Hallo zusammen! ich habe folgendes problem: mein laptop (windows 7) ist von dem gema virus befallen. gestern kam ich noch in den abgesicherten modus mit eingabeaufforderung.allerdings hatte ich da noch nicht die richzige lösung gefunden. nun habe ich per handy lösungsvorschlägw zur manuellen entfwrnung über die registry gefunden kommen aber auf einmal nicht mehr in den abg. modus mit eingabeauffordwrung. nun habe ich hier gelesen, dass ich einen zweit-rechner brauche. ab heute nachmittag habe ich die möglichkeit und werde dann euren anweisungen folgen. würde mich sehr über hilfe freuen, da ich eher unerfahren bin. Ps: gehen bei diesem verfahren eig nicht gesicherte daten verloren? es wäre sehr wichtig für mich dass meine daten nicht verloren gehen! Vielen dank schonmal!!! Caro!

hi, sobald du den hast,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
• ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Hey!
Danke erstmal für die schnelle Antwort!
Habe jetzt einen zweiten PC (leider auch nur vorübergehend) und scheitere aber gerade daran, von der CD zu booten.
Ich weiß nciht warum, aber es funktioniert nicht.
Sowohl beim booten von CD, als auch vom Stick (hab es bereits mit verschiedenen Programmen versucht, Avira, Kaspersky Rescue Disk 10 und natürlich auch die hier angegebene OTLPENet.exe) startet mein PC erneut normal und es wird wieder nur der Hinweis des Virus angezeigt.
Ist es normal dass ich nach der Eingabe im Setup, von der CD zu booten, gefragt werde in welchem Modus ich windows nun hochfahren möchte?
Habe bereits abgesicherten Modus, sowie Windows normal hochfahren versucht.
Wie bereits oben beschrieben, gelange ich dann nach Passworteingabe wieder zu dem normalen Desktop auf dem der Virus angezeigt wird und nicht dem REATOGO-X-PE Desktop, wie hier beschrieben.
Mache ich beim booten evtl. einen Fehler?

hast du den pc so konfiguriert das er von cd bootet, also die boot reihenfolge so geendert das das cd laufwerk zuerst startet?

Ja habe ich.
Ich schätze dass die exe nicht wirklich auf der cd war, da ich am funktionierenden pc keinen Inhalt angezeigt bekommen habe.
Nun habe ich die OTLPENet.exe auf anderem weg gebrannt und die datei scheint drauf zu sein.
Bei Boot priority steht nun als erstes: AHCI CD : P1-TSSTcorp CDDVDW TS-L633
beim fortfahren erschien die option "windows normal hochfahren" oder "mit starthilfe hochfahren". Bei der auswahl mit Starthilfe kam als nächste die Anzeige "Samsung recovery solutions". Diese hat mich ehrlich gesagt beunruhigt, da ein bekannter mir sagte über die recovery option würde ich alle daten verlieren. Und hier beschrieben war ja auch, dass sich der REATOGO-X-PE Desktop öffnet.
Hätte ich dort fortfahren müssen?
Mit der Option "normal starten" passiert wieder das gleiche wie sonst auch und der virus öffnet sich

Also mein Rechner läuft wieder.
Letztendlich habe ich über den taskmanager direkt nach dem Start alle Prozesse beendet und dann einen neuen gestartet "restrui.exe". Damit bin ich dann in die Systemwiederherstellung gekommen, die dann auch geklappt hat.
Ist die Sache damit jetzt wohl überstanden?
Oder sollte ich nun noch etwas beachten?

Vielen Dank trotzdem für die Hilfe!!
Caro!

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die
  Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hier die Ergenisse:
OTL.Txt:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 19.02.2012 22:29:18 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Users\Carolin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,77% Memory free
5,93 Gb Paging File | 4,79 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 56,81 Gb Free Space | 39,98% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 22,08 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
 
