Trotz AntiVir de-Installation noch Werbung beim Hochfahren

Ephoras · 23.11.2010, 13:04

Hiho,
Ich habe wegen einiger probleme (Guard nicht Aktiv beim systemstart, nervige werbung etc.) mein Avira AntiVir deinstalliert, und nach einem neustart etc. Die Neuste Version der Avast InsternetSuite installiert.

Avast läuft tadelslos, wie ich es schon seit längerem auf anderen Pcs gewohnt bin.

Jedoch zeigt mir AntiVir immer noch seine berühmten Werbe-Fenster an, wenn ich den Pc hoch fahre.

Laut CCleaner ist Avira deinstalliert/ es taucht nicht in der liste der installierten programme auf
Viren habe ich zumindest mit Avast keine gefunden.
Spybot S&D zeigt mir auch nichts an

Der Log von MBAM:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5175

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.11.2010 12:50:26
mbam-log-2010-11-23 (12-50-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138555
Laufzeit: 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

sieht harmlos aus.

otl.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.11.2010 12:56:09 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 20,18 Gb Free Space | 3,38% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 550,00 Gb Total Space | 149,72 Gb Free Space | 27,22% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-WIN7 | User Name: tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.23 12:41:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.11.01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\tobias\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.10.27 13:23:14 | 001,492,944 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.10.16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.10.01 06:36:16 | 000,196,608 | ---- | M] (Team MediaPortal) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.09.07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\afwServ.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.23 12:41:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.09.07 17:14:19 | 000,152,160 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxPlugins.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.09.07 17:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.10.01 06:36:16 | 000,196,608 | ---- | M] (Team MediaPortal) [Auto | Running] -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe -- (TVService)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.10.27 13:23:14 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.09.07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.09.07 16:24:46 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.05.07 07:34:50 | 000,721,408 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010.05.07 07:34:48 | 000,653,824 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.08.23 12:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.11.06 23:41:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.17 16:06:27 | 000,000,000 | ---D | M]
 
