Trojaner-Board - AKM Virus entfernen - Zahlung von 100,00 Euro zum entsperren

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - AKM Virus entfernen - Zahlung von 100,00 Euro zum entsperren (https://www.trojaner-board.de/147693-akm-virus-entfernen-zahlung-100-00-euro-entsperren.html)

AKM Virus entfernen - Zahlung von 100,00 Euro zum entsperren

Hallo zusammen,

leider habe ich auf meinem Hauptrechner seit heute den AKM Virus mit bekannter Ausforderung 100,00 € zu zahlen.

Mit der OTLpe habe bereits gebootet. Das Ergebnis der beiden Dateien angefügt.

Würde mich sehr über Hilfe freuen, da ich sonst einen Tag Urlaub einlegen kann :-(

Lieben Dank

Nadine

OTL.exe

Code:

OTL logfile created on: 1/10/2014 11:21:33 AM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = K: | %SystemRoot% = K:\Windows | %ProgramFiles% = K:\Program Files (x86)

Drive C: | 229.27 Gb Total Space | 48.09 Gb Free Space | 20.97% Space Free | Partition Type: NTFS

Drive D: | 931.28 Gb Total Space | 774.30 Gb Free Space | 83.14% Space Free | Partition Type: FAT32

Drive E: | 931.51 Gb Total Space | 211.76 Gb Free Space | 22.73% Space Free | Partition Type: NTFS

Drive F: | 229.14 Gb Total Space | 216.75 Gb Free Space | 94.59% Space Free | Partition Type: NTFS

Drive K: | 458.46 Gb Total Space | 177.07 Gb Free Space | 38.62% Space Free | Partition Type: NTFS

Drive L: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.45% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2013/12/09 21:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto] -- K:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2013/10/16 08:08:06 | 000,186,056 | ---- | M] (Sandboxie Holdings, LLC) [Auto] -- K:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2012/11/29 09:34:34 | 000,032,448 | ---- | M] () [Auto] -- K:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe -- (HDRExpress2Service)

SRV:64bit: - [2012/07/26 13:26:40 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto] -- K:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)

SRV:64bit: - [2010/11/30 07:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto] -- K:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- K:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- K:\Windows\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013/12/26 14:12:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- K:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/09 21:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto] -- K:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/09/11 18:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto] -- K:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/09/05 03:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto] -- K:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/02 09:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto] -- K:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/07/25 13:27:18 | 000,042,064 | ---- | M] (iannet) [Auto] -- K:\Program Files (x86)\iannet\SiteMonitorEnterprise\SiteMonitorEnterprise.exe -- (SiteMonitorEnterprise)

SRV - [2013/06/23 04:19:46 | 012,867,584 | ---- | M] () [On_Demand] -- K:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe -- (wampmysqld)

SRV - [2013/06/23 04:09:48 | 000,024,576 | ---- | M] (Apache Software Foundation) [On_Demand] -- K:\wamp\bin\apache\apache2.4.4\bin\httpd.exe -- (wampapache)

SRV - [2013/04/04 07:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- K:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 07:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- K:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/08 18:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- K:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/06/08 02:33:24 | 003,246,040 | ---- | M] (Acronis) [Auto] -- K:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2012/06/04 05:05:54 | 002,871,024 | ---- | M] (Arclab Software GbR) [Auto] -- K:\Program Files (x86)\Arclab\MailList Controller\amlcSVC.exe -- (MailList Controller)

SRV - [2012/03/28 15:42:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- K:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2012/03/27 03:11:08 | 004,125,864 | ---- | M] (deltra Business Software GmbH & Co. KG) [Auto] -- K:\orgaMAX\orgamaxmobil_service.exe -- (orgaMAXMobileService)

SRV - [2012/01/18 09:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto] -- K:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012/01/18 09:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto] -- K:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012/01/18 09:04:52 | 011,839,488 | ---- | M] () [On_Demand] -- K:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)

SRV - [2012/01/18 07:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto] -- K:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2011/09/22 15:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto] -- K:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2011/08/29 16:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto] -- K:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2010/10/21 19:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto] -- K:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- K:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- K:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/30 05:23:26 | 000,090,112 | ---- | M] () [Auto] -- K:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/12/05 03:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) NVIDIA Virtual Audio Device (Wave Extensible) (WDM)

DRV:64bit: - [2013/10/16 08:08:04 | 000,200,552 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand] -- K:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2013/04/04 07:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- K:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/04/04 04:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\ymidusbx64.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)

DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)

DRV:64bit: - [2012/09/21 14:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012/08/29 05:50:38 | 000,057,408 | ---- | M] (MusicLab, Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\mlkumidi.sys -- (mlkumidi)

DRV:64bit: - [2012/08/03 17:21:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- K:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/06/08 02:33:25 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand] -- K:\Windows\System32\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2012/06/08 02:33:23 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)

DRV:64bit: - [2012/06/08 02:33:21 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2012/06/08 02:33:15 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2012/06/08 00:43:09 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)

DRV:64bit: - [2012/06/08 00:43:06 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)

DRV:64bit: - [2012/01/18 09:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- K:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012/01/18 09:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- K:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012/01/18 07:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- K:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012/01/18 07:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2011/11/02 20:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot] -- K:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011/08/29 16:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- K:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2011/08/29 16:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2011/08/10 09:40:58 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/08/08 08:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot] -- K:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2011/07/07 23:43:55 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- K:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

DRV:64bit: - [2011/07/07 23:43:53 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- K:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV:64bit: - [2011/02/16 19:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- K:\Windows\System32\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2011/01/30 11:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\system32\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/21 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- K:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)

DRV:64bit: - [2010/10/21 19:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- K:\Windows\System32\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2010/03/01 10:15:50 | 000,287,240 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\MAudioProFire.sys -- (MAFWPROFIRE)

DRV:64bit: - [2010/02/22 03:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand] -- K:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- K:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\system32\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2008/04/10 03:20:00 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\gwfilt64.sys -- (gwfilt64)

DRV:64bit: - [2005/09/23 16:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- K:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2010/01/29 05:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- K:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

 

 
 ========== Standard Registry (All) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\LocalService_ON_K\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - K:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

IE - HKU\NetworkService_ON_K\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - K:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

 

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 8B 1C 4B B5 71 CD 01  [binary data]

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com

IE - HKU\vimotrade_ON_K\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

IE - HKU\vimotrade_ON_K\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - K:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\vimotrade_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\vimotrade_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: K:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: K:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: K:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: K:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: K:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: K:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: K:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: K:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: K:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: K:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: K:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: K:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: K:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: K:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: K:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/26 14:12:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013/12/26 14:12:38 | 000,000,000 | ---D | M] (No name found) -- K:\Program Files (x86)\Mozilla Firefox\extensions

[2013/12/26 14:12:38 | 000,000,000 | ---D | M] (Default) -- K:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/12/26 14:12:38 | 000,000,000 | ---D | M] (A1 Servicecenter) -- K:\Program Files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}

[2013/12/26 14:12:38 | 000,000,000 | ---D | M] (Java Console) -- K:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013/12/26 14:12:38 | 000,000,000 | ---D | M] (No name found) -- K:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/12/26 14:12:41 | 000,000,000 | ---D | M] (Default) -- K:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2013/11/28 08:24:41 | 000,005,910 | ---- | M]) - K:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 92.241.168.10 sendblaster.com

O1 - Hosts: 92.241.168.10 www.sendblaster.com

O1 - Hosts: 127.0.0.1        traffictravis.com

O1 - Hosts: 127.0.0.1        www.traffictravis.com

O1 - Hosts: 127.0.0.1       link-assistant.com

O1 - Hosts: 127.0.0.1       www.link-assistant.com

O1 - Hosts: 216.172.180.18 www.pinranker.com

O1 - Hosts: 216.172.180.18 pinranker.com

O1 - Hosts: 174.120.130.173 proxy.jrimsoftware.com

O1 - Hosts: 127.0.0.1 axandra.com

O1 - Hosts: 127.0.0.1 www.axandra.com

O1 - Hosts: 127.0.0.1 keywordindex.com

O1 - Hosts: 127.0.0.1 www.keywordindex.com

O1 - Hosts: 127.0.0.1 updates.senuke.com

O1 - Hosts: 127.0.0.1 activate.adobe.com                                       

O1 - Hosts: 127.0.0.1 192.150.14.69                                            

O1 - Hosts: 127.0.0.1 192.150.18.101                                           

O1 - Hosts: 127.0.0.1 192.150.18.108                                           

O1 - Hosts: 127.0.0.1 192.150.22.40                                            

O1 - Hosts: 127.0.0.1 192.150.8.100                                            

O1 - Hosts: 127.0.0.1 192.150.8.118                                            

O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net                            

O1 - Hosts: 127.0.0.1 3dns-1.adobe.com                                         

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com                                         

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 62 more lines...

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - K:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - K:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKU\vimotrade_ON_K\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] K:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] K:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [itype] K:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] K:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] K:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] K:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [ShadowPlay] K:\Windows\System32\nvspcap64.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Skytel]  File not found

O4 - HKLM..\Run: [A1Diagnose] K:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] K:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] K:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVMWlanClient] K:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [BCSSync] K:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [LiveZilla] K:\Program Files (x86)\LiveZilla\LiveZilla.exe (LiveZilla GmbH)

O4 - HKLM..\Run: [LWS] K:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [MailListController] K:\Program Files (x86)\Arclab\MailList Controller\amlcSCT.exe (Arclab Software GbR)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] K:\Windows\SysWOW64\MAFWDITray.exe (Avid Technology, Inc.)

O4 - HKLM..\Run: [PowerSEORanker] K:\Program Files (x86)\Power SEO Ranker\PowerSEORanker.exe (Evergreen Internet Marketers)

O4 - HKLM..\Run: [QuickTime Task] K:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [SAOB Monitor] K:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [SunJavaUpdateSched] K:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKLM..\Run: [SwitchBoard] K:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TrueImageMonitor.exe] K:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [vmware-tray] K:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKU\LocalService_ON_K..\Run: [Sidebar] K:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_K..\Run: [Sidebar] K:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\vimotrade_ON_K..\Run: [DAEMON Tools Lite] K:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\vimotrade_ON_K..\Run: [Google Update] K:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\vimotrade_ON_K..\Run: [SandboxieControl] K:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)

O4 - HKU\vimotrade_ON_K..\Run: [Skype] K:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\LocalService_ON_K..\RunOnce: [mctadmin]  File not found

O4 - HKU\NetworkService_ON_K..\RunOnce: [mctadmin]  File not found

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\vimotrade_ON_K\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - K:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - K:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - K:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - K:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - K:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - K:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - K:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - K:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - K:\Windows\System32\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - K:\Windows\System32\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - K:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - K:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - K:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - K:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - K:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - K:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - K:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - K:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - vimotrade_ON_K\..Trusted Domains: blank ([]about in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.45.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - K:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - K:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - K:\Windows\System32\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - K:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - K:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - K:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - K:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - K:\Windows\System32\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - K:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - K:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - K:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - K:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - K:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - K:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - K:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - K:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - K:\Windows\System32\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - K:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - K:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - K:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - K:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\vimotrade_ON_K Winlogon: Shell - (C:\Users\vimotrade\AppData\Roaming\loadit.exe) - K:\Users\vimotrade\AppData\Roaming\loadit.exe ()

O20 - HKU\vimotrade_ON_K Winlogon: UserInit - (C:\Users\vimotrade\AppData\Roaming\loadit.exe) - K:\Users\vimotrade\AppData\Roaming\loadit.exe ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - K:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - K:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - K:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - K:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - K:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - K:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - K:\Windows\System32\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - K:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - K:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - K:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - K:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - K:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - K:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - K:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - K:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - K:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/01 11:17:03 | 000,000,000 | ---D | M] - F:\Autoblogger -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/09 13:28:41 | 000,000,000 | ---D | C] -- K:\HP MyLensi ++++++++++++++++++

[2014/01/09 13:03:04 | 000,000,000 | ---D | C] -- K:\HP linsen4you.eu - Gaschler +++++++++++++

[2014/01/08 16:24:42 | 000,000,000 | ---D | C] -- K:\HP Hüttenwoche

[2014/01/08 11:59:18 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Local\NVIDIA Corporation

[2014/01/08 11:58:23 | 001,100,248 | ---- | C] (NVIDIA Corporation) -- K:\Windows\System32\nvspcap64.dll

[2014/01/08 11:58:23 | 000,982,232 | ---- | C] (NVIDIA Corporation) -- K:\Windows\SysWow64\nvspcap.dll

[2014/01/08 11:57:10 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- K:\Windows\System32\drivers\nvvad64v.sys

[2014/01/08 11:57:10 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- K:\Windows\SysWow64\nvaudcap32v.dll

[2014/01/07 10:52:00 | 000,000,000 | ---D | C] -- K:\PSS Schorr

[2014/01/07 06:41:15 | 000,000,000 | ---D | C] -- K:\Starlight

[2014/01/02 03:30:35 | 000,000,000 | ---D | C] -- K:\Liefer

[2013/12/31 08:09:03 | 000,000,000 | ---D | C] -- K:\Guten Rutsch

[2013/12/31 07:25:12 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Local\JTL-Software-GmbH

[2013/12/31 07:22:37 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005

[2013/12/31 07:20:22 | 000,000,000 | ---D | C] -- K:\Program Files\Microsoft SQL Server

[2013/12/31 07:20:19 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\Microsoft SQL Server

[2013/12/31 06:17:56 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Roaming\jtl-software

[2013/12/31 06:17:46 | 000,000,000 | ---D | C] -- K:\ProgramData\JTL-Software

[2013/12/30 09:38:24 | 000,000,000 | ---D | C] -- K:\HP Kontaktlinsenhit WAWI Connector

[2013/12/30 03:30:43 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Roaming\Stepok Softwares

[2013/12/30 03:30:43 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Roaming\Light Developer

[2013/12/30 03:29:53 | 000,000,000 | ---D | C] -- K:\Program Files\Recomposit pro

[2013/12/26 14:12:38 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\Mozilla Firefox

[2013/12/26 04:31:45 | 000,000,000 | ---D | C] -- K:\ProgramData\Oracle

[2013/12/26 04:31:42 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\Common Files\Java

[2013/12/26 04:31:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- K:\Windows\SysWow64\javaws.exe

[2013/12/26 04:31:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- K:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/12/26 04:31:25 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2013/12/23 02:58:16 | 000,000,000 | -HSD | C] -- K:\$RECYCLE.BIN

[2013/12/20 10:10:37 | 000,000,000 | ---D | C] -- K:\HP MyLensi

[2013/12/19 03:42:28 | 000,000,000 | ---D | C] -- K:\Projekt SParpreis Verkauf

[2013/12/18 15:33:48 | 000,000,000 | ---D | C] -- K:\Künstler

[2013/12/17 05:51:19 | 000,000,000 | ---D | C] -- K:\Krausse Artikel Export

[2013/12/17 05:18:50 | 000,000,000 | ---D | C] -- K:\Data

[2013/12/17 05:13:47 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\WebExtractor

[2013/12/17 05:13:47 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Data Extractor

[2013/12/16 05:12:09 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\Documents\Downloads

[2013/12/14 07:05:20 | 000,000,000 | ---D | C] -- K:\Users\vimotrade\AppData\Roaming\seolize

[2013/12/13 07:36:23 | 000,000,000 | ---D | C] -- K:\MediaWebline

[2013/12/12 01:17:11 | 000,000,000 | ---D | C] -- K:\HP Kontaktlinsen Point +++++++++++++++

[2013/10/29 01:42:10 | 000,148,736 | ---- | C] (Avanquest Software) -- K:\ProgramData\hpe37E3.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/01/10 04:50:17 | 000,067,584 | --S- | M] () -- K:\Windows\bootstat.dat

[2014/01/10 04:49:48 | 000,001,112 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/10 04:49:14 | 1066,799,102 | -HS- | M] () -- K:\hiberfil.sys

[2014/01/10 04:04:00 | 000,001,116 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/10 03:52:06 | 000,021,072 | -H-- | M] () -- K:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/10 03:52:06 | 000,021,072 | -H-- | M] () -- K:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/10 03:23:24 | 000,000,726 | ---- | M] () -- K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk

[2014/01/10 03:23:23 | 000,595,974 | ---- | M] () -- K:\Users\vimotrade\AppData\Roaming\loadit.exe

[2014/01/10 03:18:00 | 000,001,136 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA.job

[2014/01/09 13:40:54 | 000,001,456 | ---- | M] () -- K:\Users\vimotrade\AppData\Local\Adobe Für Web speichern 13.0 Prefs

[2014/01/09 04:53:50 | 000,000,903 | ---- | M] () -- K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

[2014/01/08 21:18:00 | 000,001,084 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core.job

[2014/01/07 20:43:38 | 000,002,384 | ---- | M] () -- K:\Users\vimotrade\Desktop\Google Chrome.lnk

[2014/01/07 15:47:02 | 000,760,296 | ---- | M] () -- K:\Windows\System32\perfh007.dat

[2014/01/07 15:47:02 | 000,705,112 | ---- | M] () -- K:\Windows\System32\perfh009.dat

[2014/01/07 15:47:02 | 000,174,768 | ---- | M] () -- K:\Windows\System32\perfc007.dat

[2014/01/07 15:47:02 | 000,141,548 | ---- | M] () -- K:\Windows\System32\perfc009.dat

[2014/01/06 11:38:37 | 000,001,754 | ---- | M] () -- K:\Windows\Sandboxie.ini

[2013/12/31 07:22:37 | 001,658,746 | ---- | M] () -- K:\Windows\SysWow64\PerfStringBackup.INI

[2013/12/31 07:22:37 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005

[2013/12/30 12:28:12 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU

[2013/12/30 12:27:49 | 000,001,241 | ---- | M] () -- K:\Users\vimotrade\Desktop\AVS Video Converter.lnk

[2013/12/26 04:31:25 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2013/12/26 04:31:19 | 000,096,168 | ---- | M] (Oracle Corporation) -- K:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/12/26 04:31:18 | 000,264,616 | ---- | M] (Oracle Corporation) -- K:\Windows\SysWow64\javaws.exe

[2013/12/26 04:31:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- K:\Windows\SysWow64\javaw.exe

[2013/12/26 04:31:18 | 000,174,504 | ---- | M] (Oracle Corporation) -- K:\Windows\SysWow64\java.exe

[2013/12/23 03:07:23 | 000,000,220 | ---- | M] () -- K:\Users\vimotrade\Desktop\U1Tirol64.wax

[2013/12/22 13:13:20 | 000,001,053 | ---- | M] () -- K:\Users\vimotrade\Desktop\Rapid SEO Tool.lnk

[2013/12/22 13:13:20 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid SEO Tool

[2013/12/17 05:13:47 | 000,001,059 | ---- | M] () -- K:\Users\vimotrade\Desktop\Web Data Extractor.lnk

[2013/12/17 05:13:47 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Data Extractor

[2013/12/17 04:55:03 | 000,225,908 | -H-- | M] () -- K:\Windows\SysWow64\mlfcache.dat

[2013/12/17 04:54:58 | 000,000,828 | ---- | M] () -- K:\Users\vimotrade\Desktop\LongTailPro.lnk

[2013/12/16 21:07:04 | 000,002,042 | ---- | M] () -- K:\Users\Public\Desktop\Google Slides.lnk

[2013/12/16 21:07:04 | 000,002,040 | ---- | M] () -- K:\Users\Public\Desktop\Google Sheets.lnk

[2013/12/16 21:07:04 | 000,002,030 | ---- | M] () -- K:\Users\Public\Desktop\Google Docs.lnk

[2013/12/16 21:07:04 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2013/12/16 13:00:18 | 000,000,600 | ---- | M] () -- K:\Users\vimotrade\AppData\Local\PUTTY.RND

[2013/12/14 07:05:07 | 000,002,659 | ---- | M] () -- K:\Users\Public\Desktop\Seolize.lnk

 
 ========== Files Created - No Company Name ==========

 

[2014/01/10 03:23:24 | 000,000,726 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk

[2014/01/10 03:23:23 | 000,595,974 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\loadit.exe

[2014/01/09 04:53:50 | 000,000,903 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

[2013/12/30 12:27:49 | 000,001,241 | ---- | C] () -- K:\Users\vimotrade\Desktop\AVS Video Converter.lnk

[2013/12/23 03:07:23 | 000,000,220 | ---- | C] () -- K:\Users\vimotrade\Desktop\U1Tirol64.wax

[2013/12/17 05:13:47 | 000,001,059 | ---- | C] () -- K:\Users\vimotrade\Desktop\Web Data Extractor.lnk

[2013/12/17 04:55:03 | 000,225,908 | -H-- | C] () -- K:\Windows\SysWow64\mlfcache.dat

[2013/12/14 07:05:07 | 000,002,659 | ---- | C] () -- K:\Users\Public\Desktop\Seolize.lnk