Computer Name: CAROLIN-PC | User Name: Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.19 22:26:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Carolin\Desktop\OTL.exe
PRC - [2011.12.07 15:23:48 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.08.01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.08.01 04:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.07.07 15:29:58 | 000,282,624 | ---- | M] (BlazeVideo Company) -- C:\Programme\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.03.02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 17:38:58 | 000,205,824 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011.10.13 15:34:38 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll
MOD - [2011.10.13 12:47:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 12:47:37 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll
MOD - [2011.10.13 12:44:46 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll
MOD - [2011.10.13 12:44:42 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll
MOD - [2011.10.13 12:44:35 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll
MOD - [2011.10.13 12:44:23 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 12:44:20 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll
MOD - [2011.10.13 12:44:18 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll
MOD - [2011.10.13 12:44:05 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll
MOD - [2011.10.13 12:44:03 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll
MOD - [2011.10.13 12:44:00 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll
MOD - [2011.10.13 12:43:52 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll
MOD - [2011.08.04 18:03:25 | 000,115,137 | ---- | M] () -- C:\Users\Carolin\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
MOD - [2011.08.01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.25 10:48:22 | 000,534,528 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll
MOD - [2010.12.13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010.12.13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010.03.18 14:55:52 | 000,233,472 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\Report.dll
MOD - [2010.01.11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll
MOD - [2008.12.30 11:40:30 | 000,073,728 | ---- | M] () -- C:\Programme\BlazeVideo\BlazeDTV 6.0\VersionInfo.dll
MOD - [2008.12.30 11:40:26 | 000,106,496 | ---- | M] () -- C:\Programme\BlazeVideo\BlazeDTV 6.0\mlutil.dll
MOD - [2008.12.30 11:40:26 | 000,032,768 | ---- | M] () -- C:\Programme\BlazeVideo\BlazeDTV 6.0\MMKeyboardHook.dll
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (NMIndexingService)
SRV - [2011.12.19 10:51:48 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.07 18:19:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.03.08 04:39:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.15 20:06:50 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.07 16:01:01 | 000,483,200 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011.08.11 18:31:24 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.07.08 06:20:42 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.01.08 10:59:40 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2011.01.08 10:59:16 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.01.08 10:59:16 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.22 20:25:32 | 000,538,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV - [2009.05.25 13:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009.05.25 13:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 13:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009.05.25 13:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 13:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009.05.25 13:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 13:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2009.01.07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008.12.07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008.07.02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 D7 46 C3 78 06 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carolin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.22 16:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.28 09:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.17 14:54:59 | 000,000,000 | ---D | M]
 
