Seltsame Dateien in C:\Windows

Thomas13 · 05.07.2011, 00:19

Nabend.

Mir sind heute in C:\Windows seltsame Dateinamen aufgefallen, wo ich einfach nachfragen wollte.
Die Dateien sind xö2, Ôø¼, 4÷O und ,ôÅ

Anbei noch ein OTL Log:
OTL.txt

Code:

ATTFilter

OTL logfile created on: 7/5/2011 1:06:28 AM - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 237.53 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.62 Gb Free Space | 69.87% Space Free | Partition Type: FAT32
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/06/15 10:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/14 05:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/29 22:01:19 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/14 05:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/14 04:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/19 01:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\14507332.sys -- (14507332)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\1450733.sys -- (setup_9.0.0.722_11.06.2011_06-10drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\14507331.sys -- (14507331)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 09:31:40 | 000,982,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=158.130.6.253:3124
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..network.proxy.http: "128.119.41.211"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/28 17:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 15:45:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 00:39:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/04 01:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/03/15 19:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010/11/16 18:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/07/04 15:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions
[2011/03/25 16:38:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\SeaMonkey\Profiles\13rv2xx9.default\extensions
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/05/02 20:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/28 17:16:28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/15 10:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 10:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 10:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 10:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/06/15 10:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/03/16 21:07:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/14 19:05:56 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/05 00:36:41 | 004,488,201 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\Thomas\Desktop\SumatraPDF-1.6-install.exe
[2011/07/04 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Any Video Converter
[2011/07/04 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2011/07/04 12:40:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 01:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/07/04 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/07/04 00:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/07/04 00:07:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{16FB997E-A7D3-4E1E-95B3-B01D81A06AF5}
[2011/07/01 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Texture
[2011/07/01 23:28:50 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\InstallShield
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/01 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/07/01 14:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/01 14:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/01 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte
[2011/07/01 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/01 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/01 13:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/01 13:19:06 | 000,000,000 | ---D | C] -- C:\AMD
[2011/06/30 09:44:53 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/06/30 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/30 09:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/30 09:43:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/29 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/06/29 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\avidemux
[2011/06/29 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011/06/29 22:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2011/06/29 22:07:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Windows Live
[2011/06/29 21:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/29 18:42:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2011/06/29 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\roaming
[2011/06/29 10:29:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 10:29:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 10:29:51 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 10:29:51 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 10:29:50 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 10:29:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 10:29:50 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 10:29:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 10:29:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 10:29:49 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 10:29:49 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 10:29:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 10:29:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 10:29:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 10:29:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 10:29:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 00:07:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Biggis-Wunderwelt 747
[2011/06/28 20:17:15 | 000,982,016 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2011/06/28 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/06/28 20:06:22 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2011/06/28 19:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/06/28 18:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OZx
[2011/06/28 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/28 17:16:44 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/28 17:16:43 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/06/28 17:16:41 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/06/28 17:16:40 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/06/28 17:16:39 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/06/28 17:16:39 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/06/28 17:16:24 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/06/28 17:16:24 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/27 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Unity
[2011/06/27 14:59:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Unity
[2011/06/25 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Ifly 737 AES config
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\gegl-0.1
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\.gimp-2.7
[2011/06/25 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Phantom
[2011/06/25 16:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011/06/25 16:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/25 16:06:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/25 15:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/06/25 00:20:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/25 00:20:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/25 00:20:16 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/25 00:20:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/25 00:20:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/25 00:20:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/25 00:20:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/25 00:20:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/24 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\PMDG400X_PaintKit
[2011/06/24 19:23:49 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll
[2011/06/24 19:23:49 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll
[2011/06/24 19:23:49 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll
[2011/06/24 19:23:49 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll
[2011/06/24 19:23:49 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe
[2011/06/24 19:23:49 | 000,000,000 | ---D | C] -- C:\Graphics
[2011/06/24 13:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/24 12:12:20 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 18:33:09 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\1450733.sys
[2011/06/11 18:33:09 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507331.sys
[2011/06/11 18:33:09 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507332.sys
[2011/06/11 17:16:24 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/06/11 16:55:17 | 000,000,000 | ---D | C] -- C:\Windows\{58DD9328-F612-41B7-8353-D3B190E70C7C}
[2011/06/07 16:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/05 00:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 00:36:49 | 004,488,201 | ---- | M] (Krzysztof Kowalczyk) -- C:\Users\Thomas\Desktop\SumatraPDF-1.6-install.exe
[2011/07/05 00:25:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005UA.job
[2011/07/04 20:42:05 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 20:42:05 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 20:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/04 20:34:35 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 15:25:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005Core.job
[2011/07/04 14:33:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/04 14:33:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/07/04 14:33:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/04 14:33:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/07/04 14:33:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/04 01:10:17 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/07/04 00:10:58 | 000,001,242 | ---- | M] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/03 13:22:16 | 000,002,516 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/02 21:23:07 | 000,025,109 | ---- | M] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/06/30 09:52:38 | 000,001,307 | ---- | M] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:44:22 | 000,000,020 | ---- | M] () -- C:\Windows\xö2
[2011/06/30 09:36:30 | 000,000,020 | ---- | M] () -- C:\Windows\Ôø¼
[2011/06/30 09:26:08 | 000,002,410 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/29 21:58:11 | 000,000,020 | ---- | M] () -- C:\Windows\,ôÅ
[2011/06/29 10:38:59 | 002,863,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 17:16:46 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/28 17:16:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/25 16:40:39 | 000,034,930 | ---- | M] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/25 15:45:22 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/25 15:32:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/24 19:23:49 | 000,001,688 | ---- | M] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
[2011/06/07 16:41:18 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/06 21:33:08 | 000,001,245 | ---- | M] () -- C:\Users\Thomas\Desktop\Free Studio.lnk
[2011/06/05 18:28:16 | 000,002,532 | ---- | M] () -- C:\Users\Public\Desktop\UT2 Power Pack.lnk
[2011/06/05 12:01:54 | 000,002,582 | ---- | M] () -- C:\Users\Public\Desktop\Ultimate Traffic 2.lnk
 
