files -> C:\Users\Yvi\*.tmp -> ]

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0E22C5DB

< End of report >

Was mache ich jetzt?

hi
du hast schon gesehen wie viel hier los ist oder?

und ich hab auch nen wocheende...

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

:OTL

[2012.03.02 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012.03.02 22:05:37 | 000,000,456 | -H-- | M] () -- C:\ProgramData\x78cU946dy6RsG

[2012.03.02 22:02:54 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~x78cU946dy6RsG

[2012.03.02 22:02:54 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~x78cU946dy6RsGr

 :Files

:Commands

[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Ich wollte nicht drängeln, sorry..
Ich habe gemacht, was du gesagt hast, aber die einzigen textdateien, die ich habe, sind die beiden von vor 3 Stunden und eine von unhide.
Ist da jetzt irgendwas schief gelaufen?

packe dann moved files und mache den upload, da finde ich das log dann.

moved files ist das von unhide? Das ist nur ein kurzes Textfile.
wie packe ich das?

wo moved files zu finden ist, steht unter dem script und nach der anweisung für unhide

Hallo Markus, ich habe die Datei gefunden und hochgeladen.

danke.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Das hat jetzt echt lange gelaufen,das Combofix
Hier ist der Code
Combofix Logfile:

Code:

ComboFix 12-03-02.01 - Yvi 03.03.2012  16:45:30.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.34.3082.18.4026.1875 [GMT 1:00]

Running from: c:\users\Yvi\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Acer GameZone online.ico

c:\users\Yvi\AppData\Roaming\.#

c:\users\Yvi\AppData\Roaming\1&1

c:\users\Yvi\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml

c:\users\Yvi\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log

c:\users\Yvi\AppData\Roaming\1&1\1&1 EasyLogin\update\AccesoDirecto_setup.exe

c:\windows\IsUn0407.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MaJUtilLib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCaller.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

E:\SETUP.EXE

.

.

(((((((((((((((((((((((((   Files Created from 2012-02-03 to 2012-03-03  )))))))))))))))))))))))))))))))

.

.

2012-03-03 17:23 . 2012-03-03 17:23        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-03 15:53 . 2012-03-03 15:53        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF3C5B4-8CDB-4DDA-B0DC-6E5C1BA4D169}\offreg.dll

2012-03-03 14:39 . 2012-03-03 15:29        --------        d-----w-        C:\_OTL

2012-03-02 21:16 . 2012-03-02 21:16        48464        ----a-w-        c:\windows\system32\drivers\pvplbmkv.sys

2012-03-02 06:24 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF3C5B4-8CDB-4DDA-B0DC-6E5C1BA4D169}\mpengine.dll

2012-03-01 06:35 . 2012-03-01 07:47        --------        d-----w-        c:\users\Yvi\.seospyglass

2012-03-01 06:33 . 2012-03-01 19:32        --------        d-----w-        c:\users\Yvi\.websiteauditor

2012-03-01 06:29 . 2012-03-01 07:54        --------        d-----w-        c:\users\Yvi\.ranktracker

2012-03-01 06:27 . 2012-03-02 21:29        --------        d-----w-        c:\program files (x86)\SEO PowerSuite

2012-02-24 06:09 . 2012-03-02 21:29        --------        d-----w-        c:\windows\SysWow64\wbem\en-US

2012-02-24 06:09 . 2012-03-02 21:29        --------        d-----w-        c:\windows\system32\wbem\en-US

2012-02-18 06:44 . 2012-02-18 06:44        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-02-15 05:45 . 2012-01-04 09:58        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-15 05:45 . 2012-01-04 09:03        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-15 05:45 . 2012-01-03 06:24        515584        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-15 05:45 . 2012-01-03 05:44        478208        ----a-w-        c:\windows\SysWow64\timedate.cpl

2012-02-15 05:45 . 2012-01-14 04:02        3143168        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 05:45 . 2011-12-28 03:59        499200        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-15 05:45 . 2011-12-16 08:42        634368        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 05:45 . 2011-12-16 07:59        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

2012-02-10 09:31 . 2012-02-10 09:32        --------        d-----w-        c:\program files (x86)\Phoner

2012-02-09 13:49 . 2012-02-10 11:30        --------        d-----w-        c:\users\Yvi\AppData\Roaming\MySEOSolution_DB_Dir

2012-02-09 13:48 . 2012-03-02 21:29        --------        d-----w-        c:\users\Yvi\AppData\Local\MySEOSolution

2012-02-09 13:48 . 2012-02-09 13:48        --------        d-----w-        c:\program files (x86)\Article Wizard