[2009.12.06 11:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carolin\AppData\Roaming\mozilla\Extensions
[2012.02.15 17:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions
[2012.01.10 23:20:54 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012.01.06 13:46:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 17:41:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.22 19:45:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.10 22:34:46 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.12.16 08:54:22 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.21 06:49:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Carolin\AppData\Roaming\mozilla\Firefox\Profiles\p7qqoj85.default\extensions\engine@conduit.com
[2012.01.05 13:21:18 | 000,000,915 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\conduit.xml
[2012.02.11 13:41:37 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-1.xml
[2011.10.16 20:30:28 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-10.xml
[2011.11.28 09:25:34 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-11.xml
[2011.12.16 14:01:28 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-12.xml
[2012.01.10 22:38:01 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-13.xml
[2011.05.04 06:11:41 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-2.xml
[2011.06.21 22:44:47 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-3.xml
[2011.06.23 14:56:17 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-4.xml
[2011.08.17 22:10:11 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-5.xml
[2011.08.19 22:30:36 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-6.xml
[2011.09.06 16:16:48 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-7.xml
[2011.09.08 20:30:34 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-8.xml
[2011.09.30 06:39:47 | 000,000,950 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin-9.xml
[2011.04.15 20:12:22 | 000,001,069 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\icqplugin.xml
[2011.12.16 08:54:10 | 000,003,915 | ---- | M] () -- C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\p7qqoj85.default\searchplugins\sweetim.xml
[2012.02.12 19:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.02.05 18:56:23 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Programme\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2012.02.12 19:33:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.20 06:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.20 06:45:14 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.01.22 16:54:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\CAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P7QQOJ85.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\CAROLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P7QQOJ85.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.28 09:24:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.02 08:49:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.16 10:21:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 10:21:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.16 10:21:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 10:21:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 10:21:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 10:21:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BlazeServoTool] C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe (BlazeVideo Company)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carolin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Spotify] C:\Users\Carolin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carolin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D13B82DE-76E3-45D3-8408-5FFE8DFCA339}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8dc6ece3-f9f7-11de-9e3a-00245401f91c}\Shell - "" = AutoRun
O33 - MountPoints2\{8dc6ece3-f9f7-11de-9e3a-00245401f91c}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BA9065E-EC5D-4EB6-30F3-CEFFE5B5DAD4} - .NET Framework
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5334A97E-A2E0-DDEF-67C3-B42755CE2BD4} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6DC098B0-C80B-B6A3-1D96-3DF1A02A0550} - .NET Framework
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DD820667-E5E9-08CA-2789-0AE604FC4EAC} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E297D32B-CF3C-AEF0-C639-90442D10B93D} - Microsoft Windows Media Player
ActiveX: {E47A3043-D625-852F-948E-7E9C0F05C64B} - Internet Explorer
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk - C:\Programme\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: C:^Users^Carolin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.19 22:26:52 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Carolin\Desktop\OTL.exe
[2012.02.19 21:32:39 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{0FF7D023-A3AC-439E-BAC2-A92500017F81}
[2012.02.19 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{16FCA7FE-263B-410A-80D2-5E115AE070DA}
[2012.02.19 20:46:02 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{BA0E0D59-39B7-4B90-944E-67600CF7E154}
[2012.02.19 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{6CEB2712-B620-448D-9F04-638F4BC655BC}
[2012.02.19 18:11:03 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{27937CE3-404D-4378-9AB9-5A33CDADA8C9}
[2012.02.17 21:03:25 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Roaming\Opox