========== Files Created - No Company Name ==========
 
[2011/07/04 14:31:03 | 000,032,876 | ---- | C] () -- C:\Users\Thomas\Documents\Gottfried Keller - Biografie.odt
[2011/07/04 00:10:58 | 000,001,242 | ---- | C] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/02 21:23:07 | 000,025,109 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/30 18:05:06 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 09:52:38 | 000,001,307 | ---- | C] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:44:42 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/30 09:44:31 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/30 09:44:22 | 000,000,020 | ---- | C] () -- C:\Windows\xö2
[2011/06/30 09:36:30 | 000,000,020 | ---- | C] () -- C:\Windows\Ôø¼
[2011/06/29 22:59:07 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | C] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/29 21:58:10 | 000,000,020 | ---- | C] () -- C:\Windows\,ôÅ
[2011/06/28 17:16:46 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/25 16:40:39 | 000,034,930 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/24 19:23:49 | 000,001,688 | ---- | C] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
[2011/06/11 17:16:24 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/06/07 16:41:18 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/06 21:33:08 | 000,001,245 | ---- | C] () -- C:\Users\Thomas\Desktop\Free Studio.lnk
[2011/06/05 18:28:16 | 000,002,532 | ---- | C] () -- C:\Users\Public\Desktop\UT2 Power Pack.lnk
[2011/04/22 10:07:08 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2011/03/25 23:54:13 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/16 18:33:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/16 18:33:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/16 18:33:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/16 18:33:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/16 18:33:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/06 14:19:13 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\A8247170B7.sys
[2011/02/06 14:13:39 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/02/06 11:37:12 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/09 11:42:56 | 000,001,614 | ---- | C] () -- C:\Windows\convert-settings.ini
[2010/11/16 22:47:08 | 000,010,240 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 15:34:02 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/07 04:46:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/16 22:02:50 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/10/26 21:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/16 02:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 7/5/2011 1:06:29 AM - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 237.53 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.62 Gb Free Space | 69.87% Space Free | Partition Type: FAT32
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{320C16AB-135A-9E61-AB5E-D63E42B98881}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74AB84F4-B88B-99A5-CC5F-BF61B61E4CDE}" = ccc-utility64
"{801A9B09-B378-D466-2AD6-F1C5C6B0E95D}" = ATI Problem Report Wizard
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{8DB42533-B801-53EE-A166-E13DBD7B0178}" = ATI AVIVO64 Codecs
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.0-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{056A95C1-6E95-0CFA-5AEE-2CF2FBC9C00A}" = CCC Help French
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCEC882-3113-7B2E-62E1-96890AB0FBD6}" = Catalyst Control Center Graphics Light
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH
"{21616BFC-B067-ACFD-4589-9D54D1B7A15F}" = Catalyst Control Center Localization All
"{22DA31EE-2DEA-4DB7-9301-3222F91826F7}" = PMDGMD11XF_PW_FXF
"{24896CE5-C99B-8FF1-FF40-ABC409397FA3}" = HydraVision
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26B7F336-1369-49D6-8E4C-DC2C7BD65647}" = aerosoft's - German Airports 2-Leipzig X
"{26C215D3-D5B9-486C-8E61-A2E5B0B8D3F4}" = PMDGMD11X_PW_QF
"{2982FC17-1189-6FC9-DB39-857A3E5FD771}" = CCC Help Italian
"{2C55D2F6-E698-227A-82CD-D3F31C4643CE}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X
"{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}" = Aerosoft's - VFR Germany 2
"{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X
"{403DDDA0-57D1-AAC6-5C54-88E33B9DE7E0}" = Catalyst Control Center HydraVision Full
"{415826DA-CC9C-4836-AFDB-E67104272C52}" = PMDGMD11X_PW_DL2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{433974CD-9707-489F-8C06-DFFC23C65C68}" = PMDGMD11X_GE_KL
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD88F13-61B9-386A-B007-2872F0C146C8}" = CCC Help Korean
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D89CDD6-80E8-C8A9-89A0-9384C866C30C}" = CCC Help Russian
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{4F2F0EC1-6F33-3627-E1C4-87EF876F84A6}" = CCC Help Czech
"{5112E5EF-17A7-FD83-927C-E44137661C6A}" = CCC Help Thai
"{5B862783-8949-B423-7786-8C2DDADF409A}" = CCC Help Swedish
"{5C8EF467-5933-BCCC-A219-59CF7612327A}" = Catalyst Control Center Graphics Previews Vista
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65E5B64C-A556-2C9E-CA7A-C402B3DCAC25}" = Catalyst Control Center Graphics Full New
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6758B364-96C0-4143-ABDF-8160F8A2AA0D}" = PMDG744X_PW_SQ
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E4C2590-DF8C-C855-5FE9-CCF1A5F444A6}" = CCC Help English
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF
"{710473D1-1838-54D2-D446-B54474967D06}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A782D80-1C63-4D19-AC7A-E39E63DFDE78}" = PMDG744X_GE_QF2
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D182F01-0465-FD8F-59F4-6DC9BD64ED79}" = CCC Help Chinese Standard
"{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}" = Aerosoft's - VFR Germany 1
"{80269974-19AA-8465-B55A-61446A075D3E}" = ccc-core-static
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{8591DD66-01FD-4E5F-AAB7-71998FEA4FF8}" = PMDG744X_GE_O82
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{91FD430B-2B60-1D6B-7E14-F83F91635378}" = Catalyst Control Center InstallProxy
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C97546-024D-40E1-A16E-255C3BAAAC16}" = PMDGMD11X_GE_CO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A34BB90E-F0AF-58B2-8884-0708E16A5E3D}" = CCC Help Greek
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC3A895F-8A4B-F340-0FE2-C0ECD7AE0E4B}" = CCC Help Hungarian
"{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest
"{ADF128B5-69E8-6F79-2643-ACF1FA8C5925}" = CCC Help Portuguese
"{AF6DFB71-D86A-9ED2-1883-45C7EEC0C6CD}" = CCC Help Spanish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6B1DA81-F781-FF6C-0E60-1248ACD29F27}" = CCC Help Japanese
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5084F12-A5E6-4C34-B66F-0401589CF19B}" = PMDGMD11X_PW_CI
"{C5869150-CAA3-B29A-76E6-74DFFC92A848}" = CCC Help Norwegian
"{C72AF0FF-C3CB-8E57-10E8-E2C09FC7775F}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}" = PMDG_MD11_FSX
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20A9F26-DB85-A6E7-D453-B13EF4090240}" = CCC Help Finnish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL
"{D8CFEC4C-1F9F-D1E8-AE0F-9819B461A45C}" = Catalyst Control Center Graphics Full Existing
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DEB42BC5-3922-4B3F-ED07-11868A89320A}" = CCC Help German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3
"{ECE3EB63-6317-7F5E-5FFB-8A3F20CBD9D8}" = Catalyst Control Center Core Implementation
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4B17F94-CF35-C084-D913-9272C7048B44}" = CCC Help Polish
"{F7016342-C196-44B1-AAC5-D7BA4708473E}" = Aerosoft's - VFR Germany 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D89717-868E-F925-33CE-207C0DBFC86D}" = CCC Help Turkish
"{FACF4134-520E-BD72-C32E-2562C91E61A3}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"F1UT2" = Ultimate Traffic 2 - Service Pack
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Phantom" = Foxit Phantom
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download version 2.10.38.602
"Grand Canyon & KGCN V2" = Grand Canyon & KGCN V2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C5E2C25-5095-4160-9CAC-DD731863EEFE}" = PMDGMD11XF_PW_5XF
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X
"{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}" = PMDGMD11X_GE_LH
"{60EC279D-3806-47FA-BE7E-C2C41D350647}" = PMDGMD11X_GE_AY1
"{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}" = PMDGMD11XF_GE_LHF
"{ABB4DB59-0284-414D-9346-4992E1856E7F}" = PMDGMD11X_GE_AA
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{C1E2F394-F52F-41E9-8D97-1F89AD04147A}" = PMDGMD11X_PW_UA3
"{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/29/2011 3:55:05 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Desktop\SoftonicDownloader_fuer_windows-live-movie-maker.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 6/29/2011 3:59:55 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Desktop\SoftonicDownloader_fuer_windows-live-movie-maker.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 6/29/2011 4:01:36 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:01:36 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:01:44 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:47 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:49 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:36:45 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:59:24 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/30/2011 3:23:08 AM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 15.4.3502.922,
 Zeitstempel: 0x4c9b0191  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7bafa  Ausnahmecode: 0xc06d007e  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cc36f68c21e4e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: ccf2c9d0-a2e9-11e0-81db-7071bc609175
 
[ Media Center Events ]
Error - 1/28/2011 9:58:58 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:58:53 - Fehler beim Herstellen der Internetverbindung.  14:58:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:23 - Fehler beim Herstellen der Internetverbindung.  14:25:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:59 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:52 - Fehler beim Herstellen der Internetverbindung.  14:25:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:24:49 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:24:48 - Fehler beim Herstellen der Internetverbindung.  14:24:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:18 - Fehler beim Herstellen der Internetverbindung.  14:25:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:13 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:13 - Fehler beim Herstellen der Internetverbindung.  14:20:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:46 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:42 - Fehler beim Herstellen der Internetverbindung.  14:20:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:48:29 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:29 - Fehler beim Herstellen der Internetverbindung.  14:48:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:49:02 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:58 - Fehler beim Herstellen der Internetverbindung.  14:48:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/15/2011 10:32:35 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 15:32:35 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 7/4/2011 5:16:59 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 5:22:09 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 5:27:19 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 5:32:29 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 5:37:39 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 5:42:49 AM | Computer Name = ThomasPC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/4/2011 8:59:38 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/4/2011 8:59:38 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/4/2011 8:59:39 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/4/2011 2:34:47 PM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
 
< End of report >

kira · 05.07.2011, 08:46

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Bevor Du Avast installiert, hast Du den Kaspersky Anti-Virus verwendet?