[2013/11/20 13:24:44 | 000,001,754 | ---- | C] () -- K:\Windows\Sandboxie.ini

[2013/10/16 09:28:11 | 000,000,132 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen

[2013/06/20 06:24:09 | 000,000,132 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen

[2013/06/12 05:56:36 | 000,511,488 | ---- | C] () -- K:\Windows\SysWow64\lame_enc.dll

[2013/06/12 05:56:36 | 000,110,080 | ---- | C] () -- K:\Windows\SysWow64\advd.dll

[2013/06/12 05:56:36 | 000,023,040 | ---- | C] () -- K:\Windows\SysWow64\auth.dll

[2013/05/11 12:36:45 | 000,993,792 | ---- | C] () -- K:\ProgramData\MSRecovery.exe

[2013/05/11 12:36:45 | 000,000,691 | ---- | C] () -- K:\ProgramData\settings.ini

[2013/05/04 11:35:53 | 000,000,105 | ---- | C] () -- K:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2013/04/19 00:16:05 | 000,002,892 | ---- | C] () -- K:\Windows\SysWow64\audcon.sys

[2013/04/19 00:15:22 | 000,086,016 | ---- | C] () -- K:\Windows\SysWow64\SYNSOPOS.exe

[2013/04/19 00:15:22 | 000,000,051 | ---- | C] () -- K:\Windows\SysWow64\SYNSOPOS.exe.cfg

[2013/03/23 06:38:06 | 000,000,998 | ---- | C] () -- K:\Program Files (x86)\Backlink Skyrocket.lnk

[2013/03/23 06:38:06 | 000,000,953 | ---- | C] () -- K:\Program Files (x86)\Update Skyrocket.lnk

[2013/03/19 16:11:44 | 000,000,176 | ---- | C] () -- K:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2013/03/01 14:40:58 | 000,058,880 | ---- | C] () -- K:\Windows\SysWow64\dbrename7.exe

[2013/02/28 03:47:16 | 000,000,173 | ---- | C] () -- K:\Windows\ODBC.INI

[2013/02/28 03:44:32 | 000,000,263 | ---- | C] () -- K:\Windows\ODBCINST.INI

[2013/02/19 12:28:28 | 000,870,685 | ---- | C] () -- K:\Windows\PlagiarismFinder 2.0 Uninstaller.exe

[2013/01/16 02:02:20 | 000,000,600 | ---- | C] () -- K:\Users\vimotrade\AppData\Local\PUTTY.RND

[2012/12/06 16:13:39 | 000,000,341 | ---- | C] () -- K:\Windows\SysWow64\pmk4c4h.dll

[2012/11/28 14:15:17 | 000,195,764 | ---- | C] () -- K:\Windows\Submitter Uninstaller.exe

[2012/11/28 13:00:26 | 000,000,000 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Sick Marketingdirectory_pmutrial.pmu

[2012/11/25 13:47:18 | 000,000,132 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen

[2012/11/15 15:32:24 | 000,004,608 | ---- | C] () -- K:\Users\vimotrade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/13 06:44:01 | 000,005,078 | ---- | C] () -- K:\ProgramData\zjyopzph.wxh

[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- K:\Windows\SysWow64\LogiDPP.dll

[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- K:\Windows\SysWow64\DevManagerCore.dll

[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- K:\Windows\SysWow64\LogiDPPApp.exe

[2012/08/06 16:04:31 | 000,073,728 | ---- | C] () -- K:\Windows\SysWow64\GkSui18.EXE

[2012/08/06 15:47:40 | 001,658,746 | ---- | C] () -- K:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/05 07:53:29 | 000,001,394 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\SAS7_000.DAT

[2012/08/05 05:04:57 | 000,001,456 | ---- | C] () -- K:\Users\vimotrade\AppData\Local\Adobe Für Web speichern 13.0 Prefs

[2012/08/05 02:12:50 | 000,010,921 | ---- | C] () -- K:\Users\vimotrade\AppData\Roaming\SmarThruOptions.xml

[2012/08/05 02:12:40 | 000,036,864 | ---- | C] () -- K:\Windows\SysWow64\SvcMan.exe

[2012/08/05 02:12:34 | 000,172,032 | ---- | C] () -- K:\Windows\SysWow64\SecSNMP.dll

[2012/08/05 02:11:21 | 000,113,768 | ---- | C] () -- K:\Windows\Wiainst.exe

[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- K:\Windows\SysWow64\DShowRdpFilter.dll

[2010/11/20 22:24:15 | 000,001,024 | ---- | C] () -- K:\Windows\SysWow64\j77twfo.dll

[2010/11/20 22:24:15 | 000,001,024 | ---- | C] () -- K:\Windows\SysWow64\grcauth2.dll

[2010/11/20 22:24:15 | 000,001,024 | ---- | C] () -- K:\Windows\SysWow64\grcauth1.dll

[2010/11/20 22:24:15 | 000,001,024 | ---- | C] () -- K:\Windows\SysWow64\clauth2.dll

[2010/11/20 22:24:15 | 000,001,024 | ---- | C] () -- K:\Windows\SysWow64\clauth1.dll

[2010/11/20 22:24:15 | 000,000,100 | ---- | C] () -- K:\Windows\SysWow64\prsgrc.dll

[2010/11/20 22:24:15 | 000,000,072 | ---- | C] () -- K:\Windows\SysWow64\ssprs.dll

[2010/11/20 22:24:15 | 000,000,016 | -H-- | C] () -- K:\Windows\SysWow64\v16qi5y.dll

[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- K:\Windows\SysWow64\pthreadVC.dll

[2010/06/08 08:19:24 | 000,692,224 | ---- | C] () -- K:\Windows\SysWow64\libeay32.dll

[2010/06/08 08:19:24 | 000,151,552 | ---- | C] () -- K:\Windows\SysWow64\ssleay32.dll

[2010/03/01 10:16:00 | 001,305,608 | ---- | C] () -- K:\Windows\SysWow64\M-AudioProFireControlPanel.exe

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- K:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- K:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- K:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- K:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- K:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- K:\Windows\SysWow64\ir32_32.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- K:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- K:\Windows\SysWow64\mlang.dat

[2004/11/18 04:16:42 | 000,069,632 | ---- | C] () -- K:\Windows\SysWow64\nktwab.dll

[1996/08/21 20:07:02 | 000,000,320 | ---- | C] () -- K:\Windows\TBINSDT.DAT

 
 ========== LOP Check ==========

 

[2013/05/15 07:12:10 | 000,000,000 | ---D | M] -- K:\ProgramData\A-PDF

[2012/08/06 03:32:16 | 000,000,000 | ---D | M] -- K:\ProgramData\Acronis

[2012/08/03 14:56:18 | 000,000,000 | -HSD | M] -- K:\ProgramData\Anwendungsdaten

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Application Data

[2013/07/02 09:12:11 | 000,000,000 | ---D | M] -- K:\ProgramData\AutoHideIP

[2013/04/02 02:40:35 | 000,000,000 | ---D | M] -- K:\ProgramData\Automatebook

[2012/11/15 14:56:20 | 000,000,000 | ---D | M] -- K:\ProgramData\Avid

[2012/11/07 13:57:55 | 000,000,000 | ---D | M] -- K:\ProgramData\Azureus

[2013/11/11 03:10:39 | 000,000,000 | ---D | M] -- K:\ProgramData\BetterSoft

[2013/02/28 13:22:32 | 000,000,000 | ---D | M] -- K:\ProgramData\BewerbungsMaster

[2013/03/27 14:01:43 | 000,000,000 | ---D | M] -- K:\ProgramData\Blumentals

[2013/11/01 07:34:38 | 000,000,000 | ---D | M] -- K:\ProgramData\boost_interprocess

[2013/10/29 01:49:15 | 000,000,000 | ---D | M] -- K:\ProgramData\BVRP Software

[2013/09/03 13:27:57 | 000,000,000 | -H-D | M] -- K:\ProgramData\CanonBJ

[2013/12/09 15:50:46 | 000,000,000 | ---D | M] -- K:\ProgramData\Conduit

[2013/02/15 08:05:52 | 000,000,000 | ---D | M] -- K:\ProgramData\DAEMON Tools Lite

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Desktop

[2012/08/06 15:33:12 | 000,000,000 | ---D | M] -- K:\ProgramData\DLA

[2012/08/06 04:02:49 | 000,000,000 | ---D | M] -- K:\ProgramData\DLA Storage

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Documents

[2012/08/03 14:56:18 | 000,000,000 | -HSD | M] -- K:\ProgramData\Dokumente

[2013/05/09 08:24:38 | 000,000,000 | ---D | M] -- K:\ProgramData\eLicenser

[2012/08/03 14:56:18 | 000,000,000 | -HSD | M] -- K:\ProgramData\Favoriten

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Favorites

[2013/06/26 16:17:20 | 000,000,000 | ---D | M] -- K:\ProgramData\firebird

[2013/07/24 09:47:12 | 000,000,000 | ---D | M] -- K:\ProgramData\flipBook

[2013/02/20 12:04:36 | 000,000,000 | ---D | M] -- K:\ProgramData\FlipBuilder.com

[2013/07/02 08:40:51 | 000,000,000 | ---D | M] -- K:\ProgramData\FreeHideIP

[2013/09/02 09:07:38 | 000,000,000 | ---D | M] -- K:\ProgramData\InstallMate

[2012/08/05 02:33:39 | 000,000,000 | ---D | M] -- K:\ProgramData\ISDNWatch

[2013/12/31 06:17:46 | 000,000,000 | ---D | M] -- K:\ProgramData\JTL-Software

[2012/08/09 06:20:19 | 000,000,000 | ---D | M] -- K:\ProgramData\komBAS

[2013/01/23 15:19:07 | 000,000,000 | ---D | M] -- K:\ProgramData\m2backup

[2013/05/11 12:43:45 | 000,000,000 | ---D | M] -- K:\ProgramData\Magic Submitter

[2013/02/15 08:05:38 | 000,000,000 | ---D | M] -- K:\ProgramData\mquadr.at

[2012/11/07 19:41:58 | 000,000,000 | ---D | M] -- K:\ProgramData\MusicLab

[2013/02/28 05:25:15 | 000,000,000 | ---D | M] -- K:\ProgramData\MySQL

[2012/11/07 15:45:06 | 000,000,000 | ---D | M] -- K:\ProgramData\Native Instruments

[2012/08/06 03:32:53 | 000,000,000 | ---D | M] -- K:\ProgramData\Nitro PDF

[2012/08/05 06:16:59 | 000,000,000 | ---D | M] -- K:\ProgramData\Nuance

[2012/11/13 16:58:12 | 000,000,000 | ---D | M] -- K:\ProgramData\onOne Software

[2013/12/26 04:31:46 | 000,000,000 | ---D | M] -- K:\ProgramData\Oracle

[2012/11/13 09:51:12 | 000,000,000 | ---D | M] -- K:\ProgramData\PACE Anti-Piracy

[2012/11/15 14:51:47 | 000,000,000 | ---D | M] -- K:\ProgramData\PCTV Systems

[2012/11/15 14:58:55 | 000,000,000 | ---D | M] -- K:\ProgramData\Pinnacle

[2013/02/19 12:29:58 | 000,000,000 | ---D | M] -- K:\ProgramData\PlagiarismFinder

[2012/12/08 07:00:07 | 000,000,000 | ---D | M] -- K:\ProgramData\Proxy Multiply

[2012/08/03 15:55:19 | 000,000,000 | ---D | M] -- K:\ProgramData\regid.1986-12.com.adobe

[2013/03/23 05:18:53 | 000,000,000 | ---D | M] -- K:\ProgramData\SoftSafe

[2013/07/08 14:04:52 | 000,000,000 | ---D | M] -- K:\ProgramData\StarApp

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Start Menu

[2012/08/03 14:56:18 | 000,000,000 | -HSD | M] -- K:\ProgramData\Startmenü

[2012/11/07 11:58:14 | 000,000,000 | ---D | M] -- K:\ProgramData\Steinberg

[2013/09/02 09:07:37 | 000,000,000 | ---D | M] -- K:\ProgramData\SummerSoft

[2013/04/19 00:16:05 | 000,000,000 | ---D | M] -- K:\ProgramData\Syncrosoft

[2013/12/13 06:28:17 | 000,000,000 | ---D | M] -- K:\ProgramData\TEMP

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Templates

[2013/06/14 08:30:46 | 000,000,000 | ---D | M] -- K:\ProgramData\Tiffen

[2012/11/08 05:16:52 | 000,000,000 | ---D | M] -- K:\ProgramData\Toontrack

[2012/08/03 21:04:04 | 000,000,000 | ---D | M] -- K:\ProgramData\Ulead Systems

[2012/11/14 13:21:37 | 000,000,000 | ---D | M] -- K:\ProgramData\VertusTech

[2012/08/03 14:56:18 | 000,000,000 | -HSD | M] -- K:\ProgramData\Vorlagen

[2012/11/07 12:11:06 | 000,000,000 | ---D | M] -- K:\ProgramData\VST3 Presets

[2012/11/13 08:24:39 | 000,000,000 | ---D | M] -- K:\ProgramData\XDMessaging

[2013/06/20 03:12:43 | 000,000,000 | -H-D | M] -- K:\ProgramData\{36DD3794-83B4-46E3-B416-8090CB052042}

[2013/11/01 09:16:07 | 000,000,000 | -H-D | M] -- K:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}

[2008/01/01 06:35:17 | 000,000,000 | -H-D | M] -- K:\ProgramData\{7DC6FEB5-CDCF-4348-BDA7-46EEE9021D96}

[2013/11/01 09:14:33 | 000,000,000 | -H-D | M] -- K:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}

[2013/01/28 18:36:45 | 000,000,000 | -H-D | M] -- K:\ProgramData\{9CEF107B-86D1-4332-AE74-7FDEA6296A94}

[2014/01/10 03:30:52 | 000,032,632 | ---- | M] () -- K:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 320 bytes -> K:\Windows:nlsPreferences

@Alternate Data Stream - 167 bytes -> K:\ProgramData\TEMP:9FA5EC55

@Alternate Data Stream - 125 bytes -> K:\ProgramData\TEMP:0FF263E8

@Alternate Data Stream - 1010 bytes -> K:\Users\vimotrade\AppData\Local\Temp:TcQTRAFpgOjy6XStXpOYGYx

< End of report >

Extras.exe

Code:

OTL Extras logfile created on: 1/10/2014 11:21:33 AM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = K: | %SystemRoot% = K:\Windows | %ProgramFiles% = K:\Program Files (x86)

Drive C: | 229.27 Gb Total Space | 48.09 Gb Free Space | 20.97% Space Free | Partition Type: NTFS

Drive D: | 931.28 Gb Total Space | 774.30 Gb Free Space | 83.14% Space Free | Partition Type: FAT32

Drive E: | 931.51 Gb Total Space | 211.76 Gb Free Space | 22.73% Space Free | Partition Type: NTFS

Drive F: | 229.14 Gb Total Space | 216.75 Gb Free Space | 94.59% Space Free | Partition Type: NTFS

Drive K: | 458.46 Gb Total Space | 177.07 Gb Free Space | 38.62% Space Free | Partition Type: NTFS

Drive L: | 1.92 Gb Total Space | 1.91 Gb Free Space | 99.45% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- K:\Windows\System32\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- K:\Windows\SysWow64\control.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{EF449371-6B69-49C8-B789-76A0B0E3446B}" = Corel Painter X3

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0838FACF-AB67-4AB7-B09A-3FC1809AED34}" = Painter 13 - FR

"{0A2DEC29-333B-408B-B31B-0B34D73EBA4C}" = Power Indexer Pro 3.0.0.0

"{0B598D32-B873-4794-8F30-90C53CD562D7}" = Corel Painter 13 - IPM

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{1864B4F0-8888-5A57-9930-C2B307597966}" = MusicLab RealGuitar

"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1FD29C34-110D-43E8-8261-8A358E4E7204}" = Nitro Pro 7

"{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}" = Superior Drummer 64 bit

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{38209080-8888-4418-8117-D190FC71BF58}" = MusicLab RealLPC

"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit

"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{519918B9-24E9-4227-B927-9DD4F0FDBD0E}" = Microsoft SQL Server Native Client

"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5

"{58206080-8888-4418-8117-D190FC71BF58}" = MusicLab RealStrat

"{61F6F8FC-C448-418E-BF14-8B272DFDD51B}" = Painter 13 - EN

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver

"{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)

"{81BE5CD8-A7CA-4F1E-9825-E6BEFBC8C397}" = IMSlave LInk Blaster 1.1.0.0

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{92C28D3B-DEF3-4BFF-ADDB-DA12025B40E3}" = M-Audio ProFire Driver 6.0.9 (x64)

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9983025B-AA60-4CF3-9E6C-C48DB9CD2310}" = Corel Painter 13 - IPM Content

"{A16926CB-C4BF-4FC9-8F99-200236731FCA}" = Painter 13 - Contentx64

"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack

"{A30B7FD7-04A1-46e1-ABDF-FD592C113253}" = MusicLab Virtual MIDI Driver

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B1EA198B-FF19-46C9-84DE-E2F3D11619ED}" = Painter 13 - Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 326.01

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19

"{D2D82850-E23B-4923-99B9-F1A66A310A3F}" = SourceGear DiffMerge 4.1.0.534.stable (x64)

"{DA929FB1-A118-4F6E-9AD6-729633E84805}" = Painter 13 - Corex64

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{DD6290F5-9620-4FF6-AF3F-454465782B1A}" = Microsoft SQL Server VSS Writer

"{E6DC3A40-A289-4DEE-9472-7A003C3F4B72}" = Painter 13 - DE

"{EF449371-6B69-49C8-B789-76A0B0E3446B}" = Painter 13 - Setup Files

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

"OptimizerPro" = OptimizerPro

"Sandboxie" = Sandboxie 4.06 (64-bit)

"Tiffen-Dfx 3.0" = Dfx

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{EF449371-6B69-49C8-B789-76A0B0E3446B}" = Corel Painter X3

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0838FACF-AB67-4AB7-B09A-3FC1809AED34}" = Painter 13 - FR

"{0A2DEC29-333B-408B-B31B-0B34D73EBA4C}" = Power Indexer Pro 3.0.0.0

"{0B598D32-B873-4794-8F30-90C53CD562D7}" = Corel Painter 13 - IPM

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{1864B4F0-8888-5A57-9930-C2B307597966}" = MusicLab RealGuitar

"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1FD29C34-110D-43E8-8261-8A358E4E7204}" = Nitro Pro 7

"{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}" = Superior Drummer 64 bit

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{38209080-8888-4418-8117-D190FC71BF58}" = MusicLab RealLPC

"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit

"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{519918B9-24E9-4227-B927-9DD4F0FDBD0E}" = Microsoft SQL Server Native Client

"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5

"{58206080-8888-4418-8117-D190FC71BF58}" = MusicLab RealStrat

"{61F6F8FC-C448-418E-BF14-8B272DFDD51B}" = Painter 13 - EN

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver

"{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)

"{81BE5CD8-A7CA-4F1E-9825-E6BEFBC8C397}" = IMSlave LInk Blaster 1.1.0.0

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{92C28D3B-DEF3-4BFF-ADDB-DA12025B40E3}" = M-Audio ProFire Driver 6.0.9 (x64)

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9983025B-AA60-4CF3-9E6C-C48DB9CD2310}" = Corel Painter 13 - IPM Content

"{A16926CB-C4BF-4FC9-8F99-200236731FCA}" = Painter 13 - Contentx64

"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack

"{A30B7FD7-04A1-46e1-ABDF-FD592C113253}" = MusicLab Virtual MIDI Driver

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B1EA198B-FF19-46C9-84DE-E2F3D11619ED}" = Painter 13 - Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 326.01

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19

"{D2D82850-E23B-4923-99B9-F1A66A310A3F}" = SourceGear DiffMerge 4.1.0.534.stable (x64)

"{DA929FB1-A118-4F6E-9AD6-729633E84805}" = Painter 13 - Corex64

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{DD6290F5-9620-4FF6-AF3F-454465782B1A}" = Microsoft SQL Server VSS Writer

"{E6DC3A40-A289-4DEE-9472-7A003C3F4B72}" = Painter 13 - DE

"{EF449371-6B69-49C8-B789-76A0B0E3446B}" = Painter 13 - Setup Files

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

"OptimizerPro" = OptimizerPro

"Sandboxie" = Sandboxie 4.06 (64-bit)

"Tiffen-Dfx 3.0" = Dfx

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\vimotrade_ON_K\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"a10c648895c21ba6" = Update or Uninstall SENukeX

"com.poweredbypulse.profile-0-rb-10081-1361533307190" = MobiOne Studio 2.3.2 (hot-fix 1)

"Google Chrome" = Google Chrome

"Winamp Detect" = Winamp Erkennungs-Plug-in

 

< End of report >

Hi,

startet der Rechner nach diesem Fix wieder normal?