[2012.02.17 18:32:58 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{EAC32B19-A116-4E95-A10B-2D67AE432BB8}
[2012.02.17 18:32:32 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{EAF469C2-EF85-47B7-8D5B-E675598F0EED}
[2012.02.16 08:10:04 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{D9D50E0A-8166-49F9-8968-BEE3D2D1B10B}
[2012.02.16 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{0509F7A6-B3EF-4829-B5A0-64D90E0F37CF}
[2012.02.15 17:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{D2A8E4CB-17A2-4165-A6D7-1FA9F6BCF1FF}
[2012.02.15 17:40:51 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{5A327075-76CD-44DA-92AB-73907631A9B3}
[2012.02.14 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{B34BDA9F-59BC-42BF-A98B-690F60613BFC}
[2012.02.14 20:08:03 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{073FB8A4-ABFE-4A3B-BFA3-87433DAB8BB6}
[2012.02.13 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{1BC34F76-5098-450C-8F8F-BBCC469B4DB7}
[2012.02.13 19:24:27 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{32D73775-F034-44E4-85C3-259552FD343D}
[2012.02.12 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.12 13:37:28 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{D9642965-7E69-4874-80DC-481F712D6D2F}
[2012.02.12 13:37:14 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{2082D52C-2F7D-404E-B2FD-292CBF5D62DC}
[2012.02.11 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{97076599-12F2-44FE-8058-DD639AB0EE17}
[2012.02.11 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{0EA86CFD-1809-4CF0-8BD2-B561F4441241}
[2012.02.10 17:55:17 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{E26140CA-9D55-4DE3-A7C4-51921DCE96E7}
[2012.02.10 17:54:53 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{5E6BB7E0-94C9-40CB-8610-C42DEBC69855}
[2012.02.09 20:51:00 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{B75E88F1-32CC-4AF9-810C-9FC05F0DFD68}
[2012.02.09 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{4E4CA316-DC5A-4BD7-840D-2BD18B7F4805}
[2012.02.09 08:49:59 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{7FD8B4E1-C8E9-4D16-815F-E746EEEC9149}
[2012.02.09 08:49:31 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{CF3909B1-1986-4CBC-9915-80C7A46D6DBD}
[2012.02.08 17:16:58 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{55787047-BDEC-48F2-8F85-D6FE195DA93C}
[2012.02.08 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{AE796FFF-615C-4C83-8F79-FB3E35ECE130}
[2012.02.07 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{54A499B8-1E93-4C37-983A-8DF1FFA895CB}
[2012.02.07 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{1B178F8A-827B-4DDE-9E15-45D4D415661B}
[2012.02.07 08:29:49 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{67699AC6-B047-4E97-815B-33E856958D0F}
[2012.02.07 08:29:22 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{004E3FF6-047F-41B7-8750-07BB087B4101}
[2012.02.06 20:27:38 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{8B04A0BE-3F78-4D14-99F7-7B55AA7AE7EA}
[2012.02.06 20:27:13 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{99DCA60E-6E32-4460-B5DD-C5F3DD1FD235}
[2012.02.06 08:14:45 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{98DC66F4-C09B-41E2-83BD-133938462C92}
[2012.02.06 08:14:33 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{70B47EE1-9F94-47BD-A519-F5EF25A4CA7F}
[2012.02.05 14:03:10 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{CE23DD3E-6471-4EA0-853D-5297B1AA194B}
[2012.02.05 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{1D42B154-97D2-473D-98F8-171BA54579E3}
[2012.02.05 02:02:22 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{573580DB-6B45-4A68-9E60-3775F75377A1}
[2012.02.05 02:02:09 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{E7828F30-A781-4364-854F-F08C24EAF504}
[2012.02.04 11:14:14 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{F47201E9-613D-4F81-AE76-60FDB2D744D0}
[2012.02.04 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{7262FBED-5E44-4942-9736-9D9176867755}
[2012.02.03 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{D4E344A5-1D39-4C1F-8129-D6E7AC9504BB}
[2012.02.03 19:42:06 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{66E12D80-6C31-4FF7-90A8-62DF2CF33150}
[2012.02.03 07:14:36 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{1EDA0D6A-9AD2-4C66-A85B-658FE2644DE8}
[2012.02.03 07:14:13 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{981023E4-A10A-4FB0-85A3-5A366A2ABDEC}
[2012.02.02 16:24:41 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{313F52BD-3CB3-4A5B-BE67-9BA4168C33CB}
[2012.02.02 16:23:32 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{0336BE7A-D98A-4681-8A3A-22F80673DB87}
[2012.02.01 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{31425A15-F187-4AE9-904A-E49893B0DB22}
[2012.02.01 14:50:19 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{F6B05A73-A1B4-447F-9405-8BB4EF526D60}
[2012.01.31 21:00:23 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{3186F756-2759-4AC4-920C-EC3AFC39113F}
[2012.01.31 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{DC25C20C-43F3-45CD-B325-4E10279ED3E8}
[2012.01.30 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{F37F31C1-3083-47EF-B19B-22D1A3321E67}
[2012.01.30 23:28:42 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{EF7FB8A2-F07B-4D4E-B6F9-42811FF20DA0}
[2012.01.30 11:28:10 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{8C61A2E8-EC24-41BD-AD9B-5327005AB013}