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Thomas13 · 05.07.2011, 13:57

1. Avast und Kaspersky
Nein. Vorher hatte ich Avira. Das einzige was ich von Kaspersky hab ist der TDSS Killer. Hab den nur noch nicht gelöscht.

2. MBAM

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6991

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

05.07.2011 14:38:55
mbam-log-2011-07-05 (14-38-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 781666
Laufzeit: 1 Stunde(n), 36 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

3. OTL Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Thomas
->Temp folder emptied: 154898 bytes
->Temporary Internet Files folder emptied: 1944849 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44718341 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 976 bytes
 
User: Thomas_2
->Temp folder emptied: 902 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42052 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 950992196 bytes
 
Total Files Cleaned = 952.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 07052011_144054

Files\Folders moved on Reboot...
C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

4. CCleaner

Code:

ATTFilter

7-Zip 4.65		04.02.2011		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	07.12.2010	6,00MB	10.1.102.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	24.06.2011	6,00MB	10.3.181.26
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	24.06.2011		11.6.0.626
aerosoft's - Approaching Innsbruck X	aerosoft	17.04.2011		1.10
Aerosoft's - F-16 Fighting Falcon	Aerosoft	27.06.2011		1.00
aerosoft's - German Airports 2-Cologne-Bonn X	aerosoft	26.05.2011		1.00
aerosoft's - German Airports 2-Hannover X	aerosoft	03.05.2011		1.00
aerosoft's - German Airports 2-Leipzig X	aerosoft	12.05.2011		1.00
aerosoft's - German Airports 3 - Berlin-Tegel X	aerosoft	29.05.2011		1.00
aerosoft's - German Airports 3 - Hamburg X	aerosoft	17.04.2011		1.00
Aerosoft's - Mega Airport Budapest	Aerosoft	17.04.2011		1.40
aerosoft's - Mega Airport Lisbon X	aerosoft	17.04.2011		1.10
aerosoft's - Mega Airport London Heathrow X	aerosoft	02.06.2011		1.10
aerosoft's - Mega Airport Madrid Barajas	aerosoft	17.04.2011		1.00
aerosoft's - Mega Airport Paris CDG X	aerosoft	02.06.2011		1.00
aerosoft's - Mega Airport Stockholm Arlanda X	aerosoft	17.04.2011		1.00
Aerosoft's - VFR Germany 1	Aerosoft	10.05.2011		1.00
Aerosoft's - VFR Germany 2	Aerosoft	17.04.2011		1.00
Aerosoft's - VFR Germany 3	Aerosoft	17.04.2011		1.00
Aerosoft's - VFR Germany 4	Aerosoft	26.05.2011		1.00
Akamai NetSession Interface		05.02.2011		
Any Video Converter 3.2.5	Any-Video-Converter.com	03.07.2011	91,1MB	
ATI Catalyst Install Manager	ATI Technologies, Inc.	01.07.2011		3.0.762.0
Audacity 1.2.6		28.06.2011		
avast! Free Antivirus	AVAST Software	27.06.2011		6.0.1125.0
Avidemux 2.5		28.06.2011		2.5.4.6714
Belkin F6D4050 Enhanced Wireless USB Adapter	Belkin	27.06.2011	7,89MB	2.0.0.08
Belkin Wireless USB Adapter Setup	Belkin	28.06.2011		2.20
Camtasia Studio 7	TechSmith Corporation	16.11.2010		7.0.1
CCleaner	Piriform	31.05.2011		3.07
Corel Graphics - Windows Shell Extension	Corel Corporation	05.02.2011	2,93MB	15.1.0.588
Corel Paint Shop Pro Photo X2	Corel Corporation	06.02.2011	417MB	12.010.0000
Defraggler	Piriform	01.06.2011		2.05
FileZilla Client 3.4.0		24.04.2011		3.4.0
Fraps (remove only)		04.04.2011		
Free Studio version 5.0.10	DVDVideoSoft Limited.	05.06.2011	291MB	
Free YouTube Download version 2.10.38.602	DVDVideoSoft Limited.	09.06.2011	33,0MB	
GIMP 2.6.11	The GIMP Team	06.10.2010	106,8MB	2.6.11
Gimp Themes v1.0	www.gimp-tutorials.net	27.03.2011		1.0.0
Google Chrome	Google Inc.	02.05.2011		12.0.742.112
Grand Canyon & KGCN V2		27.06.2011		
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	06.10.2010		20.0.771.0
HP Deskjet 2050 J510 series Hilfe	Hewlett Packard	05.10.2010	12,2MB	140.0.55.55
HP Odometer	Hewlett-Packard	16.09.2010		2.10.0000
HP Vision Hardware Diagnostics	Hewlett-Packard	16.09.2010		2.1.2.27173
ICQ7.5	ICQ	24.04.2011		7.5
Icy Tower v1.5	Free Lunch Design	30.04.2011	4,34MB	
IvAp v1.9.8 (build 2138)	IVAO	06.05.2011		
Java(TM) 6 Update 26	Oracle	02.05.2011		6.0.260
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation	02.06.2011	13,8MB	1.51.0.1200
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.11.2010	38,8MB	4.0.30319
Microsoft Flight Simulator X Service Pack 2	Microsoft Game Studios	19.03.2011		10.0.61472.0
Microsoft Silverlight	Microsoft Corporation	25.06.2011		4.0.60531.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	29.06.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	09.10.2010		8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	08.10.2010	0,24MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.06.2011		8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	24.06.2011	0,56MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	20.04.2011		8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	20.03.2011		9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	20.03.2011		9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	20.04.2011		9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	20.04.2011		9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	18.03.2011	2,52MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	30.06.2011	0,23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	25.06.2011		9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	19.03.2011		9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	30.03.2011		9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.05.2011		9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.06.2011		9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU	Microsoft Corporation	25.06.2011		9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU	Microsoft Corporation	06.02.2011		9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU	Microsoft Corporation	06.02.2011		9.0.30729
Mozilla Firefox (3.6.18)	Mozilla	24.06.2011		3.6.18 (de)
Mozilla Thunderbird (3.1.11)	Mozilla	03.07.2011		3.1.11 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	08.10.2010		4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	08.10.2010		4.20.9876.0
MSXML 4.0 SP2 Parser und SDK	Microsoft Corporation	23.12.2010		4.20.9818.0
NVIDIA ForceWare Network Access Manager	NVIDIA Corporation	15.09.2010		1.00.7330.0
OpenOffice.org 3.3	OpenOffice.org	02.05.2011		3.3.9567
Paint.NET v3.5.8	dotPDN LLC	22.05.2011		3.58.0
PDF-XChange Viewer	Tracker Software Products Ltd.	25.06.2011		2.5.195.0
PlayReady PC Runtime amd64	Microsoft Corporation	16.09.2010		1.3.0
PMDG 747-400/400F for FSX	Precision Manuals Development Group	29.04.2011		2.10.0040
PMDG744X_GE_AF	Precision Manuals Development Group	02.05.2011		1.10.0000
PMDG744X_GE_KL	Precision Manuals Development Group	02.05.2011		1.00.0000
PMDG744X_GE_LH	Precision Manuals Development Group	29.04.2011		1.00.0000
PMDG744X_GE_O82	Precision Manuals Development Group	02.05.2011		1.00.0000
PMDG744X_GE_QF2	Precision Manuals Development Group	29.04.2011		1.00.0000
PMDG744X_PW_SQ	Precision Manuals Development Group	05.05.2011		1.10.0000
PMDG744X_PW_UA3	Precision Manuals Development Group	29.04.2011		1.00.0000
PMDG744X_RR_BA	Precision Manuals Development Group	02.05.2011		1.10.0000
PMDG_MD11_FSX	Precision Manuals Development Group	18.03.2011		1.20.0055
PMDGMD11X_GE_AA	Precision Manuals Development Group	21.03.2011		1.00.0000
PMDGMD11X_GE_AY1	Precision Manuals Development Group	21.03.2011		1.10.0000
PMDGMD11X_GE_CO	Precision Manuals Development Group	06.04.2011		1.00.0000
PMDGMD11X_GE_KL	Precision Manuals Development Group	06.04.2011		1.00.0000
PMDGMD11X_GE_LH	Precision Manuals Development Group	18.03.2011		1.00.0000
PMDGMD11X_PW_CI	Precision Manuals Development Group	20.04.2011		1.00.0000
PMDGMD11X_PW_DL2	Precision Manuals Development Group	06.04.2011		1.00.0000
PMDGMD11X_PW_QF	Precision Manuals Development Group	06.04.2011		1.00.0000
PMDGMD11X_PW_UA3	Precision Manuals Development Group	21.03.2011		1.00.0000
PMDGMD11XF_GE_LHF	Precision Manuals Development Group	18.03.2011		1.00.0000
PMDGMD11XF_PW_5XF	Precision Manuals Development Group	21.03.2011		1.00.0000
PMDGMD11XF_PW_FXF	Precision Manuals Development Group	06.04.2011		1.10.0000
Real Environment Xtreme	Real Environment Xtreme	09.04.2011		1.0.2008.1128
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.09.2010		6.0.1.6196
Revo Uninstaller 1.92	VS Revo Group	22.04.2011		1.92
Skype™ 5.1	Skype Technologies S.A.	24.02.2011		5.1.112
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten	Hewlett-Packard Co.	05.10.2010	6,93MB	20.0.771.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	12.05.2011		
TeamViewer 6	TeamViewer GmbH	01.06.2011		6.0.10722
Ultimate Traffic 2 - Service Pack	Flight One Software	04.06.2011		2.0
Ultimate Traffic 2 Power Pack	Flight One Software	04.06.2011		2.0
Unlocker 1.9.0-x64	Cedrick Collomb	07.04.2011		1.9.0-x64
VLC media player 1.1.10	VideoLAN	06.06.2011		1.1.10
Windows Live Essentials	Microsoft Corporation	30.06.2011		15.4.3502.0922
µTorrent		28.05.2011		2.2.1