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

:OTL

[2014/01/10 03:23:24 | 000,000,726 | ---- | M] () -- K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk

O20 - HKU\vimotrade_ON_K Winlogon: Shell - (C:\Users\vimotrade\AppData\Roaming\loadit.exe) - K:\Users\vimotrade\AppData\Roaming\loadit.exe ()

O20 - HKU\vimotrade_ON_K Winlogon: UserInit - (C:\Users\vimotrade\AppData\Roaming\loadit.exe) - K:\Users\vimotrade\AppData\Roaming\loadit.exe ()

@Alternate Data Stream - 1010 bytes -> K:\Users\vimotrade\AppData\Local\Temp:TcQTRAFpgOjy6XStXpOYGYx
 

:commands

[resethosts]

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

Vielen Dank für die schnelle Hilfe.

Der PC startete wieder ohne Probleme. Nach ca 2 Minuten kam wieder ein weißes Fenster mit Virenscanvorgang und dem Hinweis, dass der PC jetzt runterfährt.

Was muss ich jetzt tun ?

LG Nadine

Ergebnis nach dem Fix mit OTL

Code:

========== OTL ==========

K:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk moved successfully.

Registry value HKEY_USERS\vimotrade_ON_K\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\vimotrade\AppData\Roaming\loadit.exe deleted successfully.

K:\Users\vimotrade\AppData\Roaming\loadit.exe moved successfully.

Registry value HKEY_USERS\vimotrade_ON_K\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\vimotrade\AppData\Roaming\loadit.exe deleted successfully.

File K:\Users\vimotrade\AppData\Roaming\loadit.exe not found.

ADS K:\Users\vimotrade\AppData\Local\Temp:TcQTRAFpgOjy6XStXpOYGYx deleted successfully.

========== COMMANDS ==========

K:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 01102014_130244

Hallo Nadine,

also lässt sich der Rechner nicht normal starten jetzt?

Hallo Leo,

der erste Start war okay,- wie gesagt, nach ca 2 Minuten hatte ich wieder das Trojanerfenster auf dem Schirm und der PC fuhr runter.

Wenn ich jetzt starte, habe ich das Ergebnis von vorher mit dem Trojaner Startfenster.

LG Nadine

Ok, dann mach bitte einen FRST-Scan in den Reperaturoptionen wie folgt:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Hallo Leo,

hier dann mal das Ergebnis der FRST.txt Oh man, ein Arbeitstag dahin :-(

Lieben Dank für Deine Hilfe. Unbezahlbar ...

LG Nadine

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by SYSTEM on MININT-KINPHT1 on 10-01-2014 13:58:56

Running from M:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] - Skytel.exe

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [M-Audio Taskbar Icon] - C:\Windows\system32\MAFWDITray.exe

HKLM-x32\...\Run: [SAOB Monitor] - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vmware-tray] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2012-01-18] (VMware, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [MailListController] - C:\Program Files (x86)\Arclab\MailList Controller\amlcSCT.exe [392944 2012-04-01] (Arclab Software GbR)

HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe [20686472 2012-11-21] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [PowerSEORanker] - C:\Program Files (x86)\Power SEO Ranker\PowerSEORanker.exe [1080320 2012-08-03] (Evergreen Internet Marketers)

HKLM-x32\...\Run: [LiveZilla] - C:\Program Files (x86)\LiveZilla\LiveZilla.exe [8684480 2013-05-22] (LiveZilla GmbH)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\vimotrade\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)

HKU\vimotrade\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\vimotrade\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)

HKU\vimotrade\...\Run: [Google Update] - C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)

HKU\vimotrade\...\Winlogon: [Userinit] 

HKU\vimotrade\...\Winlogon: [Shell] 

Startup: C:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

ShortcutTarget: AutoStarter.lnk -> L:\Firstload\Lizenzomat\Lizenzomat.v4.0.0.0.260.German-LAXiTY\Lizenzomat.v4.0.0.0.260.German-LAXiTY.exe (No File)
 

==================== Services (Whitelisted) =================
 

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32448 2012-11-29] ()

S2 MailList Controller; c:\program files (x86)\arclab\maillist controller\amlcSVC.exe [2871024 2012-06-04] (Arclab Software GbR)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)

S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-26] (Nitro PDF Software)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

S2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()

S2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG)

S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)

S2 SiteMonitorEnterprise; C:\Program Files (x86)\iannet\SiteMonitorEnterprise\SiteMonitorEnterprise.exe [42064 2013-07-25] (iannet)

S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] ()

S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)

S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-07-08] (Samsung Electronics Co., Ltd.)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-03] (DT Soft Ltd)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 gwfilt64; C:\Windows\System32\drivers\gwfilt64.sys [28160 2008-04-10] (Creative Technology Ltd.)

S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)

S3 MAFWPROFIRE; C:\Windows\System32\DRIVERS\MAudioProFire.sys [287240 2010-03-01] (Avid Technology, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)

S0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-06-08] (Acronis)

S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)

S5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 19:02 - 2014-01-10 19:02 - 00000000 ____D C:\_OTL

2014-01-10 17:25 - 2014-01-10 17:25 - 00036614 _____ C:\Extras.Txt

2014-01-10 13:58 - 2014-01-10 13:58 - 00000000 ____D C:\FRST

2014-01-10 10:46 - 2014-01-10 17:25 - 00127816 _____ C:\OTL.Txt

2014-01-09 19:28 - 2014-01-09 19:28 - 00000000 ____D C:\HP MyLensi ++++++++++++++++++

2014-01-09 19:03 - 2014-01-09 19:05 - 00000000 ____D C:\HP linsen4you.eu - Gaschler +++++++++++++

2014-01-09 19:01 - 2014-01-09 19:01 - 00415789 _____ C:\Users\vimotrade\Downloads\Escape.Plan.German.AC3LD.HDTV.XviD.READ.NFO-FR3AK.nzb

2014-01-09 18:20 - 2014-01-09 18:36 - 49892779 _____ C:\Users\vimotrade\Downloads\GR_A4_Restaurant_Menu.rar

2014-01-09 10:50 - 2014-01-09 10:50 - 00055405 _____ C:\Users\vimotrade\Downloads\VA - Karnevals Express 14.par2.nzb

2014-01-09 10:49 - 2014-01-09 10:49 - 00024876 _____ C:\Users\vimotrade\Downloads\au8UqZg5Am.par2.nzb

2014-01-09 10:39 - 2014-01-09 10:39 - 00309483 _____ C:\Users\vimotrade\Downloads\Anal Boot Camp # 2.nzb

2014-01-09 09:38 - 2014-01-09 09:38 - 00011762 _____ C:\Users\vimotrade\Downloads\products_options_values.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00005513 _____ C:\Users\vimotrade\Downloads\products_options_values_to_products_options.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00002527 _____ C:\Users\vimotrade\Downloads\products_to_categories.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00001866 _____ C:\Users\vimotrade\Downloads\products_options.sql

2014-01-09 09:37 - 2014-01-09 09:37 - 00380161 _____ C:\Users\vimotrade\Downloads\products_attributes.sql

2014-01-08 22:24 - 2014-01-08 22:24 - 00000000 ____D C:\HP Hüttenwoche

2014-01-08 18:48 - 2014-01-08 18:59 - 1111098335 _____ C:\Users\vimotrade\Downloads\wetransfer-f5b765.zip

2014-01-08 17:59 - 2014-01-08 17:59 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA Corporation

2014-01-08 17:58 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll

2014-01-08 17:58 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2014-01-08 17:57 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys

2014-01-08 17:57 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-01-08 16:28 - 2014-01-08 16:28 - 00170411 _____ C:\Users\vimotrade\Downloads\Escape.Plan.2013.REAL.WEBRiP.LD.German.X264.READ.NfO-4TH{{Usenetrevolution.info}}.nzb

2014-01-07 16:52 - 2014-01-07 17:12 - 00000000 ____D C:\PSS Schorr

2014-01-07 12:41 - 2014-01-07 12:41 - 00000000 ____D C:\Starlight

2014-01-07 10:59 - 2014-01-07 11:08 - 27289836 _____ C:\Users\vimotrade\Downloads\Kinder.rar

2014-01-02 09:30 - 2014-01-02 09:30 - 00000000 ____D C:\Liefer

2013-12-31 19:41 - 2013-12-31 19:41 - 00109685 _____ C:\Users\vimotrade\Downloads\kolsche jung (radio edit) - brings.mid

2013-12-31 18:06 - 2013-12-31 18:06 - 00558579 _____ C:\Users\vimotrade\Downloads\Tristan Taormino's Guide To Bondage For Couples.nzb

2013-12-31 18:06 - 2013-12-31 18:06 - 00443481 _____ C:\Users\vimotrade\Downloads\Bondage Stars 15.nzb

2013-12-31 18:06 - 2013-12-31 18:06 - 00406822 _____ C:\Users\vimotrade\Downloads\Bondage Torments 26.nzb

2013-12-31 17:56 - 2013-12-31 17:56 - 00187781 _____ C:\Users\vimotrade\Downloads\Eng Geschnürt und gefickt.nzb

2013-12-31 17:55 - 2013-12-31 17:55 - 00183574 _____ C:\Users\vimotrade\Downloads\Fetisch - Das Geheimnis der Lust.nzb

2013-12-31 17:52 - 2013-12-31 17:52 - 00184550 _____ C:\Users\vimotrade\Downloads\Inzest - Die Gegenleistung.nzb

2013-12-31 17:51 - 2013-12-31 17:51 - 00198855 _____ C:\Users\vimotrade\Downloads\Carmen Rivera - Fuckin Berlin.nzb

2013-12-31 15:13 - 2013-12-31 15:13 - 00246713 _____ C:\Users\vimotrade\Downloads\Karneval der Stars.rar

2013-12-31 15:11 - 2013-12-31 15:11 - 00056203 _____ C:\Users\vimotrade\Downloads\Karneval.der.Stars.Folge.43{{sieN[3vb3RF1MoV6u}}.nzb

2013-12-31 14:09 - 2014-01-01 17:51 - 00000000 ____D C:\Guten Rutsch

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\vimotrade\AppData\Local\JTL-Software-GmbH

2013-12-31 13:20 - 2013-12-31 13:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-12-31 13:20 - 2013-12-31 13:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-12-31 13:05 - 2013-12-31 13:07 - 50449456 _____ (Microsoft Corporation) C:\Users\vimotrade\Downloads\dotNetFx40_Full_x86_x64.exe

2013-12-31 12:17 - 2013-12-31 14:24 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\jtl-software

2013-12-31 12:17 - 2013-12-31 12:17 - 00000000 ____D C:\ProgramData\JTL-Software

2013-12-31 12:12 - 2013-12-31 12:16 - 87767925 _____ (                                                            ) C:\Users\vimotrade\Downloads\setup-jtl-wawi_099916_131218.exe

2013-12-31 10:16 - 2013-12-31 10:17 - 00013527 _____ C:\Users\vimotrade\Downloads\dan_gaan_de_lichten_aan.zip

2013-12-31 09:50 - 2013-12-31 09:50 - 00010280 _____ C:\Users\vimotrade\Downloads\10002089mdm.mid

2013-12-31 09:49 - 2013-12-31 09:49 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891 (1).mid

2013-12-31 09:46 - 2013-12-31 09:46 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891.mid

2013-12-31 09:28 - 2013-12-31 09:28 - 00014321 _____ C:\Users\vimotrade\Downloads\00037992.mid

2013-12-31 09:26 - 2013-12-31 09:26 - 00009791 _____ C:\Users\vimotrade\Downloads\00037939.mid

2013-12-30 20:23 - 2013-12-30 20:23 - 00328864 _____ C:\Users\vimotrade\Downloads\Der König der Arschficker 4.nzb

2013-12-30 20:23 - 2013-12-30 20:23 - 00187702 _____ C:\Users\vimotrade\Downloads\Alte Kameraden 2 - Alte Sau Junge Dose.nzb

2013-12-30 18:27 - 2013-12-30 18:27 - 00001241 _____ C:\Users\vimotrade\Desktop\AVS Video Converter.lnk

2013-12-30 18:10 - 2013-12-30 18:10 - 00018915 _____ C:\Users\vimotrade\Downloads\AVS.Video.Converter.8.4.2.541.incl.Patch(Mehrsprachig).nfo.nzb

2013-12-30 15:38 - 2013-12-30 15:38 - 00000000 ____D C:\HP Kontaktlinsenhit WAWI Connector

2013-12-30 09:44 - 2013-12-30 09:44 - 00093201 _____ C:\Users\vimotrade\Downloads\kmd-iiswfue16-sample.mp4.nzb

2013-12-30 09:43 - 2013-12-30 09:43 - 00475330 _____ C:\Users\vimotrade\Downloads\SexBox06.par2.nzb

2013-12-30 09:40 - 2013-12-30 09:40 - 00130256 _____ C:\Users\vimotrade\Downloads\kmd-azsae-sample.mp4.nzb

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Stepok Softwares

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Light Developer

2013-12-30 09:29 - 2013-12-30 09:37 - 00000000 ____D C:\Program Files\Recomposit pro

2013-12-29 07:28 - 2013-12-29 07:28 - 00369525 _____ C:\Users\vimotrade\Downloads\Best Of Fetish 15.nzb

2013-12-29 07:27 - 2013-12-29 07:27 - 00369325 _____ C:\Users\vimotrade\Downloads\Inflagranti - Züchtige Sie.nzb

2013-12-29 07:26 - 2013-12-29 07:26 - 00374483 _____ C:\Users\vimotrade\Downloads\Stahlhart - Schlüsselreiz.nzb

2013-12-29 07:21 - 2013-12-29 07:21 - 00121031 _____ C:\Users\vimotrade\Downloads\ps-pm4-sample.mp4.nzb

2013-12-29 07:17 - 2013-12-29 07:17 - 01381562 _____ C:\Users\vimotrade\Downloads\Stuten Tausch 9.nzb

2013-12-26 20:12 - 2013-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-26 10:31 - 2013-12-26 10:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-12-26 10:31 - 2013-12-26 10:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-26 10:31 - 2013-12-26 10:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-25 21:11 - 2013-12-25 21:11 - 01946993 _____ C:\Users\vimotrade\Downloads\Popstar.auf.Umwegen.-.Lizzie.McGuire_.Ein.Traum.wird.wahr.-.2003.German.ML.(DVD9).untouched{{dPB.nzb

2013-12-25 19:30 - 2013-12-25 19:30 - 00915368 _____ (Oracle Corporation) C:\Users\vimotrade\Downloads\chromeinstall-7u45.exe

2013-12-25 19:14 - 2013-12-25 19:14 - 00064475 _____ C:\Users\vimotrade\Downloads\envatocash10.rar

2013-12-25 13:56 - 2013-12-25 14:30 - 91927299 _____ C:\Users\vimotrade\Downloads\ironband161.rar

2013-12-25 11:22 - 2013-12-25 11:22 - 00135751 _____ C:\Users\vimotrade\Downloads\Bis die Fotze glüht - Sexy Susi.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00051645 _____ C:\Users\vimotrade\Downloads\Andr_#232_ Rieu - Merry Christmas!.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00029080 _____ C:\Users\vimotrade\Downloads\Enya - Christmas.nzb

2013-12-24 12:35 - 2013-12-24 12:35 - 00041977 _____ C:\Users\vimotrade\Downloads\VA - Balt Nun Ist Weihnachtszeit (1970-2004).nzb

2013-12-24 11:01 - 2013-12-24 11:01 - 00037053 _____ C:\Users\vimotrade\Downloads\Boccherini Guitar Quartet - Christmas Guitar.nzb

2013-12-24 11:00 - 2013-12-24 11:00 - 00068338 _____ C:\Users\vimotrade\Downloads\Die.neuen.Weihnachts.Hits.Vol.2{{]av4C55RP7DzMTi7i}}.nzb

2013-12-23 17:12 - 2013-12-23 17:12 - 00018381 _____ C:\Users\vimotrade\Downloads\10026368mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00020200 _____ C:\Users\vimotrade\Downloads\10026414mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00000144 _____ C:\Users\vimotrade\Downloads\10026435.mid

2013-12-23 17:09 - 2013-12-23 17:09 - 00016374 _____ C:\Users\vimotrade\Downloads\10026439mdm.mid

2013-12-23 17:08 - 2013-12-23 17:08 - 00025117 _____ C:\Users\vimotrade\Downloads\10026475mdm.mid

2013-12-23 17:07 - 2013-12-23 17:07 - 00016966 _____ C:\Users\vimotrade\Downloads\10026471mdm.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00024378 _____ C:\Users\vimotrade\Downloads\10026488hdg.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00019713 _____ C:\Users\vimotrade\Downloads\10026487hdg.mid

2013-12-23 17:05 - 2013-12-23 17:05 - 00019028 _____ C:\Users\vimotrade\Downloads\10026486hdg.mid

2013-12-23 14:43 - 2013-12-23 15:15 - 98047312 _____ C:\Users\vimotrade\Downloads\t00131222-563-ChristmasBobby.z.rar

2013-12-23 09:07 - 2013-12-23 09:07 - 00000220 _____ C:\Users\vimotrade\Desktop\U1Tirol64.wax

2013-12-20 17:55 - 2013-12-20 19:35 - 308249868 _____ C:\Users\vimotrade\Downloads\GS146.Minus.40C.GFXTRA.COM.rar

2013-12-20 16:30 - 2013-12-20 16:30 - 00779575 _____ C:\Users\vimotrade\Downloads\product_komplett.sql.gz

2013-12-20 16:16 - 2013-12-20 16:16 - 00001259 _____ C:\Users\vimotrade\Downloads\products_vpe.sql

2013-12-20 16:10 - 2014-01-09 14:16 - 00000000 ____D C:\HP MyLensi

2013-12-19 11:51 - 2013-12-19 11:51 - 00186894 _____ C:\Users\vimotrade\Downloads\Julias Porno Show 10.nzb

2013-12-19 09:42 - 2013-12-19 09:42 - 00000000 ____D C:\Projekt SParpreis Verkauf

2013-12-18 21:33 - 2013-12-18 21:33 - 00000000 ____D C:\Künstler

2013-12-18 20:13 - 2013-12-18 20:13 - 00015237 _____ C:\Users\vimotrade\Downloads\bring_tha_noize.zip

2013-12-17 19:37 - 2013-12-17 19:37 - 00000508 _____ C:\Users\vimotrade\Downloads\schnellanfrage-2013-12-17.csv

2013-12-17 14:15 - 2013-12-17 14:15 - 00191872 _____ C:\Users\vimotrade\Downloads\usr_web38_22.sql.gz

2013-12-17 11:51 - 2013-12-17 12:05 - 00000000 ____D C:\Krausse Artikel Export

2013-12-17 11:35 - 2013-12-17 11:35 - 00194510 _____ C:\Users\vimotrade\Downloads\Professional.Server.Status.Script.rar

2013-12-17 11:18 - 2013-12-17 11:29 - 00000000 ____D C:\Data

2013-12-17 11:13 - 2013-12-17 11:13 - 00001059 _____ C:\Users\vimotrade\Desktop\Web Data Extractor.lnk

2013-12-17 11:13 - 2013-12-17 11:13 - 00000000 ____D C:\Program Files (x86)\WebExtractor

2013-12-17 10:55 - 2013-12-17 10:55 - 00225908 ____H C:\Windows\SysWOW64\mlfcache.dat

2013-12-17 10:16 - 2013-12-17 10:17 - 04078367 _____ C:\Users\vimotrade\Downloads\Templatic.GeoPlaces.v4.6.11.rar

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-12-16 11:10 - 2013-12-16 11:10 - 10805387 _____ C:\Users\vimotrade\Downloads\sabnzbd-0.7.16-win32-setup.exe

2013-12-16 10:10 - 2013-12-16 10:10 - 00049035 _____ C:\Users\vimotrade\Downloads\products.sql

2013-12-16 09:48 - 2013-12-16 09:48 - 01601425 _____ C:\Users\vimotrade\Downloads\kontaktlinsenpoint.sql

2013-12-16 08:51 - 2013-12-16 08:56 - 14715250 _____ C:\Users\vimotrade\Downloads\Sleek-Web-Banners.rar

2013-12-15 21:17 - 2013-12-15 21:17 - 00341342 _____ C:\Users\vimotrade\Downloads\Getaway.2013.German.BDRip.AC3LD.XviD-SMY.nzb

2013-12-15 20:22 - 2013-12-15 20:22 - 00386961 _____ C:\Users\vimotrade\Downloads\21.and.Over.2013.BDRip.AC3.German.XviD-POE.nzb

2013-12-15 20:20 - 2013-12-15 20:20 - 00372329 _____ C:\Users\vimotrade\Downloads\Nothing.Like.the.Holidays.German.2008.AC3.PROPER.DVDRip.XviD-ViDEOWELT.nzb

2013-12-15 10:55 - 2013-12-15 10:55 - 00015998 _____ C:\Users\vimotrade\Downloads\00038148.mid