[2012.01.30 11:27:57 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{A9E27A52-A6B7-468E-8C31-F6EFFD7643DA}
[2012.01.30 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{3CE915B3-B636-42B4-A490-9A38D496C3EA}
[2012.01.29 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{5ABFA102-AA4E-4D38-9F7F-376EADF0F9C0}
[2012.01.29 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{AE565173-1000-43F1-87E5-85089F36AD33}
[2012.01.29 03:22:41 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{74F7C3F2-6907-4808-82F9-97D5F586613F}
[2012.01.28 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Carolin\Desktop\von Cesar
[2012.01.28 15:22:29 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{54387841-FAB4-4CC9-A4D3-2A1E14EF9270}
[2012.01.27 17:04:25 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{DEC78819-7AD5-45D1-A7E9-85543C5562C1}
[2012.01.27 14:32:45 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{0E85E1AF-B7BB-478B-A6C4-B9286A75FE79}
[2012.01.26 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{DB6F3AF4-C22E-44CD-A6D8-A924614E1043}
[2012.01.26 15:31:49 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{9637D4F7-42AE-4B93-AE62-F08DA6310447}
[2012.01.26 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{88DDB8ED-D4EF-4057-817B-88F20C4BF973}
[2012.01.26 14:48:31 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{97BD4B80-DB37-44A5-BD75-ECA674B79DCB}
[2012.01.26 07:23:16 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{CE8FFAAE-DE76-4584-9BDC-4810B4F28EA6}
[2012.01.25 17:33:44 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{2A9B1819-6FA9-4150-BC48-40121F485E22}
[2012.01.25 09:05:24 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{28FE0D39-C45E-47EA-8C93-81D022C89163}
[2012.01.25 07:26:43 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{F416F57F-2606-42DE-83CE-B697E68C7A22}
[2012.01.24 16:00:34 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{8988537E-9F99-48FA-BC9A-776B1730FCE6}
[2012.01.24 16:00:21 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{79AFB38D-3581-4D9B-94B3-52C431C47E7A}
[2012.01.24 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{2F003D94-69DE-485F-9D38-F5CB3F0F683E}
[2012.01.23 14:27:02 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{38FD19D5-A6F2-42FF-B5A2-614C1A8379EE}
[2012.01.23 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{00F8A1F9-C83F-4EE0-AEA3-9E1BEF783181}
[2012.01.23 00:57:11 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{B6B38250-4BEB-48E7-84FC-5D861406917E}
[2012.01.22 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\DDMSettings
[2012.01.22 16:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.01.22 16:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.01.22 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\Carolin\AppData\Local\{E63F9A6F-0238-468A-9A5A-0E21EA91410E}
[3 C:\Users\Carolin\Documents\*.tmp files -> C:\Users\Carolin\Documents\*.tmp -> ]
[241 C:\Users\Carolin\Desktop\*.tmp files -> C:\Users\Carolin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.19 22:26:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Carolin\Desktop\OTL.exe
[2012.02.19 22:08:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.19 22:04:18 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-643013942-1651057703-991743164-1000UA.job
[2012.02.19 22:04:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-643013942-1651057703-991743164-1000Core.job
[2012.02.19 21:38:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.19 21:38:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.19 21:31:38 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.19 21:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.19 21:31:05 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.16 19:13:43 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.16 19:13:43 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.16 19:13:43 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.16 19:13:43 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.15 20:51:23 | 000,123,566 | ---- | M] () -- C:\Users\Carolin\Desktop\403196_3389965392566_1372549883_3258002_1238880331_n.jpg
[2012.02.15 20:06:50 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.14 22:18:37 | 002,217,382 | ---- | M] () -- C:\Users\Carolin\Desktop\Ganzseitiges Foto.pdf
[2012.02.14 22:16:58 | 001,373,235 | ---- | M] () -- C:\Users\Carolin\Desktop\CCF14022012_00004.jpg
[2012.02.14 22:15:54 | 001,336,659 | ---- | M] () -- C:\Users\Carolin\Desktop\CCF14022012_00003.jpg
[2012.02.14 22:07:22 | 001,399,379 | ---- | M] () -- C:\Users\Carolin\Desktop\CCF14022012_00002.jpg
[2012.02.14 22:06:14 | 001,030,823 | ---- | M] () -- C:\Users\Carolin\Desktop\CCF14022012_00001.jpg
[2012.02.14 22:04:32 | 001,122,468 | ---- | M] () -- C:\Users\Carolin\Desktop\CCF14022012_00000.jpg
[2012.02.13 21:51:56 | 000,139,343 | ---- | M] () -- C:\Users\Carolin\Desktop\studiengangb4755099-ec9a-4840-9bc5-2c524b17ef8c.pdf
[2012.02.12 19:33:12 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.10 18:31:20 | 000,050,258 | ---- | M] () -- C:\Users\Carolin\Desktop\379803_10150500278783103_612803102_10515689_750899062_n.jpg
[2012.02.08 21:19:26 | 000,055,054 | ---- | M] () -- C:\Users\Carolin\Desktop\tagesgeld-online_fag-informationen.pdf
[2012.02.08 21:19:22 | 000,035,984 | ---- | M] () -- C:\Users\Carolin\Desktop\bedingungen_fuer_das_elektronische_postfach.pdf