5. OTL
OTL.txt:

Code:

ATTFilter

OTL logfile created on: 7/5/2011 2:48:38 PM - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 238.24 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/06/15 10:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/14 05:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/29 22:01:19 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/15 17:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/01/14 05:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/14 04:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/19 01:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\14507332.sys -- (14507332)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\1450733.sys -- (setup_9.0.0.722_11.06.2011_06-10drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\14507331.sys -- (14507331)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 09:31:40 | 000,982,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=158.130.6.253:3124
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..network.proxy.http: "128.119.41.211"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/28 17:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 15:45:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 09:54:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/04 01:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/03/15 19:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010/11/16 18:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/07/04 15:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions
[2011/03/25 16:38:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\SeaMonkey\Profiles\13rv2xx9.default\extensions
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/05/02 20:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/28 17:16:28 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/06/15 10:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 10:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 10:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 10:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/06/15 10:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/03/16 21:07:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/14 19:05:56 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/05 09:21:33 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/07/05 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
[2011/07/05 01:21:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\SumatraPDF
[2011/07/04 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Any Video Converter
[2011/07/04 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2011/07/04 12:40:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 01:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/07/04 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/07/04 00:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/07/04 00:07:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{16FB997E-A7D3-4E1E-95B3-B01D81A06AF5}
[2011/07/01 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Texture
[2011/07/01 23:28:50 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\InstallShield
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/01 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/07/01 14:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/01 14:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/01 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte
[2011/07/01 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/01 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/01 13:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/01 13:19:06 | 000,000,000 | ---D | C] -- C:\AMD
[2011/06/30 09:44:53 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/06/30 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/30 09:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/30 09:43:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/29 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/06/29 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\avidemux
[2011/06/29 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011/06/29 22:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2011/06/29 22:07:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Windows Live
[2011/06/29 21:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/29 18:42:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2011/06/29 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\roaming
[2011/06/29 10:29:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 10:29:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 10:29:51 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 10:29:51 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 10:29:50 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 10:29:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 10:29:50 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 10:29:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 10:29:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 10:29:49 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 10:29:49 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 10:29:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 10:29:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 10:29:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 10:29:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 10:29:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 00:07:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Biggis-Wunderwelt 747
[2011/06/28 20:17:15 | 000,982,016 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2011/06/28 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/06/28 20:06:22 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2011/06/28 19:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/06/28 18:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OZx
[2011/06/28 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/28 17:16:44 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/28 17:16:43 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/06/28 17:16:41 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/06/28 17:16:40 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/06/28 17:16:39 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/06/28 17:16:39 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/06/28 17:16:24 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/06/28 17:16:24 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/27 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Unity
[2011/06/27 14:59:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Unity
[2011/06/25 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Ifly 737 AES config
[2011/06/25 17:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2011/06/25 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\gegl-0.1
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\.gimp-2.7
[2011/06/25 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Phantom
[2011/06/25 16:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011/06/25 16:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/25 16:06:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/25 15:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/06/25 00:20:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/25 00:20:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/25 00:20:16 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/25 00:20:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/25 00:20:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/25 00:20:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/25 00:20:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/25 00:20:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/24 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\PMDG400X_PaintKit
[2011/06/24 19:23:49 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll
[2011/06/24 19:23:49 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll
[2011/06/24 19:23:49 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll
[2011/06/24 19:23:49 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll
[2011/06/24 19:23:49 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe
[2011/06/24 19:23:49 | 000,000,000 | ---D | C] -- C:\Graphics
[2011/06/24 13:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/24 12:12:20 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 18:33:09 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\1450733.sys
[2011/06/11 18:33:09 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507331.sys
[2011/06/11 18:33:09 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507332.sys
[2011/06/11 17:16:24 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/06/11 16:55:17 | 000,000,000 | ---D | C] -- C:\Windows\{58DD9328-F612-41B7-8353-D3B190E70C7C}
[2011/06/07 16:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/05 14:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 14:49:41 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 14:49:41 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 14:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/05 14:42:16 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 14:25:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005UA.job
[2011/07/04 15:25:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005Core.job
[2011/07/04 14:33:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/04 14:33:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/07/04 14:33:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/04 14:33:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/07/04 14:33:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/04 01:10:17 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/07/04 00:10:58 | 000,001,242 | ---- | M] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/03 13:22:16 | 000,002,516 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/02 21:23:07 | 000,025,109 | ---- | M] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/06/30 09:52:38 | 000,001,307 | ---- | M] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:44:22 | 000,000,020 | ---- | M] () -- C:\Windows\xö2
[2011/06/30 09:36:30 | 000,000,020 | ---- | M] () -- C:\Windows\Ôø¼
[2011/06/30 09:26:08 | 000,002,410 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/29 21:58:11 | 000,000,020 | ---- | M] () -- C:\Windows\,ôÅ
[2011/06/29 10:38:59 | 002,863,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 17:16:46 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/28 17:16:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/25 16:40:39 | 000,034,930 | ---- | M] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/25 15:45:22 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/25 15:32:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/24 19:23:49 | 000,001,688 | ---- | M] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
[2011/06/07 16:41:18 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/06 21:33:08 | 000,001,245 | ---- | M] () -- C:\Users\Thomas\Desktop\Free Studio.lnk
[2011/06/05 18:28:16 | 000,002,532 | ---- | M] () -- C:\Users\Public\Desktop\UT2 Power Pack.lnk
 