2013-12-14 20:50 - 2013-12-14 21:01 - 65383484 _____ C:\Users\vimotrade\Downloads\Christmas_wooden_sign.rar

2013-12-14 13:21 - 2013-12-14 14:26 - 197592513 _____ C:\Users\vimotrade\Downloads\Water_splashes.rar

2013-12-14 13:05 - 2013-12-14 13:05 - 00002659 _____ C:\Users\Public\Desktop\Seolize.lnk

2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\seolize

2013-12-14 12:36 - 2013-12-14 12:49 - 38227985 _____ C:\Users\vimotrade\Downloads\gwqdn.ArcSoft.Portrait.Plus.3.0.0.400.rar

2013-12-14 10:41 - 2013-12-14 10:41 - 00031433 _____ C:\Users\vimotrade\Downloads\Laura.Wilde.-.Umarm.die.Welt.mit.mir.nzb

2013-12-13 23:56 - 2013-12-13 23:56 - 00568780 _____ C:\Users\vimotrade\Downloads\Breaking.Dawn.Biss.zum.Ende.der.Nacht.Teil.2.DVDRiP.LD.German.XViD-FW.nfo.nzb

2013-12-13 23:56 - 2013-12-13 23:56 - 00409678 _____ C:\Users\vimotrade\Downloads\2013.02.19_MNMN07.nzb

2013-12-13 23:45 - 2013-12-13 23:45 - 00457182 _____ C:\Users\vimotrade\Downloads\HMK777Hjk009kkl008kkj554ggh658.par2.nzb

2013-12-13 15:52 - 2013-12-13 15:52 - 00033451 _____ C:\Users\vimotrade\Downloads\Helene Fischer_ _#8222_Farbenspiel_#8220_.nzb

2013-12-13 15:52 - 2013-12-13 15:52 - 00025406 _____ C:\Users\vimotrade\Downloads\Kirmesmusikanten - Das ist Musik f_#252_r Sie.nzb

2013-12-13 13:36 - 2013-12-13 13:36 - 00000000 ____D C:\MediaWebline

2013-12-13 12:22 - 2013-12-13 12:22 - 00059843 _____ C:\Users\vimotrade\Downloads\Paulina_Rubio-Pau_Factor-ES-CD-FLAC-2013-PERFECT.nzb

2013-12-13 12:04 - 2013-12-13 12:04 - 00063250 _____ C:\Users\vimotrade\Downloads\TechSmith.Camtasia.Studio.v8.0.2.964.GERMAN.par2.nzb

2013-12-12 10:22 - 2013-12-12 10:22 - 00708832 _____ C:\Users\vimotrade\Downloads\Studio A.nzb

2013-12-12 07:17 - 2014-01-09 19:03 - 00000000 ____D C:\HP Kontaktlinsen Point +++++++++++++++

2013-12-11 12:39 - 2013-12-11 12:39 - 00038805 _____ C:\Users\vimotrade\Downloads\Template-Update-2.0.12.2-auf-2.0.13.0.zip

2013-12-11 11:13 - 2013-12-11 11:13 - 00187576 _____ C:\Users\vimotrade\Downloads\Illegal Scheissegal Wir ficken überall 1.nzb

2013-12-11 11:12 - 2013-12-11 11:12 - 00369472 _____ C:\Users\vimotrade\Downloads\Perverse Bullen.nzb

2013-12-11 11:11 - 2013-12-11 11:11 - 00166772 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 1.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00195545 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 3.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187490 _____ C:\Users\vimotrade\Downloads\Pleasure - Kamasutra.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187028 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 2.nzb

2013-12-11 11:08 - 2013-12-11 11:09 - 00465844 _____ C:\Users\vimotrade\Downloads\SM-Stories und was ist dein Fetish.nzb

2013-12-11 11:07 - 2013-12-11 11:07 - 00157396 _____ C:\Users\vimotrade\Downloads\Vollgewichste Gang Bang Schlampen 16.nzb
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 19:02 - 2014-01-10 19:02 - 00000000 ____D C:\_OTL

2014-01-10 17:25 - 2014-01-10 17:25 - 00036614 _____ C:\Extras.Txt

2014-01-10 17:25 - 2014-01-10 10:46 - 00127816 _____ C:\OTL.Txt

2014-01-10 17:21 - 2012-08-03 20:56 - 00000000 ____D C:\users\vimotrade

2014-01-10 13:58 - 2014-01-10 13:58 - 00000000 ____D C:\FRST

2014-01-10 13:24 - 2012-08-03 20:49 - 01694897 _____ C:\Windows\WindowsUpdate.log

2014-01-10 13:23 - 2013-05-29 07:34 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-10 13:22 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-10 13:22 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-10 13:18 - 2012-08-03 23:26 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA.job

2014-01-10 13:14 - 2012-11-08 01:37 - 00031672 _____ C:\Windows\mlkumidi.log

2014-01-10 13:14 - 2012-11-07 09:41 - 00000000 ____D C:\ProgramData\VMware

2014-01-10 13:14 - 2012-08-03 22:18 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-10 13:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-10 13:14 - 2009-07-14 05:51 - 02028535 _____ C:\Windows\setupact.log

2014-01-10 13:13 - 2012-08-04 00:14 - 00000000 ____D C:\Users\vimotrade\Documents\Outlook-Dateien

2014-01-10 13:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Skype

2014-01-10 13:09 - 2011-04-12 08:43 - 00760296 _____ C:\Windows\System32\perfh007.dat

2014-01-10 13:09 - 2011-04-12 08:43 - 00174768 _____ C:\Windows\System32\perfc007.dat

2014-01-10 13:09 - 2009-07-14 06:13 - 01780358 _____ C:\Windows\System32\PerfStringBackup.INI

2014-01-10 10:04 - 2013-05-29 07:34 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-10 09:54 - 2012-08-03 21:40 - 00000000 ____D C:\Users\vimotrade\AppData\Local\Adobe

2014-01-10 09:30 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-10 09:18 - 2012-11-13 14:39 - 00000000 ____D C:\Users\vimotrade\AppData\Local\TSVNCache

2014-01-09 23:07 - 2012-08-03 22:08 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\FileZilla

2014-01-09 21:36 - 2012-08-04 02:30 - 00000000 ____D C:\Users\vimotrade\Documents\NFG Home

2014-01-09 19:40 - 2012-08-05 11:04 - 00001456 _____ C:\Users\vimotrade\AppData\Local\Adobe Für Web speichern 13.0 Prefs

2014-01-09 19:28 - 2014-01-09 19:28 - 00000000 ____D C:\HP MyLensi ++++++++++++++++++

2014-01-09 19:05 - 2014-01-09 19:03 - 00000000 ____D C:\HP linsen4you.eu - Gaschler +++++++++++++

2014-01-09 19:03 - 2013-12-12 07:17 - 00000000 ____D C:\HP Kontaktlinsen Point +++++++++++++++

2014-01-09 19:01 - 2014-01-09 19:01 - 00415789 _____ C:\Users\vimotrade\Downloads\Escape.Plan.German.AC3LD.HDTV.XviD.READ.NFO-FR3AK.nzb

2014-01-09 18:36 - 2014-01-09 18:20 - 49892779 _____ C:\Users\vimotrade\Downloads\GR_A4_Restaurant_Menu.rar

2014-01-09 14:16 - 2013-12-20 16:10 - 00000000 ____D C:\HP MyLensi

2014-01-09 10:50 - 2014-01-09 10:50 - 00055405 _____ C:\Users\vimotrade\Downloads\VA - Karnevals Express 14.par2.nzb

2014-01-09 10:49 - 2014-01-09 10:49 - 00024876 _____ C:\Users\vimotrade\Downloads\au8UqZg5Am.par2.nzb

2014-01-09 10:39 - 2014-01-09 10:39 - 00309483 _____ C:\Users\vimotrade\Downloads\Anal Boot Camp # 2.nzb

2014-01-09 09:38 - 2014-01-09 09:38 - 00011762 _____ C:\Users\vimotrade\Downloads\products_options_values.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00005513 _____ C:\Users\vimotrade\Downloads\products_options_values_to_products_options.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00002527 _____ C:\Users\vimotrade\Downloads\products_to_categories.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00001866 _____ C:\Users\vimotrade\Downloads\products_options.sql

2014-01-09 09:37 - 2014-01-09 09:37 - 00380161 _____ C:\Users\vimotrade\Downloads\products_attributes.sql

2014-01-09 09:25 - 2012-08-04 13:21 - 00000000 ____D C:\orgaMAX

2014-01-09 03:18 - 2012-08-03 23:26 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core.job

2014-01-08 22:24 - 2014-01-08 22:24 - 00000000 ____D C:\HP Hüttenwoche

2014-01-08 18:59 - 2014-01-08 18:48 - 1111098335 _____ C:\Users\vimotrade\Downloads\wetransfer-f5b765.zip

2014-01-08 18:11 - 2012-08-04 14:20 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\vlc

2014-01-08 17:59 - 2014-01-08 17:59 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA Corporation

2014-01-08 17:59 - 2013-10-07 20:08 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA

2014-01-08 17:59 - 2012-08-03 22:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2014-01-08 17:58 - 2012-08-03 22:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2014-01-08 17:58 - 2012-08-03 22:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2014-01-08 16:28 - 2014-01-08 16:28 - 00170411 _____ C:\Users\vimotrade\Downloads\Escape.Plan.2013.REAL.WEBRiP.LD.German.X264.READ.NfO-4TH{{Usenetrevolution.info}}.nzb

2014-01-08 15:19 - 2013-06-01 13:50 - 00000000 ____D C:\HP Kölsche Woche

2014-01-08 11:41 - 2013-10-03 11:40 - 00000000 ____D C:\Users\vimotrade\Documents\ASEOPS 7

2014-01-08 10:05 - 2012-08-09 21:22 - 00000000 ____D C:\SEO Projekte

2014-01-08 02:43 - 2012-08-03 23:27 - 00002384 _____ C:\Users\vimotrade\Desktop\Google Chrome.lnk

2014-01-07 18:02 - 2013-06-04 11:54 - 00000000 ____D C:\HP Rabaue

2014-01-07 17:12 - 2014-01-07 16:52 - 00000000 ____D C:\PSS Schorr

2014-01-07 12:41 - 2014-01-07 12:41 - 00000000 ____D C:\Starlight

2014-01-07 11:08 - 2014-01-07 10:59 - 27289836 _____ C:\Users\vimotrade\Downloads\Kinder.rar

2014-01-07 10:37 - 2012-11-07 08:50 - 00000000 ____D C:\WP

2014-01-06 22:11 - 2013-10-16 15:28 - 00000000 ____D C:\PKW Kaufvertrag

2014-01-06 17:38 - 2013-11-20 19:24 - 00001754 _____ C:\Windows\Sandboxie.ini

2014-01-02 09:30 - 2014-01-02 09:30 - 00000000 ____D C:\Liefer

2014-01-01 17:51 - 2013-12-31 14:09 - 00000000 ____D C:\Guten Rutsch

2013-12-31 19:41 - 2013-12-31 19:41 - 00109685 _____ C:\Users\vimotrade\Downloads\kolsche jung (radio edit) - brings.mid

2013-12-31 18:06 - 2013-12-31 18:06 - 00558579 _____ C:\Users\vimotrade\Downloads\Tristan Taormino's Guide To Bondage For Couples.nzb

2013-12-31 18:06 - 2013-12-31 18:06 - 00443481 _____ C:\Users\vimotrade\Downloads\Bondage Stars 15.nzb

2013-12-31 18:06 - 2013-12-31 18:06 - 00406822 _____ C:\Users\vimotrade\Downloads\Bondage Torments 26.nzb

2013-12-31 17:56 - 2013-12-31 17:56 - 00187781 _____ C:\Users\vimotrade\Downloads\Eng Geschnürt und gefickt.nzb

2013-12-31 17:55 - 2013-12-31 17:55 - 00183574 _____ C:\Users\vimotrade\Downloads\Fetisch - Das Geheimnis der Lust.nzb

2013-12-31 17:52 - 2013-12-31 17:52 - 00184550 _____ C:\Users\vimotrade\Downloads\Inzest - Die Gegenleistung.nzb

2013-12-31 17:51 - 2013-12-31 17:51 - 00198855 _____ C:\Users\vimotrade\Downloads\Carmen Rivera - Fuckin Berlin.nzb

2013-12-31 15:13 - 2013-12-31 15:13 - 00246713 _____ C:\Users\vimotrade\Downloads\Karneval der Stars.rar

2013-12-31 15:11 - 2013-12-31 15:11 - 00056203 _____ C:\Users\vimotrade\Downloads\Karneval.der.Stars.Folge.43{{sieN[3vb3RF1MoV6u}}.nzb

2013-12-31 14:30 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-12-31 14:24 - 2013-12-31 12:17 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\jtl-software

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\vimotrade\AppData\Local\JTL-Software-GmbH

2013-12-31 13:22 - 2013-12-31 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-12-31 13:22 - 2012-08-06 21:47 - 01658746 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-31 13:21 - 2013-12-31 13:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-12-31 13:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-31 13:07 - 2013-12-31 13:05 - 50449456 _____ (Microsoft Corporation) C:\Users\vimotrade\Downloads\dotNetFx40_Full_x86_x64.exe

2013-12-31 12:17 - 2013-12-31 12:17 - 00000000 ____D C:\ProgramData\JTL-Software

2013-12-31 12:16 - 2013-12-31 12:12 - 87767925 _____ (                                                            ) C:\Users\vimotrade\Downloads\setup-jtl-wawi_099916_131218.exe

2013-12-31 10:17 - 2013-12-31 10:16 - 00013527 _____ C:\Users\vimotrade\Downloads\dan_gaan_de_lichten_aan.zip

2013-12-31 09:50 - 2013-12-31 09:50 - 00010280 _____ C:\Users\vimotrade\Downloads\10002089mdm.mid

2013-12-31 09:49 - 2013-12-31 09:49 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891 (1).mid

2013-12-31 09:46 - 2013-12-31 09:46 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891.mid

2013-12-31 09:28 - 2013-12-31 09:28 - 00014321 _____ C:\Users\vimotrade\Downloads\00037992.mid

2013-12-31 09:26 - 2013-12-31 09:26 - 00009791 _____ C:\Users\vimotrade\Downloads\00037939.mid

2013-12-30 20:23 - 2013-12-30 20:23 - 00328864 _____ C:\Users\vimotrade\Downloads\Der König der Arschficker 4.nzb

2013-12-30 20:23 - 2013-12-30 20:23 - 00187702 _____ C:\Users\vimotrade\Downloads\Alte Kameraden 2 - Alte Sau Junge Dose.nzb

2013-12-30 18:31 - 2013-04-19 06:26 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\AVS4YOU

2013-12-30 18:28 - 2013-04-19 06:25 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-12-30 18:27 - 2013-12-30 18:27 - 00001241 _____ C:\Users\vimotrade\Desktop\AVS Video Converter.lnk

2013-12-30 18:10 - 2013-12-30 18:10 - 00018915 _____ C:\Users\vimotrade\Downloads\AVS.Video.Converter.8.4.2.541.incl.Patch(Mehrsprachig).nfo.nzb

2013-12-30 15:38 - 2013-12-30 15:38 - 00000000 ____D C:\HP Kontaktlinsenhit WAWI Connector

2013-12-30 09:44 - 2013-12-30 09:44 - 00093201 _____ C:\Users\vimotrade\Downloads\kmd-iiswfue16-sample.mp4.nzb

2013-12-30 09:43 - 2013-12-30 09:43 - 00475330 _____ C:\Users\vimotrade\Downloads\SexBox06.par2.nzb

2013-12-30 09:40 - 2013-12-30 09:40 - 00130256 _____ C:\Users\vimotrade\Downloads\kmd-azsae-sample.mp4.nzb

2013-12-30 09:37 - 2013-12-30 09:29 - 00000000 ____D C:\Program Files\Recomposit pro

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Stepok Softwares

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Light Developer

2013-12-29 07:28 - 2013-12-29 07:28 - 00369525 _____ C:\Users\vimotrade\Downloads\Best Of Fetish 15.nzb

2013-12-29 07:27 - 2013-12-29 07:27 - 00369325 _____ C:\Users\vimotrade\Downloads\Inflagranti - Züchtige Sie.nzb

2013-12-29 07:26 - 2013-12-29 07:26 - 00374483 _____ C:\Users\vimotrade\Downloads\Stahlhart - Schlüsselreiz.nzb

2013-12-29 07:21 - 2013-12-29 07:21 - 00121031 _____ C:\Users\vimotrade\Downloads\ps-pm4-sample.mp4.nzb

2013-12-29 07:17 - 2013-12-29 07:17 - 01381562 _____ C:\Users\vimotrade\Downloads\Stuten Tausch 9.nzb

2013-12-29 06:54 - 2012-08-04 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 08:48 - 2012-08-04 00:30 - 00000000 ____D C:\Users\vimotrade\Documents\VIMO Trade

2013-12-26 20:12 - 2013-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-26 11:51 - 2010-11-21 04:47 - 00446590 _____ C:\Windows\PFRO.log

2013-12-26 10:31 - 2013-12-26 10:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-12-26 10:31 - 2013-12-26 10:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-26 10:31 - 2013-12-26 10:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-26 10:31 - 2013-06-19 20:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-12-26 10:31 - 2013-06-19 20:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-12-26 10:31 - 2012-08-10 12:01 - 00000000 ____D C:\Program Files (x86)\Java

2013-12-25 21:11 - 2013-12-25 21:11 - 01946993 _____ C:\Users\vimotrade\Downloads\Popstar.auf.Umwegen.-.Lizzie.McGuire_.Ein.Traum.wird.wahr.-.2003.German.ML.(DVD9).untouched{{dPB.nzb

2013-12-25 19:30 - 2013-12-25 19:30 - 00915368 _____ (Oracle Corporation) C:\Users\vimotrade\Downloads\chromeinstall-7u45.exe

2013-12-25 19:14 - 2013-12-25 19:14 - 00064475 _____ C:\Users\vimotrade\Downloads\envatocash10.rar

2013-12-25 14:30 - 2013-12-25 13:56 - 91927299 _____ C:\Users\vimotrade\Downloads\ironband161.rar

2013-12-25 11:22 - 2013-12-25 11:22 - 00135751 _____ C:\Users\vimotrade\Downloads\Bis die Fotze glüht - Sexy Susi.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00051645 _____ C:\Users\vimotrade\Downloads\Andr_#232_ Rieu - Merry Christmas!.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00029080 _____ C:\Users\vimotrade\Downloads\Enya - Christmas.nzb

2013-12-24 12:35 - 2013-12-24 12:35 - 00041977 _____ C:\Users\vimotrade\Downloads\VA - Balt Nun Ist Weihnachtszeit (1970-2004).nzb

2013-12-24 11:01 - 2013-12-24 11:01 - 00037053 _____ C:\Users\vimotrade\Downloads\Boccherini Guitar Quartet - Christmas Guitar.nzb

2013-12-24 11:00 - 2013-12-24 11:00 - 00068338 _____ C:\Users\vimotrade\Downloads\Die.neuen.Weihnachts.Hits.Vol.2{{]av4C55RP7DzMTi7i}}.nzb

2013-12-23 17:12 - 2013-12-23 17:12 - 00018381 _____ C:\Users\vimotrade\Downloads\10026368mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00020200 _____ C:\Users\vimotrade\Downloads\10026414mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00000144 _____ C:\Users\vimotrade\Downloads\10026435.mid

2013-12-23 17:09 - 2013-12-23 17:09 - 00016374 _____ C:\Users\vimotrade\Downloads\10026439mdm.mid

2013-12-23 17:08 - 2013-12-23 17:08 - 00025117 _____ C:\Users\vimotrade\Downloads\10026475mdm.mid

2013-12-23 17:07 - 2013-12-23 17:07 - 00016966 _____ C:\Users\vimotrade\Downloads\10026471mdm.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00024378 _____ C:\Users\vimotrade\Downloads\10026488hdg.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00019713 _____ C:\Users\vimotrade\Downloads\10026487hdg.mid

2013-12-23 17:05 - 2013-12-23 17:05 - 00019028 _____ C:\Users\vimotrade\Downloads\10026486hdg.mid

2013-12-23 15:15 - 2013-12-23 14:43 - 98047312 _____ C:\Users\vimotrade\Downloads\t00131222-563-ChristmasBobby.z.rar

2013-12-23 09:07 - 2013-12-23 09:07 - 00000220 _____ C:\Users\vimotrade\Desktop\U1Tirol64.wax

2013-12-22 19:17 - 2012-11-14 12:10 - 00000000 ____D C:\a

2013-12-22 19:13 - 2013-03-27 20:02 - 00001053 _____ C:\Users\vimotrade\Desktop\Rapid SEO Tool.lnk

2013-12-22 19:13 - 2013-03-27 20:02 - 00000000 ____D C:\Program Files (x86)\Rapid SEO Tool

