Facebook-Virus!

Kevin- · 15.08.2011, 15:31

Hallo liebe community,
ich hab mir den Facebook virus eingefangen.
ich habe auch schon gegoogelt und mir einige themen dazu angesehen und es sind immer die selben maßnahmen zum durchführen.
ich habe versucht das virus mit Malwarebytes zu entfernen, doch mir ist aufgefallen jedes mal wenn ich einen Quick oder vollständigen suchlauf starte findet er immer wieder die gleichen datein, die ich auch schon x mal gelöscht habe. (Logfiles habe ich gespeichert)!
zudem ist mir aufgefallen, das wenn ich einen externen datenträger wie USB Stick oder mein handy mit dem pc verbinde meldet sich mein avira anitvir mit folgender meldung: ->

Code:

ATTFilter

Zu ihrer Sicherheit wurde der Zugriff auf die datei' J:/Autorun.inf' blockiert.

das komische ist, ich habe keine datein auf diesem stick gehabt.

um den virus selber zu entfernen ich mich an eine anleitung aus dem forum gehalten. http://www.trojaner-board.de/92666-facebook-virus.html
das hat aber leider nicht funktioniert, deswegen hab ich jetzt meinen eigenen thread erstellt. ich habe Win Vista x64 bit system und ich bin noch in der lernphase was den pc betrifft, habe aber einwenig ahnung denk ich.

ich bedanke mich schon mal im vorraus für eure hilfe.

kira · 15.08.2011, 22:43

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes

(alle vorhandenen Protokolle)
2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Kevin- · 16.08.2011, 15:41

ja ich habe mein system rein aus misstrauen jetzt insgesamt 7mal gescannt (Quick und Vollständig)
also ich poste jetzt erst einmal die Malwarebyte logdatein.
Ist alles nach datum sortiert!

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7465

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

14.08.2011 16:49:18
mbam-log-2011-08-14 (16-49-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184875
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 30

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\AppData\Local\Temp\0206897.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\0398621.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\1548646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\1569167.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\1701840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\1774161.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\1949505.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\2300311.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\2997244.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\3309247.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\3890652.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\4045212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\4221968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\4771517.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\6096618.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\6652310.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\6718494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\7661239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8067992.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8182406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8228824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8383477.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8465320.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8537586.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8594294.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9072020.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9370625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9397003.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9764369.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7465

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

14.08.2011 19:09:54
mbam-log-2011-08-14 (19-09-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 438411
Laufzeit: 1 Stunde(n), 33 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7469

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.08.2011 14:58:17
mbam-log-2011-08-15 (14-58-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 443068
Laufzeit: 1 Stunde(n), 32 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\AppData\Local\Temp\1589196.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7469

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.08.2011 15:11:15
mbam-log-2011-08-15 (15-11-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184705
Laufzeit: 4 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\AppData\Local\Temp\0993158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Kevin- · 16.08.2011, 15:43

so hier kommt der rest: ->

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7469

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.08.2011 15:27:23
mbam-log-2011-08-15 (15-27-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184975
Laufzeit: 4 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> 3136 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Driver Control (Rootkit.0Access.XGen) -> Value: Intel Driver Control -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\3031590.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\5582125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7469

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.08.2011 15:42:35
mbam-log-2011-08-15 (15-42-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184761
Laufzeit: 5 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> 1392 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Driver Control (Rootkit.0Access.XGen) -> Value: Intel Driver Control -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9721540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7469

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.08.2011 17:11:25
mbam-log-2011-08-15 (17-11-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 185885
Laufzeit: 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> 3192 -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Driver Control (Rootkit.0Access.XGen) -> Value: Intel Driver Control -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\Cache\igfxcd32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\4305024.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\5917934.exe (Trojan.Agent) -> Quarantined and deleted successfully.

es werden immer wieder die Selben datein gefunden und entfernt, ist mir aufgefallen.

Kevin- · 16.08.2011, 15:50

mein antivir hat sich gerade gemeldt und einen Qickscan durchgeführt, hier ist die logfile:

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 16. August 2011 16:46

Es wird nach 3243327 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista x64
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KEVIN-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 29.07.2011 19:09:18
AVSCAN.DLL : 10.0.5.0 57192 Bytes 29.07.2011 19:09:18
LUKE.DLL : 10.3.0.5 45416 Bytes 29.07.2011 19:09:21
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 29.07.2011 19:09:21
AVREG.DLL : 10.3.0.9 88833 Bytes 29.07.2011 19:09:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 05:53:00
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:35:39
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 16:29:43
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 14:31:13
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 14:31:13
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 14:31:13
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 14:31:13
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 14:31:14
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 14:31:14
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 14:31:14
VBASE013.VDF : 7.11.13.67 2048 Bytes 16.08.2011 14:31:14
VBASE014.VDF : 7.11.13.68 2048 Bytes 16.08.2011 14:31:14
VBASE015.VDF : 7.11.13.69 2048 Bytes 16.08.2011 14:31:14
VBASE016.VDF : 7.11.13.70 2048 Bytes 16.08.2011 14:31:14
VBASE017.VDF : 7.11.13.71 2048 Bytes 16.08.2011 14:31:14
VBASE018.VDF : 7.11.13.72 2048 Bytes 16.08.2011 14:31:14
VBASE019.VDF : 7.11.13.73 2048 Bytes 16.08.2011 14:31:15
VBASE020.VDF : 7.11.13.74 2048 Bytes 16.08.2011 14:31:15
VBASE021.VDF : 7.11.13.75 2048 Bytes 16.08.2011 14:31:15
VBASE022.VDF : 7.11.13.76 2048 Bytes 16.08.2011 14:31:15
VBASE023.VDF : 7.11.13.77 2048 Bytes 16.08.2011 14:31:15
VBASE024.VDF : 7.11.13.78 2048 Bytes 16.08.2011 14:31:15
VBASE025.VDF : 7.11.13.79 2048 Bytes 16.08.2011 14:31:15
VBASE026.VDF : 7.11.13.80 2048 Bytes 16.08.2011 14:31:15
VBASE027.VDF : 7.11.13.81 2048 Bytes 16.08.2011 14:31:15
VBASE028.VDF : 7.11.13.82 2048 Bytes 16.08.2011 14:31:16
VBASE029.VDF : 7.11.13.83 2048 Bytes 16.08.2011 14:31:16
VBASE030.VDF : 7.11.13.84 2048 Bytes 16.08.2011 14:31:16
VBASE031.VDF : 7.11.13.87 8192 Bytes 16.08.2011 14:31:16
Engineversion : 8.2.6.30
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.04.2011 05:52:30
AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 08.08.2011 14:35:26
AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:52:28
AESBX.DLL : 8.2.1.34 323957 Bytes 15.06.2011 22:54:00
AERDL.DLL : 8.1.9.13 639349 Bytes 17.07.2011 16:30:32
AEPACK.DLL : 8.2.9.5 676214 Bytes 17.07.2011 16:30:28
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 29.07.2011 19:09:15
AEHEUR.DLL : 8.1.2.153 3678584 Bytes 13.08.2011 17:14:32
AEHELP.DLL : 8.1.17.7 254327 Bytes 29.07.2011 19:09:15
AEGEN.DLL : 8.1.5.7 401778 Bytes 08.08.2011 14:34:53
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17
AECORE.DLL : 8.1.22.4 196983 Bytes 17.07.2011 16:30:08
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39
AVPREF.DLL : 10.0.3.2 44904 Bytes 29.07.2011 19:09:18
AVREP.DLL : 10.0.0.10 174120 Bytes 29.07.2011 19:09:21
AVARKT.DLL : 10.0.26.1 255336 Bytes 29.07.2011 19:09:16
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 29.07.2011 19:09:16
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:59:50
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 29.07.2011 19:09:15
RCTEXT.DLL : 10.0.64.0 98664 Bytes 29.07.2011 19:09:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f2e2b0e\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Dienstag, 16. August 2011 16:46
C:\Users\kevin\M-1-54-6324-575-5275\winsvc.exe
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Phorpiex.B
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1992697141-1985047388-3417664648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Security> wurde erfolgreich repariert.
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003
[WARNUNG] Die Datei konnte nicht gelöscht werden!
[HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
[WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[WARNUNG] Die Datei konnte nicht gelöscht werden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winsvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\kevin\M-1-54-6324-575-5275\winsvc.exe>
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Phorpiex.B
[HINWEIS] Prozess 'winsvc.exe' wurde beendet
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Kevin- · 16.08.2011, 16:13

Hier sind die Logfiles von OTL: ->

Code:

ATTFilter

OTL logfile created on: 16.08.2011 16:46:34 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\kevin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free
4,24 Gb Paging File | 2,88 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,13 Gb Total Space | 113,86 Gb Free Space | 49,91% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 206,03 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\kevin\M-1-54-6324-575-5275\winsvc.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\kevin\M-1-54-6324-575-5275\winsvc.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.17 17:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.17 18:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.07.17 17:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions
[2011.08.07 12:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\Profiles\b4ygyiky.default\extensions
[2011.07.17 20:39:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\Profiles\b4ygyiky.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.28 14:08:06 | 000,003,915 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\b4ygyiky.default\searchplugins\sweetim.xml
[2011.07.17 17:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B4YGYIKY.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2011.07.17 13:17:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 06:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ee2ff9e8-afdf-11e0-82be-00192141003c}\Shell - "" = AutoRun
O33 - MountPoints2\{ee2ff9e8-afdf-11e0-82be-00192141003c}\Shell\AutoRun\command - "" = L:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.16 16:32:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011.08.15 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\kevin\Desktop\hjtscanlist
[2011.08.15 15:14:23 | 000,000,000 | -HSD | C] -- C:\Users\kevin\Cache
[2011.08.15 15:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011.08.15 15:08:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.14 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Malwarebytes
[2011.08.14 16:41:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.14 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.14 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.14 16:41:41 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.14 16:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.12 19:26:47 | 000,000,000 | RHSD | C] -- C:\Users\kevin\M-1-54-6324-575-5275
[2011.08.11 22:23:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.08.11 22:22:38 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.08.11 22:22:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.08.11 22:22:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.08.11 22:22:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.08.11 22:22:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.08.11 22:22:34 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011.08.11 22:22:34 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2011.08.11 22:22:34 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011.08.11 22:22:33 | 002,432,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011.08.11 22:22:33 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011.08.11 22:22:33 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011.08.11 22:22:33 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011.08.11 22:22:33 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011.08.11 22:22:31 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011.08.11 22:22:30 | 001,822,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011.08.11 22:22:29 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.08.11 22:22:29 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.08.11 22:22:29 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.08.11 22:22:29 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.08.11 22:22:28 | 001,483,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011.08.11 22:22:28 | 001,245,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011.08.11 22:22:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.08.11 22:22:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.08.11 22:22:28 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011.08.11 22:22:26 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011.08.11 22:22:26 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011.08.11 22:22:26 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011.08.11 22:22:26 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011.08.11 22:22:26 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011.08.11 22:22:24 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011.08.11 22:22:24 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011.08.11 22:22:23 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.08.11 22:22:23 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011.08.11 22:22:23 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011.08.11 22:22:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.08.11 22:22:18 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.08.11 22:22:18 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011.08.11 22:22:18 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011.08.11 22:22:17 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011.08.11 22:22:17 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011.08.11 22:22:17 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011.08.11 22:22:17 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011.08.11 22:22:17 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011.08.11 22:22:17 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011.08.11 22:22:17 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011.08.11 22:22:17 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011.08.11 22:22:17 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011.08.11 22:22:17 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011.08.11 22:22:16 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011.08.11 22:22:16 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011.08.11 22:22:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.08.11 11:14:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.11 11:14:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.11 11:14:55 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.08.11 11:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.08.11 11:14:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.08.11 11:14:54 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.08.11 11:14:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.08.11 11:14:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.11 11:14:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.10 22:44:10 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.08.10 22:44:09 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.08.10 22:43:54 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.08.02 13:53:14 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Avira
[2011.07.28 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\TubeBox!
[2011.07.28 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Jens Lorek
[2011.07.28 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.07.28 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2011.07.28 14:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2011.07.28 14:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2011.07.23 16:28:29 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\GTA San Andreas User Files
[2011.07.18 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.07.18 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011.07.18 15:30:33 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2011.07.18 15:30:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2011.07.18 15:30:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2011.07.18 15:30:31 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011.07.18 15:30:31 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2011.07.18 15:30:31 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2011.07.18 15:30:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2011.07.18 15:30:31 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2011.07.18 15:30:30 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011.07.18 15:30:30 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2011.07.18 15:30:30 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2011.07.18 15:30:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2011.07.18 15:30:30 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2011.07.18 15:30:30 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2011.07.18 15:30:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2011.07.18 15:30:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2011.07.18 15:29:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011.07.18 15:29:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011.07.18 15:29:46 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011.07.18 15:29:46 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011.07.18 15:29:46 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.07.18 15:16:34 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011.07.18 15:16:34 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011.07.18 15:16:34 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011.07.18 15:16:34 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2011.07.18 15:16:34 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2011.07.18 15:16:33 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011.07.18 14:19:06 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.07.18 14:19:06 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.07.18 14:19:06 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.07.18 14:18:58 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011.07.18 14:16:58 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.07.18 14:16:58 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.17 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\DVDVideoSoft