[2010.10.27 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\mozilla\Extensions
[2010.10.27 21:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2010.11.14 20:24:10 | 000,425,491 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14657 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Digsby Donates) - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files (x86)\Digsby Donates\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\tobias\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.23 12:46:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.23 12:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.11.23 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.17 17:28:11 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Academic Software Zurich
[2010.11.17 15:39:57 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\OpenOffice.org
[2010.11.17 15:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.11.17 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.11.17 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\tobias\Desktop\OpenOffice.org 3.2 (de) Installation Files
[2010.11.17 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\assembly
[2010.11.17 15:07:23 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Citavi
[2010.11.17 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Foxit Software
[2010.11.17 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Foxit
[2010.11.17 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010.11.16 17:20:04 | 000,000,000 | ---D | C] -- C:\Users\tobias\.freeplane
[2010.11.16 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeplane
[2010.11.16 17:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citavi
[2010.11.14 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\foobar2000
[2010.11.14 23:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010.11.14 20:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.14 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.12 10:10:56 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Malwarebytes
[2010.11.12 10:10:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.12 10:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.12 10:10:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.12 10:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.12 09:42:19 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.11.12 09:42:19 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.11.12 09:42:15 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010.11.12 09:42:13 | 000,125,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2010.11.12 09:42:01 | 000,250,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010.11.12 09:42:00 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.11.12 09:41:57 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.11.12 09:41:55 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.11.12 09:41:45 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.11.12 09:41:45 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.11.12 09:41:45 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2010.11.10 10:52:11 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.11.10 10:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.11.10 10:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.11.09 16:09:25 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\The KMPlayer
[2010.11.09 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010.11.06 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Avira
[2010.11.06 11:15:29 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.06 11:15:29 | 000,081,584 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.06 11:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.06 10:55:02 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\TokenW-ICO
[2010.11.06 10:55:02 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Games
[2010.11.05 18:52:47 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\gtk-2.0
[2010.11.05 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Token White
[2010.11.05 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Token Black
[2010.11.05 08:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2010.11.04 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.11.04 22:42:41 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\DivX
[2010.11.04 22:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.11.04 22:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.11.04 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\tobias\.thumbnails
[2010.11.04 11:07:43 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\gegl-0.0
[2010.11.04 11:07:43 | 000,000,000 | ---D | C] -- C:\Users\tobias\.gimp-2.6
[2010.11.04 11:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010.11.04 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Rainmeter
[2010.11.03 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\ElevatedDiagnostics
[2010.11.02 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Amazon
[2010.11.02 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010.10.28 10:30:38 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Adobe
[2010.10.28 10:22:01 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\My Playlists
[2010.10.28 10:05:05 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\LolClient
[2010.10.28 09:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2010.10.28 09:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.10.28 09:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.28 09:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.10.28 09:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Team MediaPortal
[2010.10.28 09:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team MediaPortal
[2010.10.28 09:41:28 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2010.10.28 09:36:12 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010.10.28 09:14:11 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010.10.28 09:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.10.28 09:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTV Systems
[2010.10.28 09:07:45 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Downloaded Installations
[2010.10.28 08:52:16 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\PMB Files
[2010.10.28 08:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.10.28 08:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010.10.28 08:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.28 08:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.10.28 08:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.10.28 08:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.10.28 08:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.10.28 08:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.10.28 08:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.10.28 08:24:21 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.10.28 08:24:21 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.10.28 08:24:02 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.10.28 08:23:40 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.10.28 08:15:55 | 000,000,000 | ---D | C] -- C:\Users\tobias\Documents\Digsby Logs
[2010.10.28 08:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2010.10.28 08:08:54 | 000,056,320 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2010.10.28 08:02:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.10.28 08:02:33 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.10.28 08:02:15 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.10.28 08:02:15 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.10.28 08:02:15 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.10.28 08:02:15 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.10.28 08:02:14 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.10.28 08:02:14 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.10.28 08:02:14 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.10.28 08:02:13 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.10.28 08:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010.10.28 08:02:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.10.28 08:02:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010.10.28 08:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.10.28 08:00:19 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010.10.28 08:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010.10.28 08:00:07 | 000,000,000 | ---D | C] -- C:\Intel
[2010.10.28 07:59:18 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.10.28 07:51:43 | 000,000,000 | R--D | C] -- C:\Users\tobias\Documents\My Dropbox
[2010.10.28 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Dropbox