2013-12-20 19:35 - 2013-12-20 17:55 - 308249868 _____ C:\Users\vimotrade\Downloads\GS146.Minus.40C.GFXTRA.COM.rar

2013-12-20 16:30 - 2013-12-20 16:30 - 00779575 _____ C:\Users\vimotrade\Downloads\product_komplett.sql.gz

2013-12-20 16:16 - 2013-12-20 16:16 - 00001259 _____ C:\Users\vimotrade\Downloads\products_vpe.sql

2013-12-19 11:51 - 2013-12-19 11:51 - 00186894 _____ C:\Users\vimotrade\Downloads\Julias Porno Show 10.nzb

2013-12-19 09:42 - 2013-12-19 09:42 - 00000000 ____D C:\Projekt SParpreis Verkauf

2013-12-18 21:33 - 2013-12-18 21:33 - 00000000 ____D C:\Künstler

2013-12-18 20:13 - 2013-12-18 20:13 - 00015237 _____ C:\Users\vimotrade\Downloads\bring_tha_noize.zip

2013-12-18 09:41 - 2013-08-02 08:54 - 00000000 ____D C:\HP Egger Tux

2013-12-17 19:37 - 2013-12-17 19:37 - 00000508 _____ C:\Users\vimotrade\Downloads\schnellanfrage-2013-12-17.csv

2013-12-17 14:15 - 2013-12-17 14:15 - 00191872 _____ C:\Users\vimotrade\Downloads\usr_web38_22.sql.gz

2013-12-17 12:05 - 2013-12-17 11:51 - 00000000 ____D C:\Krausse Artikel Export

2013-12-17 11:35 - 2013-12-17 11:35 - 00194510 _____ C:\Users\vimotrade\Downloads\Professional.Server.Status.Script.rar

2013-12-17 11:29 - 2013-12-17 11:18 - 00000000 ____D C:\Data

2013-12-17 11:13 - 2013-12-17 11:13 - 00001059 _____ C:\Users\vimotrade\Desktop\Web Data Extractor.lnk

2013-12-17 11:13 - 2013-12-17 11:13 - 00000000 ____D C:\Program Files (x86)\WebExtractor

2013-12-17 10:59 - 2013-03-15 01:24 - 00000268 _____ C:\Users\vimotrade\AppData\Roaming\ltpReg.txt

2013-12-17 10:55 - 2013-12-17 10:55 - 00225908 ____H C:\Windows\SysWOW64\mlfcache.dat

2013-12-17 10:54 - 2013-03-15 10:00 - 00000828 _____ C:\Users\vimotrade\Desktop\LongTailPro.lnk

2013-12-17 10:54 - 2013-03-15 01:24 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\com.longtailpro.LongTailPro

2013-12-17 10:53 - 2013-03-15 01:24 - 00000000 ____D C:\Program Files (x86)\LongTailPro

2013-12-17 10:17 - 2013-12-17 10:16 - 04078367 _____ C:\Users\vimotrade\Downloads\Templatic.GeoPlaces.v4.6.11.rar

2013-12-17 03:07 - 2013-10-31 05:31 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-12-17 03:07 - 2013-10-31 05:31 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-12-17 03:07 - 2013-10-31 05:31 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-12-16 19:00 - 2013-01-16 08:02 - 00000600 _____ C:\Users\vimotrade\AppData\Local\PUTTY.RND

2013-12-16 11:10 - 2013-12-16 11:10 - 10805387 _____ C:\Users\vimotrade\Downloads\sabnzbd-0.7.16-win32-setup.exe

2013-12-16 10:10 - 2013-12-16 10:10 - 00049035 _____ C:\Users\vimotrade\Downloads\products.sql

2013-12-16 09:48 - 2013-12-16 09:48 - 01601425 _____ C:\Users\vimotrade\Downloads\kontaktlinsenpoint.sql

2013-12-16 08:56 - 2013-12-16 08:51 - 14715250 _____ C:\Users\vimotrade\Downloads\Sleek-Web-Banners.rar

2013-12-15 21:17 - 2013-12-15 21:17 - 00341342 _____ C:\Users\vimotrade\Downloads\Getaway.2013.German.BDRip.AC3LD.XviD-SMY.nzb

2013-12-15 20:22 - 2013-12-15 20:22 - 00386961 _____ C:\Users\vimotrade\Downloads\21.and.Over.2013.BDRip.AC3.German.XviD-POE.nzb

2013-12-15 20:20 - 2013-12-15 20:20 - 00372329 _____ C:\Users\vimotrade\Downloads\Nothing.Like.the.Holidays.German.2008.AC3.PROPER.DVDRip.XviD-ViDEOWELT.nzb

2013-12-15 10:55 - 2013-12-15 10:55 - 00015998 _____ C:\Users\vimotrade\Downloads\00038148.mid

2013-12-14 21:01 - 2013-12-14 20:50 - 65383484 _____ C:\Users\vimotrade\Downloads\Christmas_wooden_sign.rar

2013-12-14 14:26 - 2013-12-14 13:21 - 197592513 _____ C:\Users\vimotrade\Downloads\Water_splashes.rar

2013-12-14 13:05 - 2013-12-14 13:05 - 00002659 _____ C:\Users\Public\Desktop\Seolize.lnk

2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\seolize

2013-12-14 13:05 - 2013-08-23 09:07 - 00000000 ____D C:\Program Files (x86)\iannet

2013-12-14 13:04 - 2012-11-15 20:54 - 00000000 ____D C:\Users\vimotrade\AppData\Local\Downloaded Installations

2013-12-14 12:49 - 2013-12-14 12:36 - 38227985 _____ C:\Users\vimotrade\Downloads\gwqdn.ArcSoft.Portrait.Plus.3.0.0.400.rar

2013-12-14 10:41 - 2013-12-14 10:41 - 00031433 _____ C:\Users\vimotrade\Downloads\Laura.Wilde.-.Umarm.die.Welt.mit.mir.nzb

2013-12-13 23:56 - 2013-12-13 23:56 - 00568780 _____ C:\Users\vimotrade\Downloads\Breaking.Dawn.Biss.zum.Ende.der.Nacht.Teil.2.DVDRiP.LD.German.XViD-FW.nfo.nzb

2013-12-13 23:56 - 2013-12-13 23:56 - 00409678 _____ C:\Users\vimotrade\Downloads\2013.02.19_MNMN07.nzb

2013-12-13 23:45 - 2013-12-13 23:45 - 00457182 _____ C:\Users\vimotrade\Downloads\HMK777Hjk009kkl008kkj554ggh658.par2.nzb

2013-12-13 18:08 - 2012-11-06 17:23 - 00000000 ____D C:\Gambio GX November 2012

2013-12-13 15:52 - 2013-12-13 15:52 - 00033451 _____ C:\Users\vimotrade\Downloads\Helene Fischer_ _#8222_Farbenspiel_#8220_.nzb

2013-12-13 15:52 - 2013-12-13 15:52 - 00025406 _____ C:\Users\vimotrade\Downloads\Kirmesmusikanten - Das ist Musik f_#252_r Sie.nzb

2013-12-13 14:30 - 2013-06-19 08:52 - 00000000 ____D C:\HP Linsenpalast Volker Müller

2013-12-13 13:36 - 2013-12-13 13:36 - 00000000 ____D C:\MediaWebline

2013-12-13 12:22 - 2013-12-13 12:22 - 00059843 _____ C:\Users\vimotrade\Downloads\Paulina_Rubio-Pau_Factor-ES-CD-FLAC-2013-PERFECT.nzb

2013-12-13 12:04 - 2013-12-13 12:04 - 00063250 _____ C:\Users\vimotrade\Downloads\TechSmith.Camtasia.Studio.v8.0.2.964.GERMAN.par2.nzb

2013-12-12 10:22 - 2013-12-12 10:22 - 00708832 _____ C:\Users\vimotrade\Downloads\Studio A.nzb

2013-12-11 12:39 - 2013-12-11 12:39 - 00038805 _____ C:\Users\vimotrade\Downloads\Template-Update-2.0.12.2-auf-2.0.13.0.zip

2013-12-11 11:13 - 2013-12-11 11:13 - 00187576 _____ C:\Users\vimotrade\Downloads\Illegal Scheissegal Wir ficken überall 1.nzb

2013-12-11 11:12 - 2013-12-11 11:12 - 00369472 _____ C:\Users\vimotrade\Downloads\Perverse Bullen.nzb

2013-12-11 11:11 - 2013-12-11 11:11 - 00166772 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 1.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00195545 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 3.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187490 _____ C:\Users\vimotrade\Downloads\Pleasure - Kamasutra.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187028 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 2.nzb

2013-12-11 11:09 - 2013-12-11 11:08 - 00465844 _____ C:\Users\vimotrade\Downloads\SM-Stories und was ist dein Fetish.nzb

2013-12-11 11:07 - 2013-12-11 11:07 - 00157396 _____ C:\Users\vimotrade\Downloads\Vollgewichste Gang Bang Schlampen 16.nzb
 

Files to move or delete:

====================

C:\ProgramData\hpe37E3.dll

C:\ProgramData\MSRecovery.exe
 
 

Some content of TEMP:

====================

C:\Users\vimotrade\AppData\Local\Temp\AskSLib.dll

C:\Users\vimotrade\AppData\Local\Temp\bassmod.dll

C:\Users\vimotrade\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\vimotrade\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\vimotrade\AppData\Local\Temp\gert0.exe

C:\Users\vimotrade\AppData\Local\Temp\htmlayout.dll

C:\Users\vimotrade\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.2.2.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.4.5.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.5.1.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\vimotrade\AppData\Local\Temp\nvStInst.exe

C:\Users\vimotrade\AppData\Local\Temp\ose00000.exe

C:\Users\vimotrade\AppData\Local\Temp\RegSvcs.exe

C:\Users\vimotrade\AppData\Local\Temp\Setup.exe

C:\Users\vimotrade\AppData\Local\Temp\SkypeSetup.exe

C:\Users\vimotrade\AppData\Local\Temp\tbVuze.dll

C:\Users\vimotrade\AppData\Local\Temp\vlc-2.0.4-win32.exe

C:\Users\vimotrade\AppData\Local\Temp\vlc-2.1.2-win32.exe

C:\Users\vimotrade\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-12-21 13:40:46

Restore point made on: 2013-12-26 10:30:45

Restore point made on: 2014-01-07 08:12:24

Restore point made on: 2014-01-08 17:58:41
 

==================== Memory info =========================== 
 

Percentage of memory in use: 8%

Total physical RAM: 12279.17 MB

Available physical RAM: 11180.11 MB

Total Pagefile: 12277.37 MB

Available Pagefile: 11210.5 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:458.46 GB) (Free:176.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (WINXP) (Fixed) (Total:229.14 GB) (Free:216.76 GB) NTFS

Drive f: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:3.05 GB) NTFS

Drive l: (TREKSTOR) (Fixed) (Total:931.28 GB) (Free:774.3 GB) FAT32

Drive m: (Memory) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT32

Drive n: (Volume) (Fixed) (Total:931.51 GB) (Free:211.76 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (DATA) (Fixed) (Total:229.27 GB) (Free:48.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D680BDE)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=229 GB) - (Type=05)

Partition 4: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
 

========================================================

Disk: 5 (Size: 932 GB) (Disk ID: 1514B520)

Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
 

========================================================

Disk: 6 (Size: 2 GB) (Disk ID: 008B78B6)

Partition 1: (Active) - (Size=2 GB) - (Type=0B)
 

========================================================

Disk: 7 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7AA2B13E)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
 

LastRegBack: 2014-01-09 00:25
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hallo,

funktioniert noch einer der 3 abgesicherten Modi?
(Unbedingt auch den "abgesicherten Modus mit Eingabeaufforderung" testen, ob du dort auf das schwarze Konsolenfenster gelangst.)

Hallo Leo,

habe alle Abgesicherten Modis getestet.- laufen alle.

Was soll ich jetzt noch tun ? Ich warte jetzt ab bevor ich den PC im Normalmodus starte.- oder ?

LG Nadine

Dann mach einen FRST-Scan im abgesicherten Modus mit Netzwerktreibern:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Leo, wahnsinn ,- das schafft niemand ohne Eure Hilfe.- DANKE

Hier die beiden Dateien:

FRST.TXT

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014

Ran by vimotrade (administrator) on VIMOTRADE-PC on 10-01-2014 16:12:12

Running from N:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Safe Mode (with Networking)
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\HelpPane.exe

(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] - Skytel.exe

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [M-Audio Taskbar Icon] - C:\Windows\system32\MAFWDITray.exe

HKLM-x32\...\Run: [SAOB Monitor] - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vmware-tray] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2012-01-18] (VMware, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [MailListController] - C:\Program Files (x86)\Arclab\MailList Controller\amlcSCT.exe [392944 2012-04-01] (Arclab Software GbR)

HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe [20686472 2012-11-21] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [PowerSEORanker] - C:\Program Files (x86)\Power SEO Ranker\PowerSEORanker.exe [1080320 2012-08-03] (Evergreen Internet Marketers)

HKLM-x32\...\Run: [LiveZilla] - C:\Program Files (x86)\LiveZilla\LiveZilla.exe [8684480 2013-05-22] (LiveZilla GmbH)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)

HKCU\...\Run: [Google Update] - C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)

HKCU\...\Winlogon: [Userinit] 

HKCU\...\Winlogon: [Shell] 

MountPoints2: M - M:\setup.exe

MountPoints2: {374aa83c-25b3-11e3-917f-001f3f0cc3c2} - G:\autorun.exe

MountPoints2: {e8d1bd3e-dda4-11e1-98e8-00016c6ae6f4} - K:\pushinst.exe

Startup: C:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

ShortcutTarget: AutoStarter.lnk -> L:\Firstload\Lizenzomat\Lizenzomat.v4.0.0.0.260.German-LAXiTY\Lizenzomat.v4.0.0.0.260.German-LAXiTY.exe (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF38B1C4BB571CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {96C63769-C496-4EC2-A65E-EB6370933B59} URL = 

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=b3eb538f-f0d2-ac88-50e4-cda9196253b3&searchtype=ds&q={searchTerms}&installDate=10/10/2013

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

SearchScopes: HKCU - DefaultScope {96C63769-C496-4EC2-A65E-EB6370933B59} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=b3eb538f-f0d2-ac88-50e4-cda9196253b3&searchtype=ds&q={searchTerms}&installDate=10/10/2013

SearchScopes: HKCU - {96C63769-C496-4EC2-A65E-EB6370933B59} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 

FireFox:

========

FF ProfilePath: C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default

FF NewTab: about:blank

FF DefaultSearchEngine: RadioTotal1 Customized Web Search

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF SelectedSearchEngine: RadioTotal1 Customized Web Search

FF Homepage: hxxp://www.google.de

FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN78348609011607315&UM=2&q=

FF NetworkProxy: "no_proxies_on", "localhost"

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\vimotrade\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\vimotrade\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\searchplugins\Web Search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: vis - C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

FF Extension: SeoQuake - C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF Extension: RadioTotal1  - C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5}

FF Extension: Web Developer - C:\Users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

FF Extension: A1 Servicecenter - C:\Program Files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.de/

CHR Plugin: (Shockwave Flash) - C:\Users\vimotrade\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\vimotrade\AppData\Local\Google\Chrome\Application\32.0.1700.72\gcswf32.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\vimotrade\AppData\Local\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\vimotrade\AppData\Local\Google\Chrome\Application\32.0.1700.72\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Google Update) - C:\Users\vimotrade\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Lockify) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd\0.9.22.506_0

CHR Extension: (Google Drive) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0

CHR Extension: (Alexa Traffic Rank) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.2_0

CHR Extension: (ebay Deutschland) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpckjpbhckkjhgimjnfkfihndaphlpog\1.2_0

CHR Extension: (Clear Cache) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\0.3.3.3_0

CHR Extension: (trivago) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\edblomofeadhmkjoelbimgjmhaobnflo\6.8.5.1_0

CHR Extension: (AdBlock) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhfjnejkpodaoodkkmkjbpopknbaeef\0.1.12_0

CHR Extension: (Air Hockey) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph\2.0.0_0

CHR Extension: (PageRank Status) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.0.0_0

CHR Extension: (SearchPreview) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.3_0

CHR Extension: (Google Keep) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.13513.1396_0

CHR Extension: (Dropbox) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0

CHR Extension: (HRS - Das Hotelportal) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabglnaiaineppgldpbieehjgfbffhpp\1.7_0

CHR Extension: (Google Wallet) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1

CHR Extension: (\u0422\u0412 \u043E\u043D\u043B\u0430\u0439\u043D) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh\0.4_0

CHR Extension: (eBay Deals) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pllkgmcojhajjmojfoagiegoibjognlc\1.0.4_0

CHR Extension: (Linkparser) - C:\Users\vimotrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmghbmgeolancmmnklifafgooobplifn\1.5.0_0

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\VIMOTR~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx

CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\vimotrade\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx

CHR HKCU\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\vimotrade\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx

CHR HKLM-x32\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\vimotrade\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx

CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\vimotrade\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx
 

==================== Services (Whitelisted) =================
 

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32448 2012-11-29] ()

S2 MailList Controller; c:\program files (x86)\arclab\maillist controller\amlcSVC.exe [2871024 2012-06-04] (Arclab Software GbR)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)

S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-26] (Nitro PDF Software)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

S2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()

S2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG)

S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)

S2 SiteMonitorEnterprise; C:\Program Files (x86)\iannet\SiteMonitorEnterprise\SiteMonitorEnterprise.exe [42064 2013-07-25] (iannet)

S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] ()

S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)

S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-07-08] (Samsung Electronics Co., Ltd.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-03] (DT Soft Ltd)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 gwfilt64; C:\Windows\System32\drivers\gwfilt64.sys [28160 2008-04-10] (Creative Technology Ltd.)