[2011.07.17 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.17 20:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.07.17 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\DVDVideoSoft
[2011.07.17 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.07.17 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.07.17 20:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.07.17 20:25:33 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011.07.17 20:25:29 | 003,148,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011.07.17 20:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.07.17 20:25:18 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011.07.17 20:25:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.07.17 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.07.17 20:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Desktop Board
[2011.07.17 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.07.17 20:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.07.17 18:44:08 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\vlc
[2011.07.17 18:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.07.17 18:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.07.17 18:26:56 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.17 18:26:56 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.17 18:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.17 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.07.17 18:24:09 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Local\Adobe
[2011.07.17 18:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.07.17 18:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.07.17 18:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.07.17 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Thunderbird
[2011.07.17 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Local\Thunderbird
[2011.07.17 18:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.07.17 17:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.07.17 17:36:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.07.17 17:33:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.07.17 17:33:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.07.17 17:33:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.07.17 17:33:56 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.07.17 17:33:56 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.07.17 17:33:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.07.17 17:33:56 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.07.17 17:33:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.07.17 17:33:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.07.17 17:33:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.07.17 17:33:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.07.17 17:33:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.07.17 17:33:55 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.07.17 17:33:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.07.17 17:33:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.07.17 17:33:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.07.17 17:33:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.07.17 17:33:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.07.17 17:33:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.07.17 17:33:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.07.17 17:33:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.07.17 17:33:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.07.17 17:33:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.07.17 17:33:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.07.17 17:33:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.07.17 17:33:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011.07.17 17:33:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.07.17 17:33:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.07.17 17:33:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.07.17 17:33:53 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.07.17 17:33:52 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.07.17 17:33:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.07.17 17:33:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.07.17 17:33:52 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.07.17 17:33:52 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.07.17 17:33:52 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011.07.17 17:33:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.07.17 17:33:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.07.17 17:33:52 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.07.17 17:33:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.07.17 17:33:52 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.07.17 17:33:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.07.17 17:33:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.07.17 17:33:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.07.17 17:33:51 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.07.17 17:33:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.07.17 17:33:51 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.07.17 17:33:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.07.17 17:33:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.07.17 17:33:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.07.17 17:33:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.07.17 17:33:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.07.17 17:33:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.07.17 17:33:50 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.07.17 17:33:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.07.17 17:33:49 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.07.17 17:33:49 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.07.17 17:33:49 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.07.17 17:33:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.07.17 17:33:49 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.07.17 17:33:49 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.07.17 17:33:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.07.17 17:33:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.07.17 17:33:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.07.17 17:33:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.07.17 17:32:22 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011.07.17 17:32:22 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011.07.17 17:32:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011.07.17 17:32:21 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.07.17 17:32:21 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.07.17 17:32:21 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011.07.17 17:32:21 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011.07.17 17:32:21 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.07.17 17:32:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011.07.17 17:32:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.07.17 17:32:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.07.17 17:32:21 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011.07.17 17:32:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011.07.17 17:32:20 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011.07.17 17:32:20 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011.07.17 17:32:20 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011.07.17 17:32:20 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011.07.17 17:32:18 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.07.17 17:32:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.07.17 17:32:17 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.07.17 17:32:17 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011.07.17 17:32:17 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.07.17 17:32:17 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.07.17 17:32:16 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011.07.17 17:32:16 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011.07.17 17:32:16 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011.07.17 17:32:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011.07.17 17:32:16 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011.07.17 17:32:16 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.07.17 17:32:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011.07.17 17:32:15 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011.07.17 17:32:15 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011.07.17 17:32:14 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011.07.17 17:32:14 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011.07.17 17:32:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.07.17 17:31:12 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Local\Mozilla
[2011.07.17 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Mozilla