========== Files Created - No Company Name ==========
 
[2011/07/04 14:31:03 | 000,032,876 | ---- | C] () -- C:\Users\Thomas\Documents\Gottfried Keller - Biografie.odt
[2011/07/04 00:10:58 | 000,001,242 | ---- | C] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/02 21:23:07 | 000,025,109 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/30 18:05:06 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 09:52:38 | 000,001,307 | ---- | C] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:44:42 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/30 09:44:31 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/30 09:44:22 | 000,000,020 | ---- | C] () -- C:\Windows\xö2
[2011/06/30 09:36:30 | 000,000,020 | ---- | C] () -- C:\Windows\Ôø¼
[2011/06/29 22:59:07 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | C] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/29 21:58:10 | 000,000,020 | ---- | C] () -- C:\Windows\,ôÅ
[2011/06/28 17:16:46 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/25 16:40:39 | 000,034,930 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/24 19:23:49 | 000,001,688 | ---- | C] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
[2011/06/11 17:16:24 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/06/07 16:41:18 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/06 21:33:08 | 000,001,245 | ---- | C] () -- C:\Users\Thomas\Desktop\Free Studio.lnk
[2011/06/05 18:28:16 | 000,002,532 | ---- | C] () -- C:\Users\Public\Desktop\UT2 Power Pack.lnk
[2011/04/22 10:07:08 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2011/03/25 23:54:13 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/16 18:33:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/16 18:33:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/16 18:33:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/16 18:33:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/16 18:33:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/06 14:19:13 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\A8247170B7.sys
[2011/02/06 14:13:39 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/02/06 11:37:12 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/09 11:42:56 | 000,001,614 | ---- | C] () -- C:\Windows\convert-settings.ini
[2010/11/16 22:47:08 | 000,010,240 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 15:34:02 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/07 04:46:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/16 22:02:50 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/10/26 21:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/16 02:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 7/5/2011 2:48:38 PM - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 238.24 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{320C16AB-135A-9E61-AB5E-D63E42B98881}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74AB84F4-B88B-99A5-CC5F-BF61B61E4CDE}" = ccc-utility64
"{801A9B09-B378-D466-2AD6-F1C5C6B0E95D}" = ATI Problem Report Wizard
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{8DB42533-B801-53EE-A166-E13DBD7B0178}" = ATI AVIVO64 Codecs
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.0-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{056A95C1-6E95-0CFA-5AEE-2CF2FBC9C00A}" = CCC Help French
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCEC882-3113-7B2E-62E1-96890AB0FBD6}" = Catalyst Control Center Graphics Light
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH
"{21616BFC-B067-ACFD-4589-9D54D1B7A15F}" = Catalyst Control Center Localization All
"{22DA31EE-2DEA-4DB7-9301-3222F91826F7}" = PMDGMD11XF_PW_FXF
"{24896CE5-C99B-8FF1-FF40-ABC409397FA3}" = HydraVision
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26B7F336-1369-49D6-8E4C-DC2C7BD65647}" = aerosoft's - German Airports 2-Leipzig X
"{26C215D3-D5B9-486C-8E61-A2E5B0B8D3F4}" = PMDGMD11X_PW_QF
"{2982FC17-1189-6FC9-DB39-857A3E5FD771}" = CCC Help Italian
"{2C55D2F6-E698-227A-82CD-D3F31C4643CE}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X
"{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}" = Aerosoft's - VFR Germany 2
"{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X
"{403DDDA0-57D1-AAC6-5C54-88E33B9DE7E0}" = Catalyst Control Center HydraVision Full
"{415826DA-CC9C-4836-AFDB-E67104272C52}" = PMDGMD11X_PW_DL2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{433974CD-9707-489F-8C06-DFFC23C65C68}" = PMDGMD11X_GE_KL
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD88F13-61B9-386A-B007-2872F0C146C8}" = CCC Help Korean
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D89CDD6-80E8-C8A9-89A0-9384C866C30C}" = CCC Help Russian
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{4F2F0EC1-6F33-3627-E1C4-87EF876F84A6}" = CCC Help Czech
"{5112E5EF-17A7-FD83-927C-E44137661C6A}" = CCC Help Thai
"{5B862783-8949-B423-7786-8C2DDADF409A}" = CCC Help Swedish
"{5C8EF467-5933-BCCC-A219-59CF7612327A}" = Catalyst Control Center Graphics Previews Vista
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65E5B64C-A556-2C9E-CA7A-C402B3DCAC25}" = Catalyst Control Center Graphics Full New
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6758B364-96C0-4143-ABDF-8160F8A2AA0D}" = PMDG744X_PW_SQ
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E4C2590-DF8C-C855-5FE9-CCF1A5F444A6}" = CCC Help English
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF
"{710473D1-1838-54D2-D446-B54474967D06}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A782D80-1C63-4D19-AC7A-E39E63DFDE78}" = PMDG744X_GE_QF2
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D182F01-0465-FD8F-59F4-6DC9BD64ED79}" = CCC Help Chinese Standard
"{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}" = Aerosoft's - VFR Germany 1
"{80269974-19AA-8465-B55A-61446A075D3E}" = ccc-core-static
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{8591DD66-01FD-4E5F-AAB7-71998FEA4FF8}" = PMDG744X_GE_O82
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{91FD430B-2B60-1D6B-7E14-F83F91635378}" = Catalyst Control Center InstallProxy
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C97546-024D-40E1-A16E-255C3BAAAC16}" = PMDGMD11X_GE_CO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A34BB90E-F0AF-58B2-8884-0708E16A5E3D}" = CCC Help Greek
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC3A895F-8A4B-F340-0FE2-C0ECD7AE0E4B}" = CCC Help Hungarian
"{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest
"{ADF128B5-69E8-6F79-2643-ACF1FA8C5925}" = CCC Help Portuguese
"{AF6DFB71-D86A-9ED2-1883-45C7EEC0C6CD}" = CCC Help Spanish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6B1DA81-F781-FF6C-0E60-1248ACD29F27}" = CCC Help Japanese
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5084F12-A5E6-4C34-B66F-0401589CF19B}" = PMDGMD11X_PW_CI
"{C5869150-CAA3-B29A-76E6-74DFFC92A848}" = CCC Help Norwegian
"{C72AF0FF-C3CB-8E57-10E8-E2C09FC7775F}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}" = PMDG_MD11_FSX
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20A9F26-DB85-A6E7-D453-B13EF4090240}" = CCC Help Finnish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL
"{D8CFEC4C-1F9F-D1E8-AE0F-9819B461A45C}" = Catalyst Control Center Graphics Full Existing
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DEB42BC5-3922-4B3F-ED07-11868A89320A}" = CCC Help German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3
"{ECE3EB63-6317-7F5E-5FFB-8A3F20CBD9D8}" = Catalyst Control Center Core Implementation
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4B17F94-CF35-C084-D913-9272C7048B44}" = CCC Help Polish
"{F7016342-C196-44B1-AAC5-D7BA4708473E}" = Aerosoft's - VFR Germany 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D89717-868E-F925-33CE-207C0DBFC86D}" = CCC Help Turkish
"{FACF4134-520E-BD72-C32E-2562C91E61A3}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"F1UT2" = Ultimate Traffic 2 - Service Pack
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Phantom" = Foxit Phantom
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download version 2.10.38.602
"Grand Canyon & KGCN V2" = Grand Canyon & KGCN V2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C5E2C25-5095-4160-9CAC-DD731863EEFE}" = PMDGMD11XF_PW_5XF
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X
"{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}" = PMDGMD11X_GE_LH
"{60EC279D-3806-47FA-BE7E-C2C41D350647}" = PMDGMD11X_GE_AY1
"{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}" = PMDGMD11XF_GE_LHF
"{ABB4DB59-0284-414D-9346-4992E1856E7F}" = PMDGMD11X_GE_AA
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{C1E2F394-F52F-41E9-8D97-1F89AD04147A}" = PMDGMD11X_PW_UA3
"{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/29/2011 3:55:05 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Desktop\SoftonicDownloader_fuer_windows-live-movie-maker.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 6/29/2011 3:59:55 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas\Desktop\SoftonicDownloader_fuer_windows-live-movie-maker.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 6/29/2011 4:01:36 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:01:36 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:01:44 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:47 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:49 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:36:45 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:59:24 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/30/2011 3:23:08 AM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 15.4.3502.922,
 Zeitstempel: 0x4c9b0191  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7bafa  Ausnahmecode: 0xc06d007e  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cc36f68c21e4e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: ccf2c9d0-a2e9-11e0-81db-7071bc609175
 