[2012.02.08 21:19:14 | 000,201,080 | ---- | M] () -- C:\Users\Carolin\Desktop\AGB.pdf
[2012.02.08 21:17:01 | 000,464,543 | ---- | M] () -- C:\Users\Carolin\Desktop\Angebotsunterlagen_08022012_2115.pdf
[2012.02.06 08:23:39 | 001,241,831 | ---- | M] () -- C:\Users\Carolin\Desktop\FB1_ab2011.pdf
[2012.02.06 08:23:33 | 001,031,875 | ---- | M] () -- C:\Users\Carolin\Desktop\FB5_ab2011.pdf
[2012.02.06 08:22:36 | 001,189,721 | ---- | M] () -- C:\Users\Carolin\Desktop\FB3_ab2011.pdf
[2012.02.06 08:21:58 | 000,988,231 | ---- | M] () -- C:\Users\Carolin\Desktop\Anl2_zu_FB1_ab2011.pdf
[2012.01.26 15:10:47 | 000,001,197 | ---- | M] () -- C:\Users\Carolin\Desktop\DVDVideoSoft Free Studio.lnk
[2012.01.26 15:10:46 | 000,001,186 | ---- | M] () -- C:\Users\Carolin\Desktop\Free Video Dub.lnk
[3 C:\Users\Carolin\Documents\*.tmp files -> C:\Users\Carolin\Documents\*.tmp -> ]
[241 C:\Users\Carolin\Desktop\*.tmp files -> C:\Users\Carolin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 20:51:17 | 000,123,566 | ---- | C] () -- C:\Users\Carolin\Desktop\403196_3389965392566_1372549883_3258002_1238880331_n.jpg
[2012.02.14 22:18:34 | 002,217,382 | ---- | C] () -- C:\Users\Carolin\Desktop\Ganzseitiges Foto.pdf
[2012.02.14 22:16:57 | 001,373,235 | ---- | C] () -- C:\Users\Carolin\Desktop\CCF14022012_00004.jpg
[2012.02.14 22:15:53 | 001,336,659 | ---- | C] () -- C:\Users\Carolin\Desktop\CCF14022012_00003.jpg
[2012.02.14 22:07:21 | 001,399,379 | ---- | C] () -- C:\Users\Carolin\Desktop\CCF14022012_00002.jpg
[2012.02.14 22:06:13 | 001,030,823 | ---- | C] () -- C:\Users\Carolin\Desktop\CCF14022012_00001.jpg
[2012.02.14 22:04:31 | 001,122,468 | ---- | C] () -- C:\Users\Carolin\Desktop\CCF14022012_00000.jpg
[2012.02.13 21:51:51 | 000,139,343 | ---- | C] () -- C:\Users\Carolin\Desktop\studiengangb4755099-ec9a-4840-9bc5-2c524b17ef8c.pdf
[2012.02.10 18:31:14 | 000,050,258 | ---- | C] () -- C:\Users\Carolin\Desktop\379803_10150500278783103_612803102_10515689_750899062_n.jpg
[2012.02.08 21:19:26 | 000,055,054 | ---- | C] () -- C:\Users\Carolin\Desktop\tagesgeld-online_fag-informationen.pdf
[2012.02.08 21:19:22 | 000,035,984 | ---- | C] () -- C:\Users\Carolin\Desktop\bedingungen_fuer_das_elektronische_postfach.pdf
[2012.02.08 21:19:14 | 000,201,080 | ---- | C] () -- C:\Users\Carolin\Desktop\AGB.pdf
[2012.02.08 21:16:54 | 000,464,543 | ---- | C] () -- C:\Users\Carolin\Desktop\Angebotsunterlagen_08022012_2115.pdf
[2012.02.06 08:23:39 | 001,241,831 | ---- | C] () -- C:\Users\Carolin\Desktop\FB1_ab2011.pdf
[2012.02.06 08:23:33 | 001,031,875 | ---- | C] () -- C:\Users\Carolin\Desktop\FB5_ab2011.pdf
[2012.02.06 08:22:36 | 001,189,721 | ---- | C] () -- C:\Users\Carolin\Desktop\FB3_ab2011.pdf
[2012.02.06 08:21:58 | 000,988,231 | ---- | C] () -- C:\Users\Carolin\Desktop\Anl2_zu_FB1_ab2011.pdf
[2012.01.26 15:10:47 | 000,001,197 | ---- | C] () -- C:\Users\Carolin\Desktop\DVDVideoSoft Free Studio.lnk
[2012.01.26 15:10:46 | 000,001,186 | ---- | C] () -- C:\Users\Carolin\Desktop\Free Video Dub.lnk
[2011.12.16 09:01:42 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.10.07 16:04:12 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.10.07 16:01:25 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2011.07.18 20:05:43 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011.07.05 21:36:24 | 000,000,205 | ---- | C] () -- C:\Users\Carolin\AppData\Roaming\psppirerc
[2011.06.23 11:58:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2010.12.13 19:37:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010.12.13 19:37:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010.12.13 19:37:33 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010.11.25 20:34:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.11.25 20:34:13 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.06.09 08:59:41 | 000,000,046 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2010.06.09 07:57:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.05.30 13:04:35 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.05.30 13:04:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.05.30 13:04:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.05.30 13:04:35 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.05.30 13:04:35 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.05.30 13:04:35 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.05.30 13:04:35 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.05.30 13:04:35 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.05.30 13:04:35 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.05.30 13:04:35 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.05.30 13:04:35 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.05.30 13:04:35 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.05.30 13:04:35 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.05.30 13:04:35 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.05.30 13:04:35 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.05.30 13:04:35 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.05.30 13:04:35 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.05.30 13:04:35 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.05.30 13:04:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.03.29 20:04:00 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.19 17:02:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.06.30 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Audacity