[2011.07.17 17:29:27 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011.07.17 17:29:27 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011.07.17 17:29:27 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011.07.17 17:29:27 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011.07.17 17:29:27 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011.07.17 17:29:27 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2011.07.17 17:29:27 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011.07.17 17:29:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2011.07.17 17:29:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011.07.17 17:29:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011.07.17 17:29:26 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011.07.17 17:29:26 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2011.07.17 17:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.16 16:32:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011.08.16 16:28:15 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 16:28:15 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 16:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 16:28:09 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.15 15:58:26 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.15 15:58:26 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.15 15:58:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.15 15:58:26 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.15 15:58:26 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.14 16:37:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.14 01:51:35 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.08.11 22:22:51 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011.07.30 10:05:12 | 052,390,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt.exe
[2011.07.29 21:09:21 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.29 21:09:21 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.22 07:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.07.22 07:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.07.22 07:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.07.22 07:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.07.22 07:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.07.22 04:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.07.19 14:02:54 | 000,375,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.18 20:53:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.07.17 17:34:11 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011.07.17 17:34:11 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011.07.17 17:34:11 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011.07.17 17:34:11 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011.07.17 17:33:57 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.07.17 17:33:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.07.17 17:33:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.07.17 17:33:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.07.17 17:33:56 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.07.17 17:33:56 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.07.17 17:33:56 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.07.17 17:33:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.07.17 17:33:55 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.07.17 17:33:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.07.17 17:33:55 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.07.17 17:33:55 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.07.17 17:33:55 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.07.17 17:33:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.07.17 17:33:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.07.17 17:33:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.07.17 17:33:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.07.17 17:33:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.07.17 17:33:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.07.17 17:33:55 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.07.17 17:33:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.07.17 17:33:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.07.17 17:33:54 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.07.17 17:33:54 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.07.17 17:33:54 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.07.17 17:33:54 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.07.17 17:33:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011.07.17 17:33:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.07.17 17:33:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.07.17 17:33:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.07.17 17:33:53 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.07.17 17:33:52 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.07.17 17:33:52 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.07.17 17:33:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.07.17 17:33:52 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.07.17 17:33:52 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.07.17 17:33:52 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011.07.17 17:33:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.07.17 17:33:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.07.17 17:33:52 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.07.17 17:33:52 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.07.17 17:33:52 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.07.17 17:33:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.07.17 17:33:52 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.07.17 17:33:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.07.17 17:33:51 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.07.17 17:33:51 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.07.17 17:33:51 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.07.17 17:33:51 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.07.17 17:33:51 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.07.17 17:33:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.07.17 17:33:50 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.07.17 17:33:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.07.17 17:33:50 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.07.17 17:33:50 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.07.17 17:33:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.07.17 17:33:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.07.17 17:33:49 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.07.17 17:33:49 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.07.17 17:33:49 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.07.17 17:33:49 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.07.17 17:33:49 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.07.17 17:33:49 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.07.17 17:33:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.07.17 17:33:49 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.07.17 17:33:49 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.07.17 17:33:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.07.17 17:32:22 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011.07.17 17:32:22 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011.07.17 17:32:22 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011.07.17 17:32:22 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011.07.17 17:32:21 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.07.17 17:32:21 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.07.17 17:32:21 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011.07.17 17:32:21 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.07.17 17:32:21 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011.07.17 17:32:21 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.07.17 17:32:21 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.07.17 17:32:21 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011.07.17 17:32:21 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011.07.17 17:32:20 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011.07.17 17:32:20 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011.07.17 17:32:20 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011.07.17 17:32:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011.07.17 17:32:18 | 000,834,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.07.17 17:32:18 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.07.17 17:32:17 | 002,002,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.07.17 17:32:17 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011.07.17 17:32:17 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.07.17 17:32:17 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.07.17 17:32:16 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011.07.17 17:32:16 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011.07.17 17:32:16 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011.07.17 17:32:16 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011.07.17 17:32:16 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011.07.17 17:32:16 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.07.17 17:32:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011.07.17 17:32:15 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011.07.17 17:32:15 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011.07.17 17:32:15 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011.07.17 17:32:14 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011.07.17 17:32:14 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.07.17 17:31:18 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.07.17 17:29:29 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\dxgkrnl.sys.mui
[2011.07.17 17:29:27 | 001,209,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011.07.17 17:29:27 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011.07.17 17:29:27 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011.07.17 17:29:27 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011.07.17 17:29:27 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011.07.17 17:29:27 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2011.07.17 17:29:27 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011.07.17 17:29:27 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2011.07.17 17:29:27 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011.07.17 17:29:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011.07.17 17:29:26 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011.07.17 17:29:26 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
 