S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)

S3 MAFWPROFIRE; C:\Windows\System32\DRIVERS\MAudioProFire.sys [287240 2010-03-01] (Avid Technology, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)

R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-06-08] (Acronis)

S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)

U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-10 19:02 - 2014-01-10 19:02 - 00000000 ____D C:\_OTL

2014-01-10 17:25 - 2014-01-10 17:25 - 00036614 _____ C:\Extras.Txt

2014-01-10 15:56 - 2014-01-10 16:04 - 00000209 _____ C:\Windows\WINCMD.INI

2014-01-10 13:58 - 2014-01-10 13:58 - 00000000 ____D C:\FRST

2014-01-09 19:28 - 2014-01-09 19:28 - 00000000 ____D C:\HP MyLensi ++++++++++++++++++

2014-01-09 19:03 - 2014-01-09 19:05 - 00000000 ____D C:\HP linsen4you.eu - Gaschler +++++++++++++

2014-01-09 18:20 - 2014-01-09 18:36 - 49892779 _____ C:\Users\vimotrade\Downloads\GR_A4_Restaurant_Menu.rar

2014-01-09 10:49 - 2014-01-09 10:49 - 00024876 _____ C:\Users\vimotrade\Downloads\au8UqZg5Am.par2.nzb

2014-01-09 10:39 - 2014-01-09 10:39 - 00309483 _____ C:\Users\vimotrade\Downloads\Anal Boot Camp # 2.nzb

2014-01-09 09:38 - 2014-01-09 09:38 - 00011762 _____ C:\Users\vimotrade\Downloads\products_options_values.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00005513 _____ C:\Users\vimotrade\Downloads\products_options_values_to_products_options.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00002527 _____ C:\Users\vimotrade\Downloads\products_to_categories.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00001866 _____ C:\Users\vimotrade\Downloads\products_options.sql

2014-01-09 09:37 - 2014-01-09 09:37 - 00380161 _____ C:\Users\vimotrade\Downloads\products_attributes.sql

2014-01-08 22:24 - 2014-01-08 22:24 - 00000000 ____D C:\HP Hüttenwoche

2014-01-08 18:48 - 2014-01-08 18:59 - 1111098335 _____ C:\Users\vimotrade\Downloads\wetransfer-f5b765.zip

2014-01-08 17:59 - 2014-01-08 17:59 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA Corporation

2014-01-08 17:58 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2014-01-08 17:58 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2014-01-08 17:57 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-01-08 17:57 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-01-07 16:52 - 2014-01-07 17:12 - 00000000 ____D C:\PSS Schorr

2014-01-07 12:41 - 2014-01-07 12:41 - 00000000 ____D C:\Starlight

2014-01-02 09:30 - 2014-01-02 09:30 - 00000000 ____D C:\Liefer

2013-12-31 19:41 - 2013-12-31 19:41 - 00109685 _____ C:\Users\vimotrade\Downloads\kolsche jung (radio edit) - brings.mid

2013-12-31 14:09 - 2014-01-01 17:51 - 00000000 ____D C:\Guten Rutsch

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\vimotrade\AppData\Local\JTL-Software-GmbH

2013-12-31 13:20 - 2013-12-31 13:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-12-31 13:20 - 2013-12-31 13:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-12-31 12:17 - 2013-12-31 14:24 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\jtl-software

2013-12-31 12:17 - 2013-12-31 12:17 - 00000000 ____D C:\ProgramData\JTL-Software

2013-12-31 10:16 - 2013-12-31 10:17 - 00013527 _____ C:\Users\vimotrade\Downloads\dan_gaan_de_lichten_aan.zip

2013-12-31 09:50 - 2013-12-31 09:50 - 00010280 _____ C:\Users\vimotrade\Downloads\10002089mdm.mid

2013-12-31 09:49 - 2013-12-31 09:49 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891 (1).mid

2013-12-31 09:46 - 2013-12-31 09:46 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891.mid

2013-12-31 09:28 - 2013-12-31 09:28 - 00014321 _____ C:\Users\vimotrade\Downloads\00037992.mid

2013-12-31 09:26 - 2013-12-31 09:26 - 00009791 _____ C:\Users\vimotrade\Downloads\00037939.mid

2013-12-30 20:23 - 2013-12-30 20:23 - 00328864 _____ C:\Users\vimotrade\Downloads\Der König der Arschficker 4.nzb

2013-12-30 20:23 - 2013-12-30 20:23 - 00187702 _____ C:\Users\vimotrade\Downloads\Alte Kameraden 2 - Alte Sau Junge Dose.nzb

2013-12-30 18:10 - 2013-12-30 18:10 - 00018915 _____ C:\Users\vimotrade\Downloads\AVS.Video.Converter.8.4.2.541.incl.Patch(Mehrsprachig).nfo.nzb

2013-12-30 15:38 - 2013-12-30 15:38 - 00000000 ____D C:\HP Kontaktlinsenhit WAWI Connector

2013-12-30 09:44 - 2013-12-30 09:44 - 00093201 _____ C:\Users\vimotrade\Downloads\kmd-iiswfue16-sample.mp4.nzb

2013-12-30 09:43 - 2013-12-30 09:43 - 00475330 _____ C:\Users\vimotrade\Downloads\SexBox06.par2.nzb

2013-12-30 09:40 - 2013-12-30 09:40 - 00130256 _____ C:\Users\vimotrade\Downloads\kmd-azsae-sample.mp4.nzb

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Stepok Softwares

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Light Developer

2013-12-30 09:29 - 2013-12-30 09:37 - 00000000 ____D C:\Program Files\Recomposit pro

2013-12-29 07:28 - 2013-12-29 07:28 - 00369525 _____ C:\Users\vimotrade\Downloads\Best Of Fetish 15.nzb

2013-12-29 07:27 - 2013-12-29 07:27 - 00369325 _____ C:\Users\vimotrade\Downloads\Inflagranti - Züchtige Sie.nzb

2013-12-29 07:26 - 2013-12-29 07:26 - 00374483 _____ C:\Users\vimotrade\Downloads\Stahlhart - Schlüsselreiz.nzb

2013-12-29 07:21 - 2013-12-29 07:21 - 00121031 _____ C:\Users\vimotrade\Downloads\ps-pm4-sample.mp4.nzb

2013-12-29 07:17 - 2013-12-29 07:17 - 01381562 _____ C:\Users\vimotrade\Downloads\Stuten Tausch 9.nzb

2013-12-26 20:12 - 2013-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-26 10:31 - 2013-12-26 10:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-12-26 10:31 - 2013-12-26 10:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-26 10:31 - 2013-12-26 10:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-25 21:11 - 2013-12-25 21:11 - 01946993 _____ C:\Users\vimotrade\Downloads\Popstar.auf.Umwegen.-.Lizzie.McGuire_.Ein.Traum.wird.wahr.-.2003.German.ML.(DVD9).untouched{{dPB.nzb

2013-12-25 19:30 - 2013-12-25 19:30 - 00915368 _____ (Oracle Corporation) C:\Users\vimotrade\Downloads\chromeinstall-7u45.exe

2013-12-25 19:14 - 2013-12-25 19:14 - 00064475 _____ C:\Users\vimotrade\Downloads\envatocash10.rar

2013-12-25 13:56 - 2013-12-25 14:30 - 91927299 _____ C:\Users\vimotrade\Downloads\ironband161.rar

2013-12-25 11:22 - 2013-12-25 11:22 - 00135751 _____ C:\Users\vimotrade\Downloads\Bis die Fotze glüht - Sexy Susi.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00051645 _____ C:\Users\vimotrade\Downloads\Andr_#232_ Rieu - Merry Christmas!.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00029080 _____ C:\Users\vimotrade\Downloads\Enya - Christmas.nzb

2013-12-24 12:35 - 2013-12-24 12:35 - 00041977 _____ C:\Users\vimotrade\Downloads\VA - Balt Nun Ist Weihnachtszeit (1970-2004).nzb

2013-12-24 11:01 - 2013-12-24 11:01 - 00037053 _____ C:\Users\vimotrade\Downloads\Boccherini Guitar Quartet - Christmas Guitar.nzb

2013-12-24 11:00 - 2013-12-24 11:00 - 00068338 _____ C:\Users\vimotrade\Downloads\Die.neuen.Weihnachts.Hits.Vol.2{{]av4C55RP7DzMTi7i}}.nzb

2013-12-23 17:12 - 2013-12-23 17:12 - 00018381 _____ C:\Users\vimotrade\Downloads\10026368mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00020200 _____ C:\Users\vimotrade\Downloads\10026414mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00000144 _____ C:\Users\vimotrade\Downloads\10026435.mid

2013-12-23 17:09 - 2013-12-23 17:09 - 00016374 _____ C:\Users\vimotrade\Downloads\10026439mdm.mid

2013-12-23 17:08 - 2013-12-23 17:08 - 00025117 _____ C:\Users\vimotrade\Downloads\10026475mdm.mid

2013-12-23 17:07 - 2013-12-23 17:07 - 00016966 _____ C:\Users\vimotrade\Downloads\10026471mdm.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00024378 _____ C:\Users\vimotrade\Downloads\10026488hdg.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00019713 _____ C:\Users\vimotrade\Downloads\10026487hdg.mid

2013-12-23 17:05 - 2013-12-23 17:05 - 00019028 _____ C:\Users\vimotrade\Downloads\10026486hdg.mid

2013-12-23 14:43 - 2013-12-23 15:15 - 98047312 _____ C:\Users\vimotrade\Downloads\t00131222-563-ChristmasBobby.z.rar

2013-12-23 09:07 - 2013-12-23 09:07 - 00000220 _____ C:\Users\vimotrade\Desktop\U1Tirol64.wax

2013-12-20 17:55 - 2013-12-20 19:35 - 308249868 _____ C:\Users\vimotrade\Downloads\GS146.Minus.40C.GFXTRA.COM.rar

2013-12-20 16:10 - 2014-01-09 14:16 - 00000000 ____D C:\HP MyLensi

2013-12-19 09:42 - 2013-12-19 09:42 - 00000000 ____D C:\Projekt SParpreis Verkauf

2013-12-18 21:33 - 2013-12-18 21:33 - 00000000 ____D C:\Künstler

2013-12-18 20:13 - 2013-12-18 20:13 - 00015237 _____ C:\Users\vimotrade\Downloads\bring_tha_noize.zip

2013-12-17 19:37 - 2013-12-17 19:37 - 00000508 _____ C:\Users\vimotrade\Downloads\schnellanfrage-2013-12-17.csv

2013-12-17 14:15 - 2013-12-17 14:15 - 00191872 _____ C:\Users\vimotrade\Downloads\usr_web38_22.sql.gz

2013-12-17 11:51 - 2013-12-17 12:05 - 00000000 ____D C:\Krausse Artikel Export

2013-12-17 11:35 - 2013-12-17 11:35 - 00194510 _____ C:\Users\vimotrade\Downloads\Professional.Server.Status.Script.rar

2013-12-17 11:18 - 2013-12-17 11:29 - 00000000 ____D C:\Data

2013-12-17 11:13 - 2013-12-17 11:13 - 00001059 _____ C:\Users\vimotrade\Desktop\Web Data Extractor.lnk

2013-12-17 11:13 - 2013-12-17 11:13 - 00000000 ____D C:\Program Files (x86)\WebExtractor

2013-12-17 10:55 - 2013-12-17 10:55 - 00225908 ____H C:\Windows\SysWOW64\mlfcache.dat

2013-12-17 10:16 - 2013-12-17 10:17 - 04078367 _____ C:\Users\vimotrade\Downloads\Templatic.GeoPlaces.v4.6.11.rar

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-12-16 08:51 - 2013-12-16 08:56 - 14715250 _____ C:\Users\vimotrade\Downloads\Sleek-Web-Banners.rar

2013-12-14 20:50 - 2013-12-14 21:01 - 65383484 _____ C:\Users\vimotrade\Downloads\Christmas_wooden_sign.rar

2013-12-14 13:21 - 2013-12-14 14:26 - 197592513 _____ C:\Users\vimotrade\Downloads\Water_splashes.rar

2013-12-14 13:05 - 2013-12-14 13:05 - 00002659 _____ C:\Users\Public\Desktop\Seolize.lnk

2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\seolize

2013-12-14 12:36 - 2013-12-14 12:49 - 38227985 _____ C:\Users\vimotrade\Downloads\gwqdn.ArcSoft.Portrait.Plus.3.0.0.400.rar

2013-12-13 13:36 - 2013-12-13 13:36 - 00000000 ____D C:\MediaWebline

2013-12-13 12:22 - 2013-12-13 12:22 - 00059843 _____ C:\Users\vimotrade\Downloads\Paulina_Rubio-Pau_Factor-ES-CD-FLAC-2013-PERFECT.nzb

2013-12-13 12:04 - 2013-12-13 12:04 - 00063250 _____ C:\Users\vimotrade\Downloads\TechSmith.Camtasia.Studio.v8.0.2.964.GERMAN.par2.nzb

2013-12-12 10:22 - 2013-12-12 10:22 - 00708832 _____ C:\Users\vimotrade\Downloads\Studio A.nzb

2013-12-12 07:17 - 2014-01-09 19:03 - 00000000 ____D C:\HP Kontaktlinsen Point +++++++++++++++

2013-12-11 12:39 - 2013-12-11 12:39 - 00038805 _____ C:\Users\vimotrade\Downloads\Template-Update-2.0.12.2-auf-2.0.13.0.zip

2013-12-11 11:13 - 2013-12-11 11:13 - 00187576 _____ C:\Users\vimotrade\Downloads\Illegal Scheissegal Wir ficken überall 1.nzb

2013-12-11 11:12 - 2013-12-11 11:12 - 00369472 _____ C:\Users\vimotrade\Downloads\Perverse Bullen.nzb

2013-12-11 11:11 - 2013-12-11 11:11 - 00166772 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 1.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00195545 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 3.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187490 _____ C:\Users\vimotrade\Downloads\Pleasure - Kamasutra.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187028 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 2.nzb

2013-12-11 11:08 - 2013-12-11 11:09 - 00465844 _____ C:\Users\vimotrade\Downloads\SM-Stories und was ist dein Fetish.nzb

2013-12-11 11:07 - 2013-12-11 11:07 - 00157396 _____ C:\Users\vimotrade\Downloads\Vollgewichste Gang Bang Schlampen 16.nzb
 

==================== One Month Modified Files and Folders =======
 

2014-01-10 19:32 - 2012-08-03 20:56 - 00000000 ___RD C:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-10 19:02 - 2014-01-10 19:02 - 00000000 ____D C:\_OTL

2014-01-10 17:25 - 2014-01-10 17:25 - 00036614 _____ C:\Extras.Txt

2014-01-10 17:21 - 2012-08-03 20:56 - 00000000 ____D C:\Users\vimotrade

2014-01-10 16:11 - 2012-11-13 14:39 - 00000000 ____D C:\Users\vimotrade\AppData\Local\TSVNCache

2014-01-10 16:04 - 2014-01-10 15:56 - 00000209 _____ C:\Windows\WINCMD.INI

2014-01-10 14:46 - 2012-11-07 09:41 - 00000000 ____D C:\ProgramData\VMware

2014-01-10 14:45 - 2012-11-08 01:37 - 00031732 _____ C:\Windows\mlkumidi.log

2014-01-10 14:45 - 2012-08-03 22:18 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-10 14:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-10 14:45 - 2009-07-14 05:51 - 02028703 _____ C:\Windows\setupact.log

2014-01-10 13:58 - 2014-01-10 13:58 - 00000000 ____D C:\FRST

2014-01-10 13:24 - 2012-08-03 20:49 - 01694897 _____ C:\Windows\WindowsUpdate.log

2014-01-10 13:23 - 2013-05-29 07:34 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-10 13:22 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-10 13:22 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-10 13:18 - 2012-08-03 23:26 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA.job

2014-01-10 13:13 - 2012-08-04 00:14 - 00000000 ____D C:\Users\vimotrade\Documents\Outlook-Dateien

2014-01-10 13:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Skype

2014-01-10 13:09 - 2011-04-12 08:43 - 00760296 _____ C:\Windows\system32\perfh007.dat

2014-01-10 13:09 - 2011-04-12 08:43 - 00174768 _____ C:\Windows\system32\perfc007.dat

2014-01-10 13:09 - 2009-07-14 06:13 - 01780358 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-10 10:04 - 2013-05-29 07:34 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-10 09:54 - 2012-08-03 21:40 - 00000000 ____D C:\Users\vimotrade\AppData\Local\Adobe

2014-01-10 09:30 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-09 23:07 - 2012-08-03 22:08 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\FileZilla

2014-01-09 21:36 - 2012-08-04 02:30 - 00000000 ____D C:\Users\vimotrade\Documents\NFG Home

2014-01-09 19:40 - 2012-08-05 11:04 - 00001456 _____ C:\Users\vimotrade\AppData\Local\Adobe Für Web speichern 13.0 Prefs

2014-01-09 19:28 - 2014-01-09 19:28 - 00000000 ____D C:\HP MyLensi ++++++++++++++++++

2014-01-09 19:05 - 2014-01-09 19:03 - 00000000 ____D C:\HP linsen4you.eu - Gaschler +++++++++++++

2014-01-09 19:03 - 2013-12-12 07:17 - 00000000 ____D C:\HP Kontaktlinsen Point +++++++++++++++

2014-01-09 18:36 - 2014-01-09 18:20 - 49892779 _____ C:\Users\vimotrade\Downloads\GR_A4_Restaurant_Menu.rar

2014-01-09 14:16 - 2013-12-20 16:10 - 00000000 ____D C:\HP MyLensi

2014-01-09 10:49 - 2014-01-09 10:49 - 00024876 _____ C:\Users\vimotrade\Downloads\au8UqZg5Am.par2.nzb

2014-01-09 10:39 - 2014-01-09 10:39 - 00309483 _____ C:\Users\vimotrade\Downloads\Anal Boot Camp # 2.nzb

2014-01-09 09:38 - 2014-01-09 09:38 - 00011762 _____ C:\Users\vimotrade\Downloads\products_options_values.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00005513 _____ C:\Users\vimotrade\Downloads\products_options_values_to_products_options.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00002527 _____ C:\Users\vimotrade\Downloads\products_to_categories.sql

2014-01-09 09:38 - 2014-01-09 09:38 - 00001866 _____ C:\Users\vimotrade\Downloads\products_options.sql

2014-01-09 09:37 - 2014-01-09 09:37 - 00380161 _____ C:\Users\vimotrade\Downloads\products_attributes.sql

2014-01-09 09:25 - 2012-08-04 13:21 - 00000000 ____D C:\orgaMAX

2014-01-09 03:18 - 2012-08-03 23:26 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core.job

2014-01-08 22:24 - 2014-01-08 22:24 - 00000000 ____D C:\HP Hüttenwoche

2014-01-08 18:59 - 2014-01-08 18:48 - 1111098335 _____ C:\Users\vimotrade\Downloads\wetransfer-f5b765.zip

2014-01-08 18:11 - 2012-08-04 14:20 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\vlc

2014-01-08 17:59 - 2014-01-08 17:59 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA Corporation

2014-01-08 17:59 - 2013-10-07 20:08 - 00000000 ____D C:\Users\vimotrade\AppData\Local\NVIDIA

2014-01-08 17:59 - 2012-08-03 22:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2014-01-08 17:58 - 2012-08-03 22:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2014-01-08 17:58 - 2012-08-03 22:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2014-01-08 15:19 - 2013-06-01 13:50 - 00000000 ____D C:\HP Kölsche Woche

2014-01-08 11:41 - 2013-10-03 11:40 - 00000000 ____D C:\Users\vimotrade\Documents\ASEOPS 7

2014-01-08 10:05 - 2012-08-09 21:22 - 00000000 ____D C:\SEO Projekte

2014-01-08 02:43 - 2012-08-03 23:27 - 00002384 _____ C:\Users\vimotrade\Desktop\Google Chrome.lnk

2014-01-07 18:02 - 2013-06-04 11:54 - 00000000 ____D C:\HP Rabaue

2014-01-07 17:12 - 2014-01-07 16:52 - 00000000 ____D C:\PSS Schorr

2014-01-07 12:41 - 2014-01-07 12:41 - 00000000 ____D C:\Starlight

2014-01-07 10:37 - 2012-11-07 08:50 - 00000000 ____D C:\WP

2014-01-06 22:11 - 2013-10-16 15:28 - 00000000 ____D C:\PKW Kaufvertrag

2014-01-06 17:38 - 2013-11-20 19:24 - 00001754 _____ C:\Windows\Sandboxie.ini

2014-01-02 09:30 - 2014-01-02 09:30 - 00000000 ____D C:\Liefer

2014-01-01 17:51 - 2013-12-31 14:09 - 00000000 ____D C:\Guten Rutsch

2013-12-31 19:41 - 2013-12-31 19:41 - 00109685 _____ C:\Users\vimotrade\Downloads\kolsche jung (radio edit) - brings.mid

2013-12-31 14:30 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-12-31 14:24 - 2013-12-31 12:17 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\jtl-software

2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\vimotrade\AppData\Local\JTL-Software-GmbH

2013-12-31 13:22 - 2013-12-31 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-12-31 13:22 - 2012-08-06 21:47 - 01658746 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-31 13:21 - 2013-12-31 13:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-12-31 13:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2013-12-31 12:17 - 2013-12-31 12:17 - 00000000 ____D C:\ProgramData\JTL-Software

2013-12-31 10:17 - 2013-12-31 10:16 - 00013527 _____ C:\Users\vimotrade\Downloads\dan_gaan_de_lichten_aan.zip

2013-12-31 09:50 - 2013-12-31 09:50 - 00010280 _____ C:\Users\vimotrade\Downloads\10002089mdm.mid

2013-12-31 09:49 - 2013-12-31 09:49 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891 (1).mid

2013-12-31 09:46 - 2013-12-31 09:46 - 00013222 _____ C:\Users\vimotrade\Downloads\00037891.mid

2013-12-31 09:28 - 2013-12-31 09:28 - 00014321 _____ C:\Users\vimotrade\Downloads\00037992.mid

2013-12-31 09:26 - 2013-12-31 09:26 - 00009791 _____ C:\Users\vimotrade\Downloads\00037939.mid

2013-12-30 20:23 - 2013-12-30 20:23 - 00328864 _____ C:\Users\vimotrade\Downloads\Der König der Arschficker 4.nzb

2013-12-30 20:23 - 2013-12-30 20:23 - 00187702 _____ C:\Users\vimotrade\Downloads\Alte Kameraden 2 - Alte Sau Junge Dose.nzb

2013-12-30 18:31 - 2013-04-19 06:26 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\AVS4YOU

2013-12-30 18:28 - 2013-04-19 06:26 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU

2013-12-30 18:28 - 2013-04-19 06:25 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-12-30 18:10 - 2013-12-30 18:10 - 00018915 _____ C:\Users\vimotrade\Downloads\AVS.Video.Converter.8.4.2.541.incl.Patch(Mehrsprachig).nfo.nzb

2013-12-30 15:38 - 2013-12-30 15:38 - 00000000 ____D C:\HP Kontaktlinsenhit WAWI Connector

2013-12-30 09:44 - 2013-12-30 09:44 - 00093201 _____ C:\Users\vimotrade\Downloads\kmd-iiswfue16-sample.mp4.nzb

2013-12-30 09:43 - 2013-12-30 09:43 - 00475330 _____ C:\Users\vimotrade\Downloads\SexBox06.par2.nzb

2013-12-30 09:40 - 2013-12-30 09:40 - 00130256 _____ C:\Users\vimotrade\Downloads\kmd-azsae-sample.mp4.nzb

2013-12-30 09:37 - 2013-12-30 09:29 - 00000000 ____D C:\Program Files\Recomposit pro

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Stepok Softwares

2013-12-30 09:30 - 2013-12-30 09:30 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\Light Developer