[ Media Center Events ]
Error - 1/28/2011 9:58:58 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:58:53 - Fehler beim Herstellen der Internetverbindung.  14:58:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:23 - Fehler beim Herstellen der Internetverbindung.  14:25:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:59 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:52 - Fehler beim Herstellen der Internetverbindung.  14:25:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:24:49 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:24:48 - Fehler beim Herstellen der Internetverbindung.  14:24:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:18 - Fehler beim Herstellen der Internetverbindung.  14:25:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:13 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:13 - Fehler beim Herstellen der Internetverbindung.  14:20:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:46 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:42 - Fehler beim Herstellen der Internetverbindung.  14:20:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:48:29 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:29 - Fehler beim Herstellen der Internetverbindung.  14:48:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:49:02 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:58 - Fehler beim Herstellen der Internetverbindung.  14:48:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/15/2011 10:32:35 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 15:32:35 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 7/5/2011 3:20:24 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/5/2011 3:20:24 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/5/2011 3:20:25 AM | Computer Name = ThomasPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 7/5/2011 3:23:25 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem Dienst 
abhängig: vsdatant. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2011 3:30:54 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem Dienst 
abhängig: vsdatant. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2011 3:32:13 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem Dienst 
abhängig: vsdatant. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2011 3:34:42 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem Dienst 
abhängig: vsdatant. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2011 3:37:29 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem Dienst 
abhängig: vsdatant. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2011 3:55:45 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/5/2011 8:42:22 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
 
< End of report >

Thomas13 · 05.07.2011, 16:15

Sorry, hab vorher Malwarebytes nicht geupdatet.
Hier nochmal der richtige Scan

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7026

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

05.07.2011 17:08:38
mbam-log-2011-07-05 (17-08-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 781866
Laufzeit: 1 Stunde(n), 37 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

kira · 06.07.2011, 07:14

1.

Zitat:

Zitat von Thomas13

Das einzige was ich von Kaspersky hab ist der TDSS Killer. Hab den nur noch nicht gelöscht.

kannst Du das Protokoll hier posten?

2.
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

Zitat:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=158.130.6.253:3124
FF - prefs.js..network.proxy.http: "128.119.41.211"

3.
Schwierig aus der Ferne zu diagnostizieren, unter Eigenschaften kannst du aber so ziemlich alles auslesen was sich nur auslesen lässt:

Zitat:

C:\Windows\xö2
C:\Windows\Ôø¼
C:\Windows\,ôÅ

Kannst Du Sie in einer Erweiterung von .BAD (Beispiel: xö2.BAD Wenn sie nicht benötigt werden und alles läuft einwandfrei, kannst du dann nach einiger Zeit die Dateien einfach löschen

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Thomas13 · 06.07.2011, 09:54

zu 2.

Ist beides schon angehakt gewesen. Also war weder im Firefox noch im IE ein Proxy drin.

zu 3.

Die Dateien haben keine Endung. Bei Eigenschaften steht dort auch nur "Datei". Ich habe die Dateien mal mit dem Editor geöffnet, dort steht als Inhalt

Code:

ATTFilter

[KeyList]
Count=0

Virustotal hat auch bei keiner Datei was gefunden.. Soll ich die Dateien hier Anhängen, oder einfach löschen?

kira · 07.07.2011, 05:59

Zitat:

Zitat von Thomas13

Soll ich die Dateien hier Anhängen, oder einfach löschen?

Maßnahme zunächst wie unter Punkt 3. vorgehen

Zu Punkt 2. - Proxy ist OK?

1.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

2.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

** gibt es sonst Probleme?

Thomas13 · 07.07.2011, 20:39

Die Dateien hab ich jetzt gelöscht. Weiter ist nichts passiert.
Zu dem Proxy: Keine Ahnung wie das da hinkommt. Ist jedenfalls alles so angehakt gewesen.

Superantispyware:

Code:

ATTFilter

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 07/07/2011 bei 04:48 PM

Version der Applikation : 4.55.1000

Version der Kern-Datenbank : 7381
Version der Spur-Datenbank : 5193

Scan Art       : kompletter Scann
Totale Scann-Zeit : 03:24:29

Gescannte Speicherelemente  : 765
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 13167
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 596501
Erfasste Datei-Elemente   : 0

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

wurde nichts gefunden.

kira · 08.07.2011, 05:12

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=158.130.6.253:3124
FF - prefs.js..network.proxy.http: "128.119.41.211"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
[2011/06/15 10:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Thomas13 · 08.07.2011, 09:33

OTL-fix

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "128.119.41.211" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Thomas
->Temp folder emptied: 412022 bytes
->Temporary Internet Files folder emptied: 2423672 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44122878 bytes
->Google Chrome cache emptied: 7558777 bytes
->Flash cache emptied: 2011 bytes
 
User: Thomas_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 176616214 bytes
 
Total Files Cleaned = 220.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 07082011_101853

Files\Folders moved on Reboot...
C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL:

Code:

ATTFilter

OTL logfile created on: 7/8/2011 10:22:29 AM - Run 5
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 239.06 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.55 Gb Free Space | 68.02% Space Free | Partition Type: FAT32
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 10:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/05/14 01:44:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/14 05:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/29 22:01:19 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/05/15 17:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/02/17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2010/02/17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2010/01/14 05:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/14 04:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/19 01:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\14507332.sys -- (14507332)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\1450733.sys -- (setup_9.0.0.722_11.06.2011_06-10drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\14507331.sys -- (14507331)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 09:31:40 | 000,982,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 10:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 15:45:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 09:54:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/04 01:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/03/15 19:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010/11/16 18:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/07/07 16:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions
[2011/03/25 16:38:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2k2rtmay.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/15 19:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\SeaMonkey\Profiles\13rv2xx9.default\extensions
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/05/02 20:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/25 16:06:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 10:14:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/06/15 10:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 10:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 10:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 10:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011/03/16 21:07:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/14 19:05:56 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/07 19:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/07 13:19:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/07 13:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/07 13:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/07 13:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/07 13:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/05 21:46:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Pinnacle VideoSpin
[2011/07/05 21:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2011/07/05 21:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2011/07/05 21:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2011/07/05 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011/07/05 21:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2011/07/05 21:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011/07/05 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Downloaded Installations
[2011/07/05 09:21:33 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/07/05 01:21:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\SumatraPDF
[2011/07/04 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Any Video Converter
[2011/07/04 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2011/07/04 12:40:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 01:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/07/04 00:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/07/04 00:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/07/04 00:07:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{16FB997E-A7D3-4E1E-95B3-B01D81A06AF5}
[2011/07/01 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Texture
[2011/07/01 23:28:50 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\InstallShield
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\ATI
[2011/07/01 14:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/01 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/07/01 14:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/01 14:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/01 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte
[2011/07/01 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/01 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/01 13:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/01 13:19:06 | 000,000,000 | ---D | C] -- C:\AMD
[2011/06/30 09:44:53 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/06/30 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/30 09:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/30 09:43:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/29 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/06/29 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\avidemux
[2011/06/29 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011/06/29 22:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2011/06/29 22:07:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Windows Live
[2011/06/29 21:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/29 18:42:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2011/06/29 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\roaming
[2011/06/29 10:29:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 10:29:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 10:29:51 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 10:29:51 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 10:29:50 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 10:29:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 10:29:50 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 10:29:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 10:29:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 10:29:49 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 10:29:49 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 10:29:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 10:29:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 10:29:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 10:29:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 10:29:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 00:07:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Biggis-Wunderwelt 747
[2011/06/28 20:17:15 | 000,982,016 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2011/06/28 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/06/28 20:06:22 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2011/06/28 19:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/06/28 18:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OZx
[2011/06/28 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/28 17:16:44 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/28 17:16:43 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/06/28 17:16:41 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/06/28 17:16:40 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/06/28 17:16:39 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/06/28 17:16:39 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/06/28 17:16:24 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/06/28 17:16:24 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/28 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/27 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Unity
[2011/06/27 14:59:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Unity
[2011/06/25 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Ifly 737 AES config
[2011/06/25 17:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2011/06/25 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\gegl-0.1
[2011/06/25 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\.gimp-2.7
[2011/06/25 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Phantom
[2011/06/25 16:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011/06/25 16:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/25 16:06:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/25 16:06:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/25 15:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/06/25 00:20:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/25 00:20:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/25 00:20:16 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/25 00:20:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/25 00:20:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/25 00:20:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/25 00:20:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/25 00:20:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/24 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\PMDG400X_PaintKit
[2011/06/24 19:23:49 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll
[2011/06/24 19:23:49 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll
[2011/06/24 19:23:49 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll
[2011/06/24 19:23:49 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll
[2011/06/24 19:23:49 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe
[2011/06/24 19:23:49 | 000,000,000 | ---D | C] -- C:\Graphics
[2011/06/24 13:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/24 12:12:20 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 18:33:09 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\1450733.sys
[2011/06/11 18:33:09 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507331.sys
[2011/06/11 18:33:09 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\14507332.sys
[2011/06/11 17:16:24 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/06/11 16:55:17 | 000,000,000 | ---D | C] -- C:\Windows\{58DD9328-F612-41B7-8353-D3B190E70C7C}
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/08 10:27:07 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 10:27:07 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 10:25:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005UA.job
[2011/07/08 10:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 10:19:47 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 00:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 15:25:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793448899-3928903926-1007559840-1005Core.job
[2011/07/07 13:26:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/07 13:26:22 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/07/07 13:26:22 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/07 13:26:22 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/07/07 13:26:22 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/07 13:19:28 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/06 15:00:09 | 000,003,590 | ---- | M] () -- C:\Users\Thomas\Desktop\index.html
[2011/07/06 14:59:21 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/07/06 12:58:04 | 000,002,516 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/06 10:53:11 | 000,030,839 | ---- | M] () -- C:\Users\Thomas\Desktop\Logfiles.zip
[2011/07/06 10:14:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/06 10:11:17 | 002,871,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/05 21:52:39 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/07/05 21:44:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[2011/07/04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 13:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 13:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 13:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 13:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 13:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 13:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/04 01:10:17 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/07/04 00:10:58 | 000,001,242 | ---- | M] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/02 21:23:07 | 000,025,109 | ---- | M] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/06/30 09:52:38 | 000,001,307 | ---- | M] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:26:08 | 000,002,410 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/28 17:16:46 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/25 16:40:39 | 000,034,930 | ---- | M] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/25 15:45:22 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/25 15:32:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/24 19:23:49 | 000,001,688 | ---- | M] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
 
========== Files Created - No Company Name ==========
 
[2011/07/07 13:19:28 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/06 15:00:09 | 000,003,590 | ---- | C] () -- C:\Users\Thomas\Desktop\index.html
[2011/07/06 10:53:11 | 000,030,839 | ---- | C] () -- C:\Users\Thomas\Desktop\Logfiles.zip
[2011/07/05 21:44:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[2011/07/05 21:40:22 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/07/04 14:31:03 | 000,032,876 | ---- | C] () -- C:\Users\Thomas\Documents\Gottfried Keller - Biografie.odt
[2011/07/04 00:10:58 | 000,001,242 | ---- | C] () -- C:\Users\Thomas\Desktop\Any Video Converter.lnk
[2011/07/02 21:23:07 | 000,025,109 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel
[2011/07/01 14:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/30 18:05:06 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/06/30 09:52:38 | 000,001,307 | ---- | C] () -- C:\Users\Thomas\Desktop\Windows Live Movie Maker.lnk
[2011/06/30 09:44:42 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/30 09:44:31 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/29 22:59:07 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/06/29 22:59:07 | 000,000,949 | ---- | C] () -- C:\Users\Thomas\Desktop\Audacity.lnk
[2011/06/28 17:16:46 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/25 16:40:39 | 000,034,930 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2011/06/24 19:23:49 | 000,001,688 | ---- | C] () -- C:\Users\Thomas\Desktop\DXTBmp.lnk
[2011/06/11 17:16:24 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/04/22 10:07:08 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2011/03/25 23:54:13 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/16 18:33:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/16 18:33:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/16 18:33:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/16 18:33:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/16 18:33:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/06 14:19:13 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\A8247170B7.sys
[2011/02/06 14:13:39 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/02/06 11:37:12 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/09 11:42:56 | 000,001,614 | ---- | C] () -- C:\Windows\convert-settings.ini
[2010/11/16 22:47:08 | 000,010,240 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 15:34:02 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/07 04:46:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/16 22:02:50 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/10/26 21:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/16 02:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 7/8/2011 10:22:29 AM - Run 5
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.34 Gb Total Space | 239.06 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
Drive D: | 13.32 Gb Total Space | 1.64 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.55 Gb Free Space | 68.02% Space Free | Partition Type: FAT32
 