========== Files Created - No Company Name ==========
 
[2011.07.18 20:53:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.07.17 18:11:45 | 000,002,475 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.07.17 17:33:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.07.17 17:33:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.07.17 17:31:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.17 14:25:24 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.17 13:42:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.07.17 13:41:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.07.17 13:40:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.07.17 11:28:16 | 000,006,144 | ---- | C] () -- C:\Users\kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 00:49:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.07.16 21:20:21 | 000,000,732 | ---- | C] () -- C:\Users\kevin\AppData\Local\d3d9caps64.dat
[2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

Kevin- · 16.08.2011, 16:14

hier die vom Extras.TxT.

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.08.2011 16:46:34 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\kevin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free
4,24 Gb Paging File | 2,88 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,13 Gb Total Space | 113,86 Gb Free Space | 49,91% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 206,03 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 9A ED 76 5F 84 44 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1992697141-1985047388-3417664648-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB4FB8C8-9789-43BA-B62B-BA829FC443F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122D3B7-4EEA-42C3-963F-37A2BF75A6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{09D74EF1-EFCB-465E-B7A6-F1218351EE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0F43445C-56EA-4854-8CAE-6DAD9D29B4BD}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{35DC25BA-83B6-4DD3-A47D-C525F0A41043}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{54999EFA-33AA-4DC7-8673-F7C7F1203A20}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{757F455E-40D8-4E90-8D05-371473ED7015}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7DDD1156-8217-42F3-8A64-3A33886F83E5}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{9A2A7F25-AEBD-400B-8539-8CD3FB5CCC83}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{AD365667-B81F-4C7E-BD09-3DF2AD85E269}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"{EA155694-11C7-490D-AB86-BCC69DD0BAED}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"TCP Query User{51367CF4-86B4-4DBF-BF52-002AF1E20A97}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CFCF125D-8361-4FDF-973F-69E2FC0EEBE3}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{8B79BAB6-2859-4090-B531-041A21A85228}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{C21E6EDB-3666-4E2F-8406-BE4E08CA0B54}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 11:38:45 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:45 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:46 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:46 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 10:29:52 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 10:47:53 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:07 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:08 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
[ System Events ]
Error - 17.07.2011 07:27:46 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 17.07.2011 07:30:13 | Computer Name = kevin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.07.2011 08:37:40 | Computer Name = kevin-PC | Source = Microsoft Antimalware | ID = 3002
Description = 
 
Error - 17.07.2011 08:44:20 | Computer Name = kevin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.07.2011 08:45:13 | Computer Name = kevin-PC | Source = Microsoft Antimalware | ID = 3002
Description = 
 
Error - 17.07.2011 09:20:47 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2011 12:27:21 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7006
Description = 
 
 
< End of report >

--- --- ---

Kevin- · 16.08.2011, 16:17

hier die vom Extras.TxT.

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.08.2011 16:46:34 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\kevin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,12% Memory free
4,24 Gb Paging File | 2,88 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,13 Gb Total Space | 113,86 Gb Free Space | 49,91% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 206,03 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 9A ED 76 5F 84 44 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1992697141-1985047388-3417664648-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB4FB8C8-9789-43BA-B62B-BA829FC443F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122D3B7-4EEA-42C3-963F-37A2BF75A6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{09D74EF1-EFCB-465E-B7A6-F1218351EE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0F43445C-56EA-4854-8CAE-6DAD9D29B4BD}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{35DC25BA-83B6-4DD3-A47D-C525F0A41043}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{54999EFA-33AA-4DC7-8673-F7C7F1203A20}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{757F455E-40D8-4E90-8D05-371473ED7015}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7DDD1156-8217-42F3-8A64-3A33886F83E5}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{9A2A7F25-AEBD-400B-8539-8CD3FB5CCC83}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{AD365667-B81F-4C7E-BD09-3DF2AD85E269}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"{EA155694-11C7-490D-AB86-BCC69DD0BAED}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"TCP Query User{51367CF4-86B4-4DBF-BF52-002AF1E20A97}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CFCF125D-8361-4FDF-973F-69E2FC0EEBE3}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{8B79BAB6-2859-4090-B531-041A21A85228}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{C21E6EDB-3666-4E2F-8406-BE4E08CA0B54}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 11:38:45 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:45 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:46 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:46 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 10:29:52 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 10:47:53 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:07 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:08 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
[ System Events ]
Error - 17.07.2011 07:27:46 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 17.07.2011 07:30:13 | Computer Name = kevin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.07.2011 08:37:40 | Computer Name = kevin-PC | Source = Microsoft Antimalware | ID = 3002
Description = 
 
Error - 17.07.2011 08:44:20 | Computer Name = kevin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.07.2011 08:45:13 | Computer Name = kevin-PC | Source = Microsoft Antimalware | ID = 3002
Description = 
 
Error - 17.07.2011 09:20:47 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2011 12:27:21 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7006
Description = 
 
 
< End of report >

--- --- ---
[/CODE]

kira · 16.08.2011, 16:47

Punkt 3. fehlt nocht!:-> http://www.trojaner-board.de/102584-...tml#post693637

ausserdem:

** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

Kevin- · 16.08.2011, 19:50

ok ich hab das mit CCleaner jetzt gemacht, hier sind meine programme: ->

Zitat:

7-Zip 9.20 (x64 edition) Igor Pavlov 16.07.2011 4,53MB 9.20.00.0
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.07.2011 10.3.181.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.08.2011 10.3.183.5
Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 16.07.2011 118,5MB 10.1.0
Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 124,5MB 10.2.0.700
AVM FRITZ!WLAN AVM Berlin 15.07.2011
CCleaner Piriform 15.08.2011 8,17MB 3.09
Free YouTube Download 3 version 3.0.11.727 DVDVideoSoft Limited. 01.08.2011 4,58MB
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 13.08.2011 6,73MB 1.51.1.1800
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.07.2011 42,1MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 16.07.2011 42,1MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.07.2011 189,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.07.2011 46,5MB 4.0.30319
Microsoft Office Enterprise 2007 Microsoft Corporation 17.07.2011 615MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 16.07.2011 20,4MB 4.0.60531.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.07.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2011 0,58MB 9.0.30729.6161
Mozilla Firefox 5.0 (x86 de) Mozilla 16.07.2011 31,3MB 5.0
Mozilla Thunderbird (5.0) Mozilla 16.07.2011 32,4MB 5.0 (de)
NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 16.07.2011 242MB 275.33
NVIDIA Update 1.3.5 NVIDIA Corporation 16.07.2011 6,37MB 1.3.5
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10.08.2011 33,7MB 6.0.1.6410
SweetIM for Messenger 3.5 SweetIM Technologies Ltd. 27.07.2011 4,67MB 3.5.0008
SweetIM Toolbar for Internet Explorer 4.1 SweetIM Technologies Ltd. 27.07.2011 4,32MB 4.1.0003
System Requirements Lab 16.07.2011 1,50MB
System Requirements Lab for Intel Husdawg, LLC 15.07.2011 0,74MB 4.4.24.0
TubeBox! Jens Lorek 05.08.2011 13,1MB 3.4.6
VLC media player 1.1.11 VideoLAN 16.07.2011 82,3MB 1.1.11

den systemscan werde ich morgen erst machen.
schon mal vielen herzlichen dank für deine bemühungen.

kira · 16.08.2011, 19:57

kannst gleich deinstallieren - Magnet für Malware!:

Zitat:

SweetIM for Messenger
SweetIM Toolbar for Internet Explorer

dann weiter wie gehabt

Kevin- · 16.08.2011, 21:36

ich hab des sweetside bar zeugs deinstaliert und nen komplett scan gemacht:->

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7478

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

16.08.2011 22:33:43
mbam-log-2011-08-16 (22-33-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 441974
Laufzeit: 1 Stunde(n), 11 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\kevin\AppData\Local\Temp\7684057.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\8680332.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Local\Temp\9897617.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kevin\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