2012-02-08 17:08 . 2012-02-10 09:33        --------        d-----w-        c:\users\Yvi\AppData\Roaming\Phoner

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-02 10:08 . 2011-05-08 07:45        586464        ----a-w-        c:\users\Yvi\AppData\Roaming\mdbu.bin

2012-01-29 04:10 . 2009-11-11 18:51        279656        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-20 17:51 . 2011-03-17 20:47        900        --sha-w-        c:\programdata\KGyGaAvL.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0b1be383-efa8-44d5-a7c2-9a39594575a1}"= "c:\program files (x86)\cleanlab\prxtbclea.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{0b1be383-efa8-44d5-a7c2-9a39594575a1}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0b1be383-efa8-44d5-a7c2-9a39594575a1}]

2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\cleanlab\prxtbclea.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-24 06:19        1811296        ----a-w-        c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-24 1811296]

"{0b1be383-efa8-44d5-a7c2-9a39594575a1}"= "c:\program files (x86)\cleanlab\prxtbclea.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{0b1be383-efa8-44d5-a7c2-9a39594575a1}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoipStunt"="c:\program files (x86)\VoipStunt.com\VoipStunt\VoipStunt.exe" [2011-08-12 13887280]

"Spotify"="c:\users\Yvi\AppData\Roaming\Spotify\Spotify.exe" [2012-02-09 4009648]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MacrokeyManager"="WTMKM.exe" [2010-06-14 6259432]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-05-05 273544]

"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-24 939872]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]

.

c:\users\Yvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Yvi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2010-3-21 7341128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]

R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [2010-11-04 186368]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]

R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S2 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-03-29 9216]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-24 909152]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - cpuz132

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 09:38]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 09:38]

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356958005-3255567285-3307477115-1001Core.job

- c:\users\Yvi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 16:35]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356958005-3255567285-3307477115-1001UA.job

- c:\users\Yvi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 16:35]

.

2012-03-03 c:\windows\Tasks\PCCT - MAGIX AG.job

- c:\program files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe [2010-11-08 16:08]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Yvi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:19        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-27 200704]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0a&m=aspire_5732z&r=27361109a625l0394z1i5t47l2x677

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: samsungsetup.com\www

TCP: DhcpNameServer = 80.58.61.250 80.58.61.254

TCP: Interfaces\{135CD127-26E3-48E5-9B2D-ACAE62100904}: NameServer = 212.166.132.109 212.73.32.67

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www2.agenciatributaria.gob.es/es13/h/cactivex.cab

FF - ProfilePath - c:\users\Yvi\AppData\Roaming\Mozilla\Firefox\Profiles\mi8f0oue.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106250&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106250&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106250&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-IBP - (no file)

Wow6432Node-HKCU-Run-NetLimiter - c:\program files\NetLimiter 3\NLClientApp.exe

Wow6432Node-HKLM-Run-NPSStartup - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{0B1BE383-EFA8-44D5-A7C2-9A39594575A1} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Convert PDF To Image_is1 - c:\program files (x86)\Softinterface

AddRemove-LEGO LOCO - c:\windows\IsUn0407.exe

AddRemove-NetObjects Fusion Essentials - c:\windows\IsUn0407.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-03  19:13:29

ComboFix-quarantined-files.txt  2012-03-03 18:13

.

Pre-Run: 235.326.697.472 bytes libres

Post-Run: 236.183.932.928 bytes libres

.

- - End Of File - - DC2868739B7E193D701EF84E83309EB2

--- --- ---

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.03.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Yvi :: YVI-PC [Administrator]

Schutz: Aktiviert

03.03.2012 19:37:07
mbam-log-2012-03-03 (19-37-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 536902
Laufzeit: 2 Stunde(n), 3 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 3924 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\Users\Yvi\Downloads\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Yvi\Downloads\SetupCasino_bb9eda_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Guten Morgen, mein Bildschirmhintergrund ist noch immer schwarz, die Symbole darauf sind allerdings alle da, ich denke, ich muss einfach einen neuen Hintergrund einrichten, oder? Die Taskleiste ist auch fast komplett leer. Ist es richtig, das ich die Programme da neu reinziehen muss? Ansonsten scheint alles wieder normal zu funktionieren. Wie sicher ist mein Rechner denn jetzt. Sollte ich alle Passwörter ändern? Vielen Dank jetzt schonmal für die tolle Hilfe!

C:\Users\Yvi\Downloads\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
keygens sind illegal, illegal verwendete software unterstützen wir nicht, da gibts nur hilfe beim formatieren, vorher daten sichern, neu instalieren und pc absichern