Computer Name: THOMASPC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{320C16AB-135A-9E61-AB5E-D63E42B98881}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74AB84F4-B88B-99A5-CC5F-BF61B61E4CDE}" = ccc-utility64
"{801A9B09-B378-D466-2AD6-F1C5C6B0E95D}" = ATI Problem Report Wizard
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{8DB42533-B801-53EE-A166-E13DBD7B0178}" = ATI AVIVO64 Codecs
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.0-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{056A95C1-6E95-0CFA-5AEE-2CF2FBC9C00A}" = CCC Help French
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCEC882-3113-7B2E-62E1-96890AB0FBD6}" = Catalyst Control Center Graphics Light
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH
"{21616BFC-B067-ACFD-4589-9D54D1B7A15F}" = Catalyst Control Center Localization All
"{22DA31EE-2DEA-4DB7-9301-3222F91826F7}" = PMDGMD11XF_PW_FXF
"{24896CE5-C99B-8FF1-FF40-ABC409397FA3}" = HydraVision
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26B7F336-1369-49D6-8E4C-DC2C7BD65647}" = aerosoft's - German Airports 2-Leipzig X
"{26C215D3-D5B9-486C-8E61-A2E5B0B8D3F4}" = PMDGMD11X_PW_QF
"{2982FC17-1189-6FC9-DB39-857A3E5FD771}" = CCC Help Italian
"{2C55D2F6-E698-227A-82CD-D3F31C4643CE}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X
"{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}" = Aerosoft's - VFR Germany 2
"{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X
"{403DDDA0-57D1-AAC6-5C54-88E33B9DE7E0}" = Catalyst Control Center HydraVision Full
"{415826DA-CC9C-4836-AFDB-E67104272C52}" = PMDGMD11X_PW_DL2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{433974CD-9707-489F-8C06-DFFC23C65C68}" = PMDGMD11X_GE_KL
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD88F13-61B9-386A-B007-2872F0C146C8}" = CCC Help Korean
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D89CDD6-80E8-C8A9-89A0-9384C866C30C}" = CCC Help Russian
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{4F2F0EC1-6F33-3627-E1C4-87EF876F84A6}" = CCC Help Czech
"{5112E5EF-17A7-FD83-927C-E44137661C6A}" = CCC Help Thai
"{5B862783-8949-B423-7786-8C2DDADF409A}" = CCC Help Swedish
"{5C8EF467-5933-BCCC-A219-59CF7612327A}" = Catalyst Control Center Graphics Previews Vista
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65E5B64C-A556-2C9E-CA7A-C402B3DCAC25}" = Catalyst Control Center Graphics Full New
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6758B364-96C0-4143-ABDF-8160F8A2AA0D}" = PMDG744X_PW_SQ
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E4C2590-DF8C-C855-5FE9-CCF1A5F444A6}" = CCC Help English
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF
"{710473D1-1838-54D2-D446-B54474967D06}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A782D80-1C63-4D19-AC7A-E39E63DFDE78}" = PMDG744X_GE_QF2
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D182F01-0465-FD8F-59F4-6DC9BD64ED79}" = CCC Help Chinese Standard
"{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}" = Aerosoft's - VFR Germany 1
"{80269974-19AA-8465-B55A-61446A075D3E}" = ccc-core-static
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{8591DD66-01FD-4E5F-AAB7-71998FEA4FF8}" = PMDG744X_GE_O82
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{91FD430B-2B60-1D6B-7E14-F83F91635378}" = Catalyst Control Center InstallProxy
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C97546-024D-40E1-A16E-255C3BAAAC16}" = PMDGMD11X_GE_CO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A34BB90E-F0AF-58B2-8884-0708E16A5E3D}" = CCC Help Greek
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC3A895F-8A4B-F340-0FE2-C0ECD7AE0E4B}" = CCC Help Hungarian
"{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest
"{ADF128B5-69E8-6F79-2643-ACF1FA8C5925}" = CCC Help Portuguese
"{AF6DFB71-D86A-9ED2-1883-45C7EEC0C6CD}" = CCC Help Spanish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6B1DA81-F781-FF6C-0E60-1248ACD29F27}" = CCC Help Japanese
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5084F12-A5E6-4C34-B66F-0401589CF19B}" = PMDGMD11X_PW_CI
"{C5869150-CAA3-B29A-76E6-74DFFC92A848}" = CCC Help Norwegian
"{C72AF0FF-C3CB-8E57-10E8-E2C09FC7775F}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}" = PMDG_MD11_FSX
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20A9F26-DB85-A6E7-D453-B13EF4090240}" = CCC Help Finnish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL
"{D8CFEC4C-1F9F-D1E8-AE0F-9819B461A45C}" = Catalyst Control Center Graphics Full Existing
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DEB42BC5-3922-4B3F-ED07-11868A89320A}" = CCC Help German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3
"{ECE3EB63-6317-7F5E-5FFB-8A3F20CBD9D8}" = Catalyst Control Center Core Implementation
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4B17F94-CF35-C084-D913-9272C7048B44}" = CCC Help Polish
"{F7016342-C196-44B1-AAC5-D7BA4708473E}" = Aerosoft's - VFR Germany 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D89717-868E-F925-33CE-207C0DBFC86D}" = CCC Help Turkish
"{FACF4134-520E-BD72-C32E-2562C91E61A3}" = Catalyst Control Center Graphics Previews Common
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"ESET Online Scanner" = ESET Online Scanner v3
"F1UT2" = Ultimate Traffic 2 - Service Pack
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"FileZilla Client" = FileZilla Client 3.5.0
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Phantom" = Foxit Phantom
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download version 2.10.38.602
"Grand Canyon & KGCN V2" = Grand Canyon & KGCN V2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C5E2C25-5095-4160-9CAC-DD731863EEFE}" = PMDGMD11XF_PW_5XF
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X
"{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}" = PMDGMD11X_GE_LH
"{60EC279D-3806-47FA-BE7E-C2C41D350647}" = PMDGMD11X_GE_AY1
"{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}" = PMDGMD11XF_GE_LHF
"{ABB4DB59-0284-414D-9346-4992E1856E7F}" = PMDGMD11X_GE_AA
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{C1E2F394-F52F-41E9-8D97-1F89AD04147A}" = PMDGMD11X_PW_UA3
"{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/29/2011 4:01:44 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:47 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:29:49 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:36:45 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/29/2011 4:59:24 PM | Computer Name = ThomasPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 6/30/2011 3:23:08 AM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 15.4.3502.922,
 Zeitstempel: 0x4c9b0191  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7bafa  Ausnahmecode: 0xc06d007e  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cc36f68c21e4e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: ccf2c9d0-a2e9-11e0-81db-7071bc609175
 
Error - 7/1/2011 12:56:15 PM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlusiFix06.exe, Version: 5.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7bafa  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x914  Startzeit der fehlerhaften Anwendung: 0x01cc380f7aab3030  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomas\Documents\FlusiFix-2006 V5.0\FlusiFix06.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 08056f90-a403-11e0-88dc-7071bc609175
 
Error - 7/1/2011 12:56:50 PM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlusiFix06.exe, Version: 5.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7bafa  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x8c0  Startzeit der fehlerhaften Anwendung: 0x01cc380fd4aabd30  Pfad der
 fehlerhaften Anwendung: C:\Users\Thomas\Documents\FlusiFix-2006 V5.0\FlusiFix06.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 1caebe10-a403-11e0-88dc-7071bc609175
 
Error - 7/1/2011 5:58:01 PM | Computer Name = ThomasPC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 70c    Startzeit: 01cc383981ce6bf0    Endzeit: 21    Anwendungspfad: 
C:\Windows\explorer.exe    Berichts-ID: 2d8e0a91-a42d-11e0-88dc-7071bc609175  
 
Error - 7/1/2011 6:30:03 PM | Computer Name = ThomasPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61472.0, Zeitstempel:
 0x475e17d3  Name des fehlerhaften Moduls: uiautomationcore.dll, Version: 7.0.0.0,
 Zeitstempel: 0x4a5bdb1d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000e52a  ID des fehlerhaften
 Prozesses: 0x108c  Startzeit der fehlerhaften Anwendung: 0x01cc383b6bef98c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Microsoft Flight
 Simulator X\fsx.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\uiautomationcore.dll
Berichtskennung:
 a92bbea0-a431-11e0-88dc-7071bc609175
 
[ Media Center Events ]
Error - 1/28/2011 9:58:58 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:58:53 - Fehler beim Herstellen der Internetverbindung.  14:58:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:23 - Fehler beim Herstellen der Internetverbindung.  14:25:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/29/2011 9:25:59 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:52 - Fehler beim Herstellen der Internetverbindung.  14:25:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:24:49 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:24:48 - Fehler beim Herstellen der Internetverbindung.  14:24:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/30/2011 9:25:23 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:25:18 - Fehler beim Herstellen der Internetverbindung.  14:25:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:13 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:13 - Fehler beim Herstellen der Internetverbindung.  14:20:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/31/2011 9:20:46 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:20:42 - Fehler beim Herstellen der Internetverbindung.  14:20:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:48:29 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:29 - Fehler beim Herstellen der Internetverbindung.  14:48:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/1/2011 9:49:02 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 14:48:58 - Fehler beim Herstellen der Internetverbindung.  14:48:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/15/2011 10:32:35 AM | Computer Name = ThomasPC | Source = MCUpdate | ID = 0
Description = 15:32:35 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 7/6/2011 4:59:17 PM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/7/2011 3:39:30 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/7/2011 5:24:12 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/7/2011 7:17:15 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/8/2011 4:03:10 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/8/2011 4:03:55 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 7/8/2011 4:03:55 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 7/8/2011 4:16:46 AM | Computer Name = ThomasPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?07.?2011 um 10:15:58 unerwartet heruntergefahren.
 
Error - 7/8/2011 4:16:47 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 7/8/2011 4:19:53 AM | Computer Name = ThomasPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2

< End of report >

Sonst sind keine Probleme aufgetreten.

kira · 09.07.2011, 07:43

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen
Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen
also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein!

4.
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! )
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Thomas13 · 09.07.2011, 10:27

Danke dir für die Tipps

Seltsame Dateien in C:\Windows

Log-Analyse und Auswertung: Seltsame Dateien in C:\Windows