kira · 17.08.2011, 04:54

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Kevin- · 17.08.2011, 20:29

hier der OTL text. :->OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.08.2011 21:20:41 - Run 2
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\kevin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,20% Memory free
4,24 Gb Paging File | 3,06 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,13 Gb Total Space | 112,31 Gb Free Space | 49,23% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 206,03 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.16 16:32:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
PRC - [2011.07.29 21:09:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.16 06:33:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.16 06:33:46 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.29 21:09:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.29 21:09:21 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.29 21:09:21 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.06.23 09:21:34 | 000,318,568 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009.12.18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.17 17:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.17 18:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.07.17 17:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions
[2011.08.07 12:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\Profiles\b4ygyiky.default\extensions
[2011.07.17 20:39:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\Profiles\b4ygyiky.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.28 14:08:06 | 000,003,915 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\b4ygyiky.default\searchplugins\sweetim.xml
[2011.07.17 17:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B4YGYIKY.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2011.07.17 13:17:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 06:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ee2ff9e8-afdf-11e0-82be-00192141003c}\Shell - "" = AutoRun
O33 - MountPoints2\{ee2ff9e8-afdf-11e0-82be-00192141003c}\Shell\AutoRun\command - "" = L:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.16 21:07:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.16 20:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.16 20:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.16 16:32:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011.08.15 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\kevin\Desktop\hjtscanlist
[2011.08.15 15:14:23 | 000,000,000 | -HSD | C] -- C:\Users\kevin\Cache
[2011.08.15 15:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011.08.15 15:08:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.14 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Malwarebytes
[2011.08.14 16:41:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.14 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.14 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.14 16:41:41 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.14 16:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.12 19:26:47 | 000,000,000 | RHSD | C] -- C:\Users\kevin\M-1-54-6324-575-5275
[2011.08.11 22:23:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.08.11 22:22:38 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.08.11 22:22:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.08.11 22:22:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.08.11 22:22:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.08.11 22:22:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.08.11 22:22:34 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011.08.11 22:22:34 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2011.08.11 22:22:34 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011.08.11 22:22:33 | 002,432,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011.08.11 22:22:33 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011.08.11 22:22:33 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011.08.11 22:22:33 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011.08.11 22:22:33 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011.08.11 22:22:31 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011.08.11 22:22:30 | 001,822,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011.08.11 22:22:29 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.08.11 22:22:29 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.08.11 22:22:29 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.08.11 22:22:29 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.08.11 22:22:28 | 001,483,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011.08.11 22:22:28 | 001,245,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011.08.11 22:22:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.08.11 22:22:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.08.11 22:22:28 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011.08.11 22:22:26 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011.08.11 22:22:26 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011.08.11 22:22:26 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011.08.11 22:22:26 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011.08.11 22:22:26 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011.08.11 22:22:24 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011.08.11 22:22:24 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011.08.11 22:22:23 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.08.11 22:22:23 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011.08.11 22:22:23 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011.08.11 22:22:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.08.11 22:22:18 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.08.11 22:22:18 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011.08.11 22:22:18 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011.08.11 22:22:17 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011.08.11 22:22:17 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011.08.11 22:22:17 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011.08.11 22:22:17 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011.08.11 22:22:17 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011.08.11 22:22:17 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011.08.11 22:22:17 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011.08.11 22:22:17 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011.08.11 22:22:17 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011.08.11 22:22:17 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011.08.11 22:22:16 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011.08.11 22:22:16 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011.08.11 22:22:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.08.11 11:14:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.11 11:14:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.11 11:14:55 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.08.11 11:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.08.11 11:14:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.08.11 11:14:54 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.08.11 11:14:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.08.11 11:14:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.11 11:14:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.10 22:44:10 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.08.10 22:44:09 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.08.10 22:43:54 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.08.02 13:53:14 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Avira
[2011.07.28 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\TubeBox!
[2011.07.28 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Jens Lorek
[2011.07.28 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.07.28 15:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2011.07.23 16:28:29 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\GTA San Andreas User Files
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 20:31:04 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 20:31:04 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 20:30:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.17 20:30:56 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.16 16:32:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011.08.15 15:58:26 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.15 15:58:26 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.15 15:58:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.15 15:58:26 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.15 15:58:26 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.14 16:37:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.14 01:51:35 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.08.11 22:22:51 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011.07.30 10:05:12 | 052,390,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt.exe
[2011.07.29 21:09:21 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.29 21:09:21 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.22 07:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.07.22 07:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.07.22 07:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.07.22 07:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.07.22 07:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.07.22 04:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.07.19 14:02:54 | 000,375,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.07.17 17:31:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.17 14:25:24 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.17 13:42:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.07.17 13:41:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.07.17 13:40:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.07.17 11:28:16 | 000,006,144 | ---- | C] () -- C:\Users\kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.17 00:49:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.07.16 21:20:21 | 000,000,732 | ---- | C] () -- C:\Users\kevin\AppData\Local\d3d9caps64.dat
[2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.08.02 11:29:11 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\DVDVideoSoft
[2011.08.02 13:27:52 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.28 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Jens Lorek
[2011.07.17 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Thunderbird
[2011.08.17 18:18:16 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Kevin- · 17.08.2011, 20:30

extra txt. ->

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.08.2011 21:20:41 - Run 2
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\kevin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,20% Memory free
4,24 Gb Paging File | 3,06 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,13 Gb Total Space | 112,31 Gb Free Space | 49,23% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 206,03 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 9A ED 76 5F 84 44 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1992697141-1985047388-3417664648-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB4FB8C8-9789-43BA-B62B-BA829FC443F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122D3B7-4EEA-42C3-963F-37A2BF75A6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{09D74EF1-EFCB-465E-B7A6-F1218351EE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0F43445C-56EA-4854-8CAE-6DAD9D29B4BD}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{35DC25BA-83B6-4DD3-A47D-C525F0A41043}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{54999EFA-33AA-4DC7-8673-F7C7F1203A20}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup(1).exe | 
"{757F455E-40D8-4E90-8D05-371473ED7015}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7DDD1156-8217-42F3-8A64-3A33886F83E5}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{9A2A7F25-AEBD-400B-8539-8CD3FB5CCC83}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{AD365667-B81F-4C7E-BD09-3DF2AD85E269}" = protocol=6 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"{EA155694-11C7-490D-AB86-BCC69DD0BAED}" = protocol=17 | dir=in | app=c:\users\kevin\downloads\sweetimsetup.exe | 
"TCP Query User{51367CF4-86B4-4DBF-BF52-002AF1E20A97}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CFCF125D-8361-4FDF-973F-69E2FC0EEBE3}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{8B79BAB6-2859-4090-B531-041A21A85228}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{C21E6EDB-3666-4E2F-8406-BE4E08CA0B54}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 11:38:46 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2011 11:38:47 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2011 10:29:52 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 10:47:53 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:07 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 10:48:08 | Computer Name = kevin-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.08.2011 14:29:13 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2011 11:14:35 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2011 14:32:36 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.07.2011 12:11:17 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2011 12:27:21 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 17.07.2011 14:32:38 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:32:39 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:32:39 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:32:39 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:46:07 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:46:07 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:46:07 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 17.07.2011 14:46:07 | Computer Name = kevin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
 
< End of report >