2013-12-29 07:28 - 2013-12-29 07:28 - 00369525 _____ C:\Users\vimotrade\Downloads\Best Of Fetish 15.nzb

2013-12-29 07:27 - 2013-12-29 07:27 - 00369325 _____ C:\Users\vimotrade\Downloads\Inflagranti - Züchtige Sie.nzb

2013-12-29 07:26 - 2013-12-29 07:26 - 00374483 _____ C:\Users\vimotrade\Downloads\Stahlhart - Schlüsselreiz.nzb

2013-12-29 07:21 - 2013-12-29 07:21 - 00121031 _____ C:\Users\vimotrade\Downloads\ps-pm4-sample.mp4.nzb

2013-12-29 07:17 - 2013-12-29 07:17 - 01381562 _____ C:\Users\vimotrade\Downloads\Stuten Tausch 9.nzb

2013-12-29 06:54 - 2012-08-04 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 08:48 - 2012-08-04 00:30 - 00000000 ____D C:\Users\vimotrade\Documents\VIMO Trade

2013-12-26 20:12 - 2013-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-26 11:51 - 2010-11-21 04:47 - 00446590 _____ C:\Windows\PFRO.log

2013-12-26 10:31 - 2013-12-26 10:31 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-12-26 10:31 - 2013-12-26 10:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-12-26 10:31 - 2013-12-26 10:31 - 00000000 ____D C:\ProgramData\Oracle

2013-12-26 10:31 - 2013-06-19 20:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-12-26 10:31 - 2013-06-19 20:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-12-26 10:31 - 2012-08-10 12:01 - 00000000 ____D C:\Program Files (x86)\Java

2013-12-25 21:11 - 2013-12-25 21:11 - 01946993 _____ C:\Users\vimotrade\Downloads\Popstar.auf.Umwegen.-.Lizzie.McGuire_.Ein.Traum.wird.wahr.-.2003.German.ML.(DVD9).untouched{{dPB.nzb

2013-12-25 19:30 - 2013-12-25 19:30 - 00915368 _____ (Oracle Corporation) C:\Users\vimotrade\Downloads\chromeinstall-7u45.exe

2013-12-25 19:14 - 2013-12-25 19:14 - 00064475 _____ C:\Users\vimotrade\Downloads\envatocash10.rar

2013-12-25 14:30 - 2013-12-25 13:56 - 91927299 _____ C:\Users\vimotrade\Downloads\ironband161.rar

2013-12-25 11:22 - 2013-12-25 11:22 - 00135751 _____ C:\Users\vimotrade\Downloads\Bis die Fotze glüht - Sexy Susi.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00051645 _____ C:\Users\vimotrade\Downloads\Andr_#232_ Rieu - Merry Christmas!.nzb

2013-12-24 12:36 - 2013-12-24 12:36 - 00029080 _____ C:\Users\vimotrade\Downloads\Enya - Christmas.nzb

2013-12-24 12:35 - 2013-12-24 12:35 - 00041977 _____ C:\Users\vimotrade\Downloads\VA - Balt Nun Ist Weihnachtszeit (1970-2004).nzb

2013-12-24 11:01 - 2013-12-24 11:01 - 00037053 _____ C:\Users\vimotrade\Downloads\Boccherini Guitar Quartet - Christmas Guitar.nzb

2013-12-24 11:00 - 2013-12-24 11:00 - 00068338 _____ C:\Users\vimotrade\Downloads\Die.neuen.Weihnachts.Hits.Vol.2{{]av4C55RP7DzMTi7i}}.nzb

2013-12-23 17:12 - 2013-12-23 17:12 - 00018381 _____ C:\Users\vimotrade\Downloads\10026368mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00020200 _____ C:\Users\vimotrade\Downloads\10026414mdm.mid

2013-12-23 17:11 - 2013-12-23 17:11 - 00000144 _____ C:\Users\vimotrade\Downloads\10026435.mid

2013-12-23 17:09 - 2013-12-23 17:09 - 00016374 _____ C:\Users\vimotrade\Downloads\10026439mdm.mid

2013-12-23 17:08 - 2013-12-23 17:08 - 00025117 _____ C:\Users\vimotrade\Downloads\10026475mdm.mid

2013-12-23 17:07 - 2013-12-23 17:07 - 00016966 _____ C:\Users\vimotrade\Downloads\10026471mdm.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00024378 _____ C:\Users\vimotrade\Downloads\10026488hdg.mid

2013-12-23 17:06 - 2013-12-23 17:06 - 00019713 _____ C:\Users\vimotrade\Downloads\10026487hdg.mid

2013-12-23 17:05 - 2013-12-23 17:05 - 00019028 _____ C:\Users\vimotrade\Downloads\10026486hdg.mid

2013-12-23 15:15 - 2013-12-23 14:43 - 98047312 _____ C:\Users\vimotrade\Downloads\t00131222-563-ChristmasBobby.z.rar

2013-12-23 09:07 - 2013-12-23 09:07 - 00000220 _____ C:\Users\vimotrade\Desktop\U1Tirol64.wax

2013-12-22 19:17 - 2012-11-14 12:10 - 00000000 ____D C:\a

2013-12-22 19:13 - 2013-03-27 20:02 - 00001053 _____ C:\Users\vimotrade\Desktop\Rapid SEO Tool.lnk

2013-12-22 19:13 - 2013-03-27 20:02 - 00000000 ____D C:\Program Files (x86)\Rapid SEO Tool

2013-12-20 19:35 - 2013-12-20 17:55 - 308249868 _____ C:\Users\vimotrade\Downloads\GS146.Minus.40C.GFXTRA.COM.rar

2013-12-19 09:42 - 2013-12-19 09:42 - 00000000 ____D C:\Projekt SParpreis Verkauf

2013-12-18 21:33 - 2013-12-18 21:33 - 00000000 ____D C:\Künstler

2013-12-18 20:13 - 2013-12-18 20:13 - 00015237 _____ C:\Users\vimotrade\Downloads\bring_tha_noize.zip

2013-12-18 09:41 - 2013-08-02 08:54 - 00000000 ____D C:\HP Egger Tux

2013-12-17 19:37 - 2013-12-17 19:37 - 00000508 _____ C:\Users\vimotrade\Downloads\schnellanfrage-2013-12-17.csv

2013-12-17 14:15 - 2013-12-17 14:15 - 00191872 _____ C:\Users\vimotrade\Downloads\usr_web38_22.sql.gz

2013-12-17 12:05 - 2013-12-17 11:51 - 00000000 ____D C:\Krausse Artikel Export

2013-12-17 11:35 - 2013-12-17 11:35 - 00194510 _____ C:\Users\vimotrade\Downloads\Professional.Server.Status.Script.rar

2013-12-17 11:29 - 2013-12-17 11:18 - 00000000 ____D C:\Data

2013-12-17 11:13 - 2013-12-17 11:13 - 00001059 _____ C:\Users\vimotrade\Desktop\Web Data Extractor.lnk

2013-12-17 11:13 - 2013-12-17 11:13 - 00000000 ____D C:\Program Files (x86)\WebExtractor

2013-12-17 10:59 - 2013-03-15 01:24 - 00000268 _____ C:\Users\vimotrade\AppData\Roaming\ltpReg.txt

2013-12-17 10:55 - 2013-12-17 10:55 - 00225908 ____H C:\Windows\SysWOW64\mlfcache.dat

2013-12-17 10:54 - 2013-03-15 10:00 - 00000828 _____ C:\Users\vimotrade\Desktop\LongTailPro.lnk

2013-12-17 10:54 - 2013-03-15 01:24 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\com.longtailpro.LongTailPro

2013-12-17 10:53 - 2013-03-15 01:24 - 00000000 ____D C:\Program Files (x86)\LongTailPro

2013-12-17 10:17 - 2013-12-17 10:16 - 04078367 _____ C:\Users\vimotrade\Downloads\Templatic.GeoPlaces.v4.6.11.rar

2013-12-17 03:07 - 2013-10-31 05:31 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk

2013-12-17 03:07 - 2013-10-31 05:31 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2013-12-17 03:07 - 2013-10-31 05:31 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-12-17 03:06 - 2013-12-17 03:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-12-16 19:00 - 2013-01-16 08:02 - 00000600 _____ C:\Users\vimotrade\AppData\Local\PUTTY.RND

2013-12-16 08:56 - 2013-12-16 08:51 - 14715250 _____ C:\Users\vimotrade\Downloads\Sleek-Web-Banners.rar

2013-12-14 21:01 - 2013-12-14 20:50 - 65383484 _____ C:\Users\vimotrade\Downloads\Christmas_wooden_sign.rar

2013-12-14 14:26 - 2013-12-14 13:21 - 197592513 _____ C:\Users\vimotrade\Downloads\Water_splashes.rar

2013-12-14 13:05 - 2013-12-14 13:05 - 00002659 _____ C:\Users\Public\Desktop\Seolize.lnk

2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\Users\vimotrade\AppData\Roaming\seolize

2013-12-14 13:05 - 2013-08-23 09:07 - 00000000 ____D C:\Program Files (x86)\iannet

2013-12-14 13:04 - 2012-11-15 20:54 - 00000000 ____D C:\Users\vimotrade\AppData\Local\Downloaded Installations

2013-12-14 12:49 - 2013-12-14 12:36 - 38227985 _____ C:\Users\vimotrade\Downloads\gwqdn.ArcSoft.Portrait.Plus.3.0.0.400.rar

2013-12-13 18:08 - 2012-11-06 17:23 - 00000000 ____D C:\Gambio GX November 2012

2013-12-13 14:30 - 2013-06-19 08:52 - 00000000 ____D C:\HP Linsenpalast Volker Müller

2013-12-13 13:36 - 2013-12-13 13:36 - 00000000 ____D C:\MediaWebline

2013-12-13 12:22 - 2013-12-13 12:22 - 00059843 _____ C:\Users\vimotrade\Downloads\Paulina_Rubio-Pau_Factor-ES-CD-FLAC-2013-PERFECT.nzb

2013-12-13 12:04 - 2013-12-13 12:04 - 00063250 _____ C:\Users\vimotrade\Downloads\TechSmith.Camtasia.Studio.v8.0.2.964.GERMAN.par2.nzb

2013-12-12 10:22 - 2013-12-12 10:22 - 00708832 _____ C:\Users\vimotrade\Downloads\Studio A.nzb

2013-12-11 12:39 - 2013-12-11 12:39 - 00038805 _____ C:\Users\vimotrade\Downloads\Template-Update-2.0.12.2-auf-2.0.13.0.zip

2013-12-11 11:13 - 2013-12-11 11:13 - 00187576 _____ C:\Users\vimotrade\Downloads\Illegal Scheissegal Wir ficken überall 1.nzb

2013-12-11 11:12 - 2013-12-11 11:12 - 00369472 _____ C:\Users\vimotrade\Downloads\Perverse Bullen.nzb

2013-12-11 11:11 - 2013-12-11 11:11 - 00166772 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 1.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00195545 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 3.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187490 _____ C:\Users\vimotrade\Downloads\Pleasure - Kamasutra.nzb

2013-12-11 11:10 - 2013-12-11 11:10 - 00187028 _____ C:\Users\vimotrade\Downloads\Pimmel Bingo 2.nzb

2013-12-11 11:09 - 2013-12-11 11:08 - 00465844 _____ C:\Users\vimotrade\Downloads\SM-Stories und was ist dein Fetish.nzb

2013-12-11 11:07 - 2013-12-11 11:07 - 00157396 _____ C:\Users\vimotrade\Downloads\Vollgewichste Gang Bang Schlampen 16.nzb
 

Files to move or delete:

====================

C:\ProgramData\hpe37E3.dll

C:\ProgramData\MSRecovery.exe
 
 

Some content of TEMP:

====================

C:\Users\vimotrade\AppData\Local\Temp\AskSLib.dll

C:\Users\vimotrade\AppData\Local\Temp\bassmod.dll

C:\Users\vimotrade\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\vimotrade\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\vimotrade\AppData\Local\Temp\gert0.exe

C:\Users\vimotrade\AppData\Local\Temp\htmlayout.dll

C:\Users\vimotrade\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.2.2.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.4.5.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\npp.6.5.1.Installer.exe

C:\Users\vimotrade\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\vimotrade\AppData\Local\Temp\nvStInst.exe

C:\Users\vimotrade\AppData\Local\Temp\ose00000.exe

C:\Users\vimotrade\AppData\Local\Temp\RegSvcs.exe

C:\Users\vimotrade\AppData\Local\Temp\Setup.exe

C:\Users\vimotrade\AppData\Local\Temp\SkypeSetup.exe

C:\Users\vimotrade\AppData\Local\Temp\tbVuze.dll

C:\Users\vimotrade\AppData\Local\Temp\vlc-2.0.4-win32.exe

C:\Users\vimotrade\AppData\Local\Temp\vlc-2.1.2-win32.exe

C:\Users\vimotrade\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-09 00:25
 

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014

Ran by vimotrade at 2014-01-10 16:16:19

Running from N:\

Boot Mode: Safe Mode (with Networking)

==========================================================
 
 

==================== Security Center ========================
 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

A1 Dashboard (x32 Version: 1.17.0.0 - A1 Telekom Austria AG)

A1 Dashboard (x32 Version: 1.17.0.0 - A1 Telekom Austria AG) Hidden

A1 Servicecenter (x32 Version: 1.2.0.30 - A1 Telekom Austria AG)

A1 Servicecenter (x32 Version: 1.2.0.30 - A1 Telekom Austria AG) Hidden

aborange Searcher - Deinstallation (x32 Version: 2.50 - Mathias Gerlach [aborange.de])

Acronis*True*Image*Home 2011 (x32 Version: 14.0.6942 - Acronis)

Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.268 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168 - Adobe Systems Incorporated)

Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden

All-in-One Submission 9.58 (x32 Version:  - )

Apple Application Support (x32 Version: 2.3 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

ArticleSpinningWizard2 (x32 Version: 2.0.8 - komBAS)

Artisteer 3 (x32 Version: 3.0 - Extensoft)

Artisteer 4 (x32 Version: 4.0 - Extensoft)

ASEOPS 7 (x32 Version: 7.1.1 - AceBIT)

AthTek NetWalk 2.2 (x32 Version:  - AthTek.com)

Auto Blog Samurai (x32 Version: 2.0 - ABS)

AVM FRITZ!fax für FRITZ!Box (x32 Version:  - AVM Berlin)

AVM FRITZ!WLAN (x32 Version:  - AVM Berlin)

AVS Audio Converter 7 (x32 Version: 7.0.5.510 - Online Media Technologies Ltd.)

Azureus (x32 Version: 2.5.0.4 - )

Backlink SkyRocket (x32 Version: 1.5.3 - Backlink SkyRocket Co Inc.)

Backlink Snatcher 2.0 version 2.0 (x32 Version: 2.0 - WarriorToolbox, Inc.)

BacklinkBeast (x32 Version: 1.0.39.0 - )

BEWERBUNGSMASTER (x32 Version:  - )

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Bonjour (Version: 1.0.106 - Apple Inc.)

BrowseToSave 1.74 (x32 Version:  - ) <==== ATTENTION

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)

CD-LabelPrint (x32 Version:  - )

Cheat Engine 6.3 (x32 Version:  - Cheat Engine)

CoffeeCup RSS News Flash (x32 Version: 2 - )

concept/design Video Jukebox (x32 Version: Video Jukebox - concept/design GmbH)

Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden

Corel Painter 13 - IPM Content (Version: 13.1 - Corel Corporation) Hidden

Corel Painter X3 (Version: 13.0.1.920 - Corel Corporation)

Creative Pack Volume 1 (x32 Version: 3.0.0 - Avid Technology, Inc.)

DAEMON Tools Lite (x32 Version: 4.45.4.0315 - DT Soft Ltd)

Dfx (Version: 3.0 - Tiffen)

DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)

eCover Engineer 5.5 (x32 Version:  - Adolix)

Edirol HQ Orchestral VSTi v1.03 (x32 Version:  - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

EZdrummer (x32 Version: 1.0 - Toontrack)

EZXCocktail (x32 Version: 1.0 - Toontrack)

FileMaker ODBC-Treiber (x32 Version: 11.0.61 - FileMaker, Inc.)

FileMaker Pro 11 Advanced (x32 Version: 11.0.1.0 - FileMaker, Inc.) Hidden

FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)

Flip PDF Professional (x32 Version:  - FlipBuilder Solution)

Free Video Call Recorder for Skype version 1.2.5.1022 (x32 Version: 1.2.5.1022 - DVDVideoSoft Ltd.)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Chrome (HKCU Version: 32.0.1700.72 - Google Inc.)

Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

GSA Captcha Breaker v2.15 (x32 Version: 2.15 - GSA Software)

HDR Express 2 (x32 Version: 2.1.0.10028 - UCT)

Hollywood FX Volumes 1-3 (x32 Version: 2.0.0 - Avid Technology, Inc.)

IBP 12.0.1 (x32 Version: 12.0.1 - Axandra GmbH)

IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden

ImageMagick 6.7.0-0 Q16 (2011-06-01) (x32 Version: 6.7.0 - ImageMagick Studio LLC)

IMSlave LInk Blaster 1.1.0.0 (Version: 1.1.0.0 - IMSlave.com)

Incomedia WebSite X5 v10 - Evolution (x32 Version: 10.0.0.20 - Incomedia s.r.l.)

Incomedia WebSite X5 v10 - Professional (x32 Version: 10.1.0.39 - Incomedia s.r.l.)

Incomedia WebSite X5 v9 - Evolution (x32 Version: 9.0.0.1654 - Incomedia s.r.l.)

InstantArticleWizard (x32 Version:  - )

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 33 (x32 Version: 6.0.330 - Oracle)

LiveZilla (x32 Version: 4.2.0.5 - LiveZilla GmbH)

LiveZilla (x32 Version: 4.2.0.5 - LiveZilla GmbH) Hidden

LMSOFT Web Creator Pro 6 (x32 Version:  - )

Logitech Webcam-Software (x32 Version: 2.51 - Logitech Inc.)

LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden

LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden

LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden

LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden

LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden

Magic Submitter version 3.07 (x32 Version: 3.07 - Alexandr Krulik)

MailList Controller 9.1 (x32 Version:  - Arclab Software GbR)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

M-Audio ProFire Driver 6.0.9 (x64) (Version: 6.0.9 - M-Audio)

Media Go (x32 Version: 1.4.269 - Sony)

Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation)

Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (JTLWAWI) (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

MobiOne Studio 2.3.2 (hot-fix 1) (HKCU Version: 2.3.2 (hot-fix 1) - Genuitec, LLC)

Monster MIDI Package (x32 Version: 1.0.0 - Toontrack)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

MusicLab RealGuitar (Version: 3.0 - MusicLab, Inc.)

MusicLab RealLPC (Version: 3.0 - MusicLab, Inc.)

MusicLab RealStrat (Version: 3.0 - MusicLab, Inc.)

MusicLab Virtual MIDI Driver (Version: 2.0.1.0 - MusicLab, Inc.)

MySQL Connector/ODBC 5.2(w) (x32 Version: 5.2.4 - Oracle Corporation)

Native Instruments Kontakt 5 (Version: 5.0.3.5812 - Native Instruments) Hidden

Native Instruments Kontakt 5 (x32 Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden

Native Instruments Service Center (x32 Version:  - Native Instruments)

NAVIGON Fresh 3.5.1 (x32 Version: 3.5.1 - NAVIGON)

News File Grabber 4.6.0.4 (x32 Version:  - RSBR-Software)

Nitro Pro 7 (Version: 7.5.0.22 - Nitro PDF Software)

No Hands SEO (x32 Version:  - )

Notepad++ (x32 Version: 6.5.1 - Notepad++ Team)

NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 327.23 (Version: 327.23 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 327.23 (Version: 327.23 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)

Odd Monster MIDI Fills Pack (x32 Version: 1.0.0 - Toontrack)

OpenOffice.org 3.4 (x32 Version: 3.4.9590 - OpenOffice.org)

OptimizerPro (Version: 1.0 - BetterSoft) <==== ATTENTION

orgaMAX Business Software (x32 Version: 12.0 - deltra Business Software)

Paint.NET 3.8 (x32 Version: 3.8 Build 2708.22782 - Arco Vink ©)

Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden

Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden

Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden

Painter 13 - DE (Version: 13.1 - Corel Corporation) Hidden

Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden

Painter 13 - FR (Version: 13.1 - Corel Corporation) Hidden

Painter 13 - Setup Files (Version: 13.1 - Corel Corporation) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Perfect Photo Suite 6.1 (x32 Version: 6.1 - onOne Software)

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PHPRunner 6.0 (x32 Version:  - Xlinesoft.com)

Pinnacle Studio 16 - Install Manager (x32 Version: 16.0.75 - Avid Technology, Inc.)

Pinnacle Studio 16 (x32 Version: 16.0.1.98 - Corel Corporation)

Pinnacle Video Treiber (Version: 12.1.0.030 - Pinnacle Systems)

PlagiarismFinder 2.0 (x32 Version: 2.0.16 - Mediaphor AG)

PlayStation(R)Network Downloader (x32 Version: 2.02.00076 - Sony Computer Entertainment Inc.)