[2011.12.19 10:58:52 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Autodesk
[2011.11.18 11:05:53 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.19 21:32:00 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Dropbox
[2012.01.26 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\DVDVideoSoft
[2011.04.14 10:34:49 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.18 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\ESRI
[2011.01.10 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Foxit Software
[2011.05.26 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\FreeAudioPack
[2011.06.30 08:47:26 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\gtk-2.0
[2012.02.09 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\ICQ
[2010.01.22 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\IrfanView
[2010.05.14 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Lutum+Tappert
[2010.03.29 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\MAGIX
[2012.02.17 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Opox
[2010.05.30 13:09:37 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Panasonic
[2011.08.04 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\PC Suite
[2011.08.04 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Samsung
[2010.01.05 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Sony
[2010.01.05 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Sony Setup
[2012.02.19 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\Spotify
[2010.11.26 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\Carolin\AppData\Roaming\TeamViewer
[2012.02.19 22:04:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-643013942-1651057703-991743164-1000Core.job
[2012.02.19 22:04:18 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-643013942-1651057703-991743164-1000UA.job
[2011.12.20 14:02:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.05.16 16:11:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.24 22:56:11 | 000,000,000 | ---D | M] -- C:\9bc6862d5427e4b6c91ddb8b
[2011.08.07 17:13:28 | 000,000,000 | ---D | M] -- C:\arcgis
[2011.08.07 13:09:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.16 20:55:14 | 000,000,000 | R--D | M] -- C:\Documents
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.06 11:18:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.12.06 11:48:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.12 11:08:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.19 20:34:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.06 11:18:25 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.07 18:09:36 | 000,000,000 | ---D | M] -- C:\Python26
[2009.12.06 11:18:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.16 20:52:36 | 000,000,000 | ---D | M] -- C:\Software
[2012.02.19 22:33:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.07 16:08:50 | 000,000,000 | ---D | M] -- C:\Temp
[2010.05.16 16:11:02 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.19 20:38:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.26 06:52:24 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.05.26 06:52:24 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2011.07.05 21:36:24 | 000,004,875 | ---- | M] () -- C:\Users\Carolin\.recently-used.xbel
[2010.08.13 18:00:49 | 000,000,040 | ---- | M] () -- C:\Users\Carolin\AnteilKinder.pal
[2010.08.29 08:56:12 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben1.pal
[2010.08.29 09:05:58 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben2.pal
[2010.08.29 10:41:19 | 000,000,040 | ---- | M] () -- C:\Users\Carolin\Farben3.pal
[2010.08.29 11:08:56 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben4.pal
[2010.08.29 12:24:45 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben5.pal
[2010.08.29 18:58:47 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben6.pal
[2010.08.30 22:38:28 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Farben7.pal
[2010.08.31 08:20:05 | 000,000,032 | ---- | M] () -- C:\Users\Carolin\Farben8.pal
[2012.02.19 22:40:55 | 003,932,160 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat
[2012.02.19 22:40:55 | 000,262,144 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat.LOG1
[2009.12.06 11:18:33 | 000,000,000 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat.LOG2
[2011.11.28 00:05:53 | 000,065,536 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat{06dc62df-18d6-11e1-97d9-00245401f91c}.TM.blf
[2011.11.28 00:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat{06dc62df-18d6-11e1-97d9-00245401f91c}.TMContainer00000000000000000001.regtrans-ms
[2011.11.28 00:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\Carolin\ntuser.dat{06dc62df-18d6-11e1-97d9-00245401f91c}.TMContainer00000000000000000002.regtrans-ms
[2009.12.06 11:25:37 | 000,065,536 | -HS- | M] () -- C:\Users\Carolin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.06 11:25:37 | 000,524,288 | -HS- | M] () -- C:\Users\Carolin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.06 11:25:37 | 000,524,288 | -HS- | M] () -- C:\Users\Carolin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.06 11:18:33 | 000,000,020 | -HS- | M] () -- C:\Users\Carolin\ntuser.ini
[2011.07.05 21:36:24 | 000,004,637 | ---- | M] () -- C:\Users\Carolin\pspp.jnl
[2010.08.13 19:53:28 | 000,000,048 | ---- | M] () -- C:\Users\Carolin\Veränderung03-08.pal
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         

--- --- ---

Und Extras.Txt:OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 19.02.2012 22:29:19 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Users\Carolin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,77% Memory free
5,93 Gb Paging File | 4,79 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 56,81 Gb Free Space | 39,98% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 22,08 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
 
Computer Name: CAROLIN-PC | User Name: Carolin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41B76534-B3C2-4FCF-B171-5291A3561051}" = ArcGIS Desktop 10 Tutorial Data
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{843C64D7-117C-4A97-8E21-FD393A427249}" = ArcGIS Desktop 10 German Supplement
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985E2A21-4EFF-4F22-9E1E-B7CECB7B785D}" = INKAR 2007
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C0FCA07F-AC31-4261-AFFD-A746F737ECD1}" = L+T EasyMap 9.3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Desktop 10 German Supplement" = ArcGIS Desktop 10 German Supplement
"ArcGIS Desktop 10 Tutorial Data" = ArcGIS Desktop 10 Tutorial Data
"AskTBar Uninstall" = Ask Toolbar
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"B426B849-6071-5684-6429-7BE6B77DAB5B" = PSPP
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f4" = f4 3.1.0
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VideoPad" = VideoPad Video Editor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Audiobearbeitungs-Software
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2011 05:45:04 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.05.2011 04:32:45 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.05.2011 05:43:47 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.05.2011 04:56:51 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2011 08:01:38 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.05.2011 10:12:46 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.05.2011 07:24:03 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.05.2011 05:26:34 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.05.2011 23:17:02 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.05.2011 05:02:54 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 09.01.2012 04:48:51 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:48:51 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 09.01.2012 04:49:55 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:49:34 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 09.01.2012 04:50:37 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:50:16 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 09.01.2012 04:51:19 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:50:58 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 09.01.2012 04:51:57 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:51:40 - EpgListings konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.01.2012 05:27:38 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 10:27:34 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 12.01.2012 04:58:51 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:58:43 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 12.01.2012 05:00:06 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 09:59:44 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 19.02.2012 15:27:59 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 20:27:59 - Fehler beim Herstellen der Internetverbindung.  20:27:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.02.2012 15:28:20 | Computer Name = Carolin-PC | Source = MCUpdate | ID = 0
Description = 20:28:05 - Fehler beim Herstellen der Internetverbindung.  20:28:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 08.11.2010 10:18:07 | Computer Name = Carolin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2011 15:41:23 | Computer Name = Carolin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2011 15:43:19 | Computer Name = Carolin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2011 15:44:16 | Computer Name = Carolin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.02.2012 15:44:25 | Computer Name = Carolin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 19.02.2012 15:44:36 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 19.02.2012 15:44:37 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr
 
Error - 19.02.2012 15:46:45 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet:
   %%1747
 
Error - 19.02.2012 15:46:48 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 19.02.2012 16:31:09 | Computer Name = Carolin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 19.02.2012 16:31:09 | Computer Name = Carolin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 19.02.2012 16:31:20 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 19.02.2012 16:31:20 | Computer Name = Carolin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr
 
Error - 19.02.2012 16:32:57 | Computer Name = Carolin-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

--- --- ---

malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hier das Ergebniss:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.20.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Carolin :: CAROLIN-PC [Administrator]

Schutz: Aktiviert

20.02.2012 23:05:44
mbam-log-2012-02-20 (23-05-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476332
Laufzeit: 2 Stunde(n), 21 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\AutoCAD - installering\Crack\keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\_SETUP\SoftonicDownloader_fuer_super.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Carolin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T039WKNL\Testbundle23w_1254[1].exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

C:\Program Files\AutoCAD - installering\Crack\keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
bei keygens kann ich dir leider nicht mehr weiterhelfen, da illegal und die forenregeln hier klar sind.

Ok, versteht sich von selbst. Vielen Dank bis hier hin!