PlayStation(R)Store (x32 Version: 3.1.8.07881 - Sony Computer Entertainment Inc.)

Power Indexer Pro 3.0.0.0 (Version: 3.0.0.0 - Power Indexer Pro)

Power SEO Ranker v1.0 (x32 Version:  - Evergreen Internet Marketers)

Premium Pack Volumes 1-2 (x32 Version: 2.0.0 - Avid Technology, Inc.)

Proxy Goblin (x32 Version: 2.5.9 - Molura)

QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)

RankEnhancer (x32 Version: 3.0 - Visual Inspirations Inc.)

Rapid SEO Tool 1.5 (x32 Version: 1.5 - Karlis Blumentals)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704 - Realtek Semiconductor Corp.)

reFX Nexus VSTi RTAS v2.2.0 (x32 Version:  - )

Samsung SCX-4x21 Series (x32 Version:  - Samsung Electronics CO.,LTD)

Sandboxie 4.06 (64-bit) (Version: 4.06 - Sandboxie Holdings, LLC)

ScoreFitter Volumes 1-2 (x32 Version: 2.0.0 - Avid Technology, Inc.)

SendBlaster 3 (x32 Version: 003.001.00000 - eDisplay srl)

SEO PowerSuite (x32 Version:  - )

Seolize (x32 Version: 1.00.0013 - iannet)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden

SiteMonitorEnterprise (x32 Version: 1.00.0059 - iannet)

Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)

SmarThru 4 (x32 Version:  - )

SmarThru PC Fax (x32 Version:  - )

SocialBacklinkEmpireSuite (x32 Version: 1.0.0 -  IM Powerhouse)

Sony Ericsson PC Companion 1.50.52 (x32 Version: 1.50.52 - Sony Ericsson)

Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00 - Sony Ericsson)

SourceGear DiffMerge 4.1.0.534.stable (x64) (Version: 4.1.0.534 - SourceGear, LLC)

Steinberg Cubase 5 (x32 Version: 5.1.0 - Steinberg Media Technologies GmbH)

Steinberg Drum Loop Expansion 01 (x32 Version: 1.0.0.1 - Steinberg Media Technologies GmbH)

Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003 - Steinberg Media Technologies GmbH)

Steinberg HALionOne (x32 Version: 1.1.0.457 - Steinberg Media Technologies GmbH)

Steinberg HALionOne Additional Content Set 01 (x32 Version: 1.0.0.001 - Steinberg Media Technologies GmbH)

Steinberg HALionOne Expression Set (x32 Version: 1.0.1.0 - Steinberg Media Technologies GmbH)

Steinberg HALionOne GM Drum Set (x32 Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

Steinberg HALionOne GM Set (x32 Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

Steinberg HALionOne Pro Set (x32 Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

Steinberg HALionOne Studio Drum Set (x32 Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

Steinberg HALionOne Studio Set (x32 Version: 1.0.1.457 - Steinberg Media Technologies GmbH)

Steinberg Hypersonic VSTi DXi v2.0 (x32 Version:  - )

Steinberg LoopMash Content (x32 Version: 1.0.0.005 - Steinberg Media Technologies GmbH)

Steinberg REVerence Content 01 (x32 Version: 1.0.0.006 - Steinberg Media Technologies GmbH)

Streamripper (Remove only) (x32 Version:  - )

Stylizer (x32 Version: 5 - )

Submitter (x32 Version: 4.00.08 - Sick Marketing)

Super-AlexaBooster v1.10 (x32 Version:  - )

Superior Drummer 64 bit (Version: 2.2.3 - Toontrack)

Superior Drummer Installer (x32 Version: 2.0.0 - Toontrack)

TeamViewer 8 (x32 Version: 8.0.20768 - TeamViewer)

Tinypic 3.18 (x32 Version: Tinypic 3.18 - E. Fiedler)

Title Extreme (x32 Version: 2.0.0 - Avid Technology, Inc.)

Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden

tools-freebsd (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

tools-linux (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

tools-netware (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

tools-solaris (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

tools-windows (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

tools-winPre2k (x32 Version: 8.8.2.591240 - VMware, Inc.) Hidden

TortoiseSVN 1.7.10.23359 (64 bit) (Version: 1.7.23359 - TortoiseSVN)

Traffic Accumulator version 1.0.0 (x32 Version: 1.0.0 - Traffic Accumulator Team)

Traffic Travis 4.0.0 (x32 Version:  - Affilorama Ltd.)

Tweet Adder 3 (x32 Version: 3.0.51 - TweetAdder.com)

TweetSpice 1.1.36 (x32 Version: 1.1.36 - Visionmedia)

Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel)

Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden

UltraISO Premium V9.53 (x32 Version:  - )

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.3042.00 - Microsoft Corporation)

Update or Uninstall SENukeX (HKCU Version: 3.0.0.13 - SENukeX)

Vertus Fluid Mask 3 3.0.10 (x32 Version: 3.0.10 - )

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200 - Nuance Communications Inc.)

VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Workstation (x32 Version: 8.0.2.28060 - VMware, Inc)

VMware Workstation (x32 Version: 8.0.2.28060 - VMware, Inc.) Hidden

Vuze (x32 Version: 5.0.0.0 - Azureus Software, Inc.)

WampServer 2.4 (x32 Version:  - Hervé Leclerc (HeL))

Waves Complete V9r1 (x32 Version: 9.0.1 - Waves)

Web Data Extractor 8.3 (x32 Version:  - )

Web Photo Search 2013 (x32 Version:  - )

Wicked Article Creator 2.8.3.0 (x32 Version: 2.8.3.0 - WAC Systems)

Winamp (x32 Version: 5.623  - Nullsoft, Inc)

Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)

WinHTTrack Website Copier 3.46-1 (x32 Version: 3.46.1 - HTTrack)

WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

WOW Slider (x32 Version:  - )

xGen SEO (x32 Version: 1.0.65 - Apex Pacific)

XGen SEO v1.0 (x32 Version:  - Apex Pacific Pty Ltd)

Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden

Yamaha USB-MIDI Driver (x32 Version: 3.1.3.1 - Yamaha Corporation)

Yellow Pages Spider Version 3.04 (x32 Version: 3.04 - )

YouTube Video Grabber version 1.9.9 (x32 Version: 1.9.9 - LitexMedia, Inc.)
 

==================== Restore Points  =========================
 

21-12-2013 12:40:36 Geplanter Prüfpunkt

26-12-2013 09:30:32 Installed Java 7 Update 45

07-01-2014 07:12:13 Geplanter Prüfpunkt

08-01-2014 16:58:26 DirectX wurde installiert
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2014-01-10 19:32 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {157250C7-C7A3-4CD8-89E5-1BFBD5DC463B} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Skybound Stylizer 5\Stylizer.exe [2013-07-04] ()

Task: {1BEA49C9-8676-454E-862F-E4A50A252FB3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)

Task: {3DA6FC6C-A09F-4FC8-87E3-59DAAB6F9B9F} - System32\Tasks\{86719C4F-83D3-497E-858F-1A5F134A3B95} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/go/help.faq.installer?LastError=1618

Task: {5A5AB794-4425-4EDD-9A83-A62CCC052654} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA => C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)

Task: {654D6B9A-AED7-4BD0-BE0C-5503DA79FF13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29] (Google Inc.)

Task: {658473A9-0789-4800-A072-0B78B1812FBF} - System32\Tasks\AdobeAAMUpdater-1.0-vimotrade-pc-vimotrade => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {85AD1166-C1E0-4F92-91AF-B181A61E872E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29] (Google Inc.)

Task: {C47906BD-E13B-4A9F-AC8A-A27F672F6F2A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core => C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core.job => C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA.job => C:\Users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-10-08 21:10 - 2012-10-08 21:10 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

AlternateDataStreams: C:\ProgramData\TEMP:9FA5EC55

AlternateDataStreams: C:\Users\vimotrade\AppData\Local\Temporary Internet Files:PwypGSW6vq2nnitVDgzqs9N8
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 

==================== Faulty Device Manager Devices =============
 

Name: VMware VMCI Host Device

Description: VMware VMCI Host Device

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: vmci

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Standardtastatur (PS/2)

Description: Standardtastatur (PS/2)

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standardtastaturen)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Microsoft PS/2-Maus

Description: Microsoft PS/2-Maus

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/10/2014 04:12:55 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 04:11:34 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" in Zeile  Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".

Definition: Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (01/10/2014 03:52:19 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" in Zeile  Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".

Definition: Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (01/10/2014 02:54:26 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 02:53:19 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" in Zeile  Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".

Definition: Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (01/10/2014 02:49:50 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 02:46:05 PM) (Source: orgamaxmobil_service.exe) (User: )

Description: Stack-Überlauf
 

Error: (01/10/2014 01:16:21 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 01:08:56 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" in Zeile  Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".

Definition: Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (01/10/2014 01:08:41 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (01/10/2014 04:16:22 PM) (Source: Ntfs) (User: )

Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.

Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.
 

Error: (01/10/2014 04:11:31 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:29 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/10/2014 04:11:30 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 

Error: (01/10/2014 04:11:23 PM) (Source: DCOM) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 

Microsoft Office Sessions:

=========================

Error: (01/10/2014 04:12:55 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 04:11:34 PM) (Source: SideBySide)(User: )

Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 

Error: (01/10/2014 03:52:19 PM) (Source: SideBySide)(User: )

Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 

Error: (01/10/2014 02:54:26 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 02:53:19 PM) (Source: SideBySide)(User: )

Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 

Error: (01/10/2014 02:49:50 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 02:46:05 PM) (Source: orgamaxmobil_service.exe)(User: )

Description: Stack-Überlauf
 

Error: (01/10/2014 01:16:21 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/10/2014 01:08:56 PM) (Source: SideBySide)(User: )

Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3
 

Error: (01/10/2014 01:08:41 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 8%

Total physical RAM: 12279.17 MB

Available physical RAM: 11200.68 MB

Total Pagefile: 24556.54 MB

Available Pagefile: 23529.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:458.46 GB) (Free:177.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (WINXP) (Fixed) (Total:229.14 GB) (Free:216.76 GB) NTFS

Drive e: (DATA) (Fixed) (Total:229.27 GB) (Free:48.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive g: (TREKSTOR) (Fixed) (Total:931.28 GB) (Free:774.3 GB) FAT32

Drive l: (Volume) (Fixed) (Total:931.51 GB) (Free:260.16 GB) NTFS

Drive n: (Memory) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7D680BDE)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=229 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=229 GB) - (Type=05)

Partition 4: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 1514B520)

Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
 

========================================================

Disk: 6 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7AA2B13E)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 

========================================================

Disk: 7 (Size: 2 GB) (Disk ID: 008B78B6)

Partition 1: (Active) - (Size=2 GB) - (Type=0B)
 

==================== End Of Log ============================

LG Nadine

ok.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Leo,

hier nun das Ergebiss der Combofix.txt

Was muss ich nun tun ?

Code:

ComboFix 14-01-08.03 - vimotrade 10.01.2014  16:37:49.1.8 - x64 NETWORK

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.12279.11055 [GMT 1:00]

ausgeführt von:: N:\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.
  ADS - Windows: deleted 320 bytes in 1 streams. 

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\programdata\hpe37E3.dll

c:\users\vimotrade\AppData\Roaming\WinMedia\FuseNeXT.exe

c:\users\vimotrade\AppData\Roaming\WinMedia\Stealer kppd.exe

c:\windows\IsUn0407.exe

c:\windows\ST6UNST.000

c:\windows\SysWow64\hookdll.dll

c:\windows\SysWow64\MailBee.dll

c:\windows\SysWow64\prsgrc.dll

G:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-12-10 bis 2014-01-10  ))))))))))))))))))))))))))))))

.

.

2014-01-10 18:02 . 2014-01-10 18:02        --------        d-----w-        C:\_OTL

2014-01-10 15:47 . 2014-01-10 15:47        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-01-10 12:58 . 2014-01-10 12:58        --------        d-----w-        C:\FRST

2014-01-09 18:28 . 2014-01-09 18:28        --------        d-----w-        C:\HP MyLensi ++++++++++++++++++

2014-01-09 18:03 . 2014-01-09 18:05        --------        d-----w-        C:\HP linsen4you.eu - Gaschler +++++++++++++

2014-01-08 21:24 . 2014-01-08 21:24        --------        d-----w-        C:\HP Hüttenwoche

2014-01-08 16:59 . 2014-01-08 16:59        --------        d-----w-        c:\users\vimotrade\AppData\Local\NVIDIA Corporation

2014-01-08 16:58 . 2013-12-10 02:13        982232        ----a-w-        c:\windows\SysWow64\nvspcap.dll

2014-01-08 16:58 . 2013-12-10 02:13        1100248        ----a-w-        c:\windows\system32\nvspcap64.dll

2014-01-08 16:57 . 2013-12-05 08:42        39200        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys

2014-01-08 16:57 . 2013-12-05 08:42        32544        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll

2014-01-07 15:52 . 2014-01-07 16:12        --------        d-----w-        C:\PSS Schorr

2014-01-07 11:41 . 2014-01-07 11:41        --------        d-----w-        C:\Starlight

2014-01-02 08:30 . 2014-01-02 08:30        --------        d-----w-        C:\Liefer

2013-12-31 13:09 . 2014-01-01 16:51        --------        d-----w-        C:\Guten Rutsch

2013-12-31 12:25 . 2013-12-31 12:25        --------        d-----w-        c:\users\vimotrade\AppData\Local\JTL-Software-GmbH

2013-12-31 12:20 . 2013-12-31 12:21        --------        d-----w-        c:\program files\Microsoft SQL Server

2013-12-31 12:20 . 2013-12-31 12:22        --------        d-----w-        c:\program files (x86)\Microsoft SQL Server

2013-12-31 11:17 . 2013-12-31 13:24        --------        d-----w-        c:\users\vimotrade\AppData\Roaming\jtl-software

2013-12-31 11:17 . 2013-12-31 11:17        --------        d-----w-        c:\programdata\JTL-Software

2013-12-30 14:38 . 2013-12-30 14:38        --------        d-----w-        C:\HP Kontaktlinsenhit WAWI Connector

2013-12-30 08:30 . 2013-12-30 08:30        --------        d-----w-        c:\users\vimotrade\AppData\Roaming\Light Developer

2013-12-30 08:30 . 2013-12-30 08:30        --------        d-----w-        c:\users\vimotrade\AppData\Roaming\Stepok Softwares

2013-12-30 08:29 . 2013-12-30 08:37        --------        d-----w-        c:\program files\Recomposit pro

2013-12-26 09:31 . 2013-12-26 09:31        --------        d-----w-        c:\programdata\Oracle

2013-12-26 09:31 . 2013-12-26 09:31        --------        d-----w-        c:\program files (x86)\Common Files\Java

2013-12-26 09:31 . 2013-12-26 09:31        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-20 15:10 . 2014-01-09 13:16        --------        d-----w-        C:\HP MyLensi

2013-12-19 08:42 . 2013-12-19 08:42        --------        d-----w-        C:\Projekt SParpreis Verkauf

2013-12-18 20:33 . 2013-12-18 20:33        --------        d-----w-        C:\Künstler

2013-12-17 10:51 . 2013-12-17 11:05        --------        d-----w-        C:\Krausse Artikel Export

2013-12-17 10:18 . 2013-12-17 10:29        --------        d-----w-        C:\Data

2013-12-17 10:13 . 2013-12-17 10:13        --------        d-----w-        c:\program files (x86)\WebExtractor

2013-12-17 02:06 . 2013-12-17 02:06        --------        d-----w-        c:\users\Default\AppData\Local\Google

2013-12-14 12:05 . 2013-12-14 12:05        --------        d-----w-        c:\users\vimotrade\AppData\Roaming\seolize

2013-12-13 12:36 . 2013-12-13 12:36        --------        d-----w-        C:\MediaWebline

2013-12-12 06:17 . 2014-01-09 18:03        --------        d-----w-        C:\HP Kontaktlinsen Point +++++++++++++++

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-05 08:42 . 2013-10-07 19:08        35104        ----a-w-        c:\windows\system32\nvaudcap64v.dll

2013-11-19 02:33 . 2010-11-21 03:27        267936        ------w-        c:\windows\system32\MpSigStub.exe

2013-11-18 00:28 . 2013-12-02 06:56        10285968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DFD7BCE-5035-4546-B81C-8282974E38E7}\mpengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"M-Audio Taskbar Icon"="c:\windows\system32\MAFWDITray.exe" [2010-03-01 313864]

"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"MailListController"="c:\program files (x86)\Arclab\MailList Controller\amlcSCT.exe" [2012-04-01 392944]

"A1Diagnose"="c:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe" [2012-11-21 20686472]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]

"PowerSEORanker"="c:\program files (x86)\Power SEO Ranker\PowerSEORanker.exe" [2012-08-03 1080320]

"LiveZilla"="c:\program files (x86)\LiveZilla\LiveZilla.exe" [2013-05-22 8684480]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HDRExpress2Service;HDRExpress2Service;c:\program files\UCT\HDR Express 2\HDRExpress2Service.exe;c:\program files\UCT\HDR Express 2\HDRExpress2Service.exe [x]

R2 MailList Controller;MailList Controller;c:\program files (x86)\arclab\maillist controller\amlcSVC.exe;c:\program files (x86)\arclab\maillist controller\amlcSVC.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]

R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]

R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]

R2 orgaMAXMobileService;orgaMAX Mobil Service;c:\orgamax\orgamaxmobil_service.exe s;c:\orgamax\orgamaxmobil_service.exe s [x]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]

R2 SiteMonitorEnterprise;SiteMonitor Enterprise;c:\program files (x86)\iannet\SiteMonitorEnterprise\SiteMonitorEnterprise.exe;c:\program files (x86)\iannet\SiteMonitorEnterprise\SiteMonitorEnterprise.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]

R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

R3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys;c:\windows\SYSNATIVE\drivers\gwfilt64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MAFWPROFIRE;Service for M-Audio ProFire;c:\windows\system32\DRIVERS\MAudioProFire.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioProFire.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 mlkumidi;MusicLab Virtual Miniport MIDI Driver;c:\windows\system32\drivers\mlkumidi.sys;c:\windows\SYSNATIVE\drivers\mlkumidi.sys [x]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt61.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 06:34]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 06:34]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000Core.job

- c:\users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 22:26]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3724905170-3129830433-3163351004-1000UA.job

- c:\users\vimotrade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 22:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-12-06 14:47        778704        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 14:47        778704        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-12-06 14:47        778704        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-12-06 14:47        778704        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-12-06 14:47        778704        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll

LSP: %SystemRoot%\system32\vsocklib.dll

FF - ProfilePath - c:\users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN78348609011607315&UM=2&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - RadioTotal1 Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN78348609011607315&UM=2&q=

FF - ExtSQL: 2013-11-22 10:15; {422f7661-9403-4da4-b4ef-cc3e268817b5}; c:\users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5}

FF - ExtSQL: 2013-12-10 18:05; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\vimotrade\AppData\Roaming\Mozilla\Firefox\Profiles\1r0lwu2i.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

c:\users\vimotrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk - l:\firstload\Lizenzomat\Lizenzomat.v4.0.0.0.260.German-LAXiTY\Lizenzomat.v4.0.0.0.260.German-LAXiTY.exe

HKLM-Run-Skytel - Skytel.exe

AddRemove-Free Video Call Recorder for Skype_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe

AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe

AddRemove-RankEnhancer - c:\windows\system32\GKSUI18.EXE

AddRemove-Samsung SCX-4x21 Series - c:\program files (x86)\Samsung\Samsung SCX-4x21 Series\Install\Setup.exe

AddRemove-{b523847e-3c3d-4674-8e4e-3ab0431c4c22} - c:\programdata\{C8195F4E-A54F-4A0B-8302-B5C68ABFF16F}\Cuba Setup PC.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-01-10  16:50:06

ComboFix-quarantined-files.txt  2014-01-10 15:50

.

Vor Suchlauf: 187 Verzeichnis(se), 190.163.505.152 Bytes frei

Nach Suchlauf: 193 Verzeichnis(se), 263.788.343.296 Bytes frei

.

- - End Of File - - FE821E63E1D3B4423DD54BE963D659C9

A36C5E4F47E84449FF07ED3517B43A31

Kannst du jetzt den Rechner immer noch nicht im normalen Modus starten?

Hallo Leo,

habe den PC nun gestartet. Bis jetzt läuft alles ohne Probleme. Ich hoffe nur das es so bleibt.
Ein sehr langer Weg zu diesem Ergebnis ,- Ich kann mich nur ganz recht herzlichst bei Dir für die Hilfe bedanken.

Wünsche Dir einen schönen Abend. Jetzt heisst es aufarbeiten :-(

Beste Grüße aus Tirol

Nadine