[2010.10.27 21:31:04 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Mozilla
[2010.10.27 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Thunderbird
[2010.10.27 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Thunderbird
[2010.10.27 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010.10.27 16:30:05 | 000,000,000 | ---D | C] -- C:\PFiles
[2010.10.27 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\skypePM
[2010.10.27 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Digsby
[2010.10.27 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Digsby
[2010.10.27 14:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2010.10.27 14:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby Donates
[2010.10.27 14:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.10.27 14:37:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.10.27 14:37:03 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Skype
[2010.10.27 14:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.10.27 14:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby
[2010.10.27 14:02:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.10.27 13:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.10.27 13:23:27 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\TrueCrypt
[2010.10.27 13:23:14 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2010.10.27 13:22:53 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt
[2010.10.27 13:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.27 13:19:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.10.27 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Macromedia
[2010.10.27 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Adobe
[2010.10.27 13:15:35 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Google
[2010.10.27 13:14:15 | 000,000,000 | R--D | C] -- C:\Users\tobias\Searches
[2010.10.27 13:14:05 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Identities
[2010.10.27 13:14:03 | 000,000,000 | R--D | C] -- C:\Users\tobias\Contacts
[2010.10.27 13:14:02 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\VirtualStore
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Vorlagen
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\AppData\Local\Verlauf
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\AppData\Local\Temporary Internet Files
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Startmenü
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\SendTo
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Recent
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Netzwerkumgebung
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Lokale Einstellungen
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Documents\Eigene Videos
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Documents\Eigene Musik
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Eigene Dateien
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Documents\Eigene Bilder
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Druckumgebung
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Cookies
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\AppData\Local\Anwendungsdaten
[2010.10.27 13:13:54 | 000,000,000 | -HSD | C] -- C:\Users\tobias\Anwendungsdaten
[2010.10.27 13:13:53 | 000,000,000 | --SD | C] -- C:\Users\tobias\AppData\Roaming\Microsoft
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Videos
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Saved Games
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Pictures
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Music
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Links
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Favorites
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Downloads
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Documents
[2010.10.27 13:13:53 | 000,000,000 | R--D | C] -- C:\Users\tobias\Desktop
[2010.10.27 13:13:53 | 000,000,000 | -H-D | C] -- C:\Users\tobias\AppData
[2010.10.27 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Temp
[2010.10.27 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Local\Microsoft
[2010.10.27 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\tobias\AppData\Roaming\Media Center Programs
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.10.27 13:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.10.27 13:06:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.10.27 13:03:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.10.27 13:03:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.23 12:46:14 | 000,000,924 | ---- | M] () -- C:\Users\tobias\Desktop\NTREGOPT.lnk
[2010.11.23 12:46:14 | 000,000,905 | ---- | M] () -- C:\Users\tobias\Desktop\ERUNT.lnk
[2010.11.23 12:40:43 | 000,471,560 | ---- | M] () -- C:\Users\tobias\Desktop\Load.exe
[2010.11.23 12:31:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 12:31:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 12:30:51 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.23 12:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.23 12:25:47 | 1609,863,168 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.23 09:26:02 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-870098056-1383278041-1618102311-1000UA.job
[2010.11.20 07:15:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.20 07:15:17 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.20 07:15:17 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.20 07:15:17 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.20 07:15:17 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.19 16:30:03 | 000,057,434 | ---- | M] () -- C:\Users\tobias\.recently-used.xbel
[2010.11.19 14:26:03 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-870098056-1383278041-1618102311-1000Core.job
[2010.11.19 13:54:25 | 000,167,661 | ---- | M] () -- C:\Users\tobias\Documents\zuroma.xps
[2010.11.19 13:53:59 | 000,165,243 | ---- | M] () -- C:\Users\tobias\Documents\nachfüssen.xps
[2010.11.18 08:43:41 | 000,293,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.17 16:06:27 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.17 15:23:47 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.17 15:05:40 | 000,000,201 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2010.11.17 15:05:33 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.16 17:19:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Freeplane.lnk
[2010.11.16 17:19:29 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Citavi.lnk
[2010.11.16 15:59:40 | 000,420,588 | ---- | M] () -- C:\Users\tobias\Desktop\kommunikatinsw.referat.odp
[2010.11.14 23:55:54 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010.11.14 23:25:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\lastfm_mode_enabled
[2010.11.14 20:24:10 | 000,425,491 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.11.14 20:20:36 | 000,001,258 | ---- | M] () -- C:\Users\tobias\Desktop\Spybot - Search & Destroy.lnk
[2010.11.12 10:10:35 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.12 09:42:20 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010.11.12 09:41:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.11.12 09:36:16 | 000,001,710 | ---- | M] () -- C:\Users\tobias\Documents\License.avastlic
[2010.11.12 09:35:13 | 000,026,162 | ---- | M] () -- C:\Users\tobias\Documents\INV_353919035_26451_201011120857.pdf
[2010.11.10 11:14:27 | 000,006,493 | ---- | M] () -- C:\Users\tobias\Documents\billing_353919035_4cda70839aa2c.pdf
[2010.11.09 16:09:24 | 000,000,963 | ---- | M] () -- C:\Users\tobias\Desktop\KMPlayer.lnk
[2010.11.07 16:32:10 | 000,002,405 | ---- | M] () -- C:\Users\tobias\Desktop\Google Chrome.lnk
[2010.11.06 23:38:04 | 000,000,981 | ---- | M] () -- C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
[2010.11.06 11:15:38 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.11.06 10:51:50 | 000,000,963 | ---- | M] () -- C:\Users\tobias\Desktop\RocketDock.lnk
[2010.11.05 18:50:27 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.10.28 09:45:25 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\TV-Server Configuration.lnk
[2010.10.28 09:42:26 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2010.10.28 09:42:26 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2010.10.28 09:42:26 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2010.10.28 09:37:40 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2010.10.28 08:52:21 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.10.28 08:01:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010.10.28 07:57:53 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010.10.28 07:51:43 | 000,001,043 | ---- | M] () -- C:\Users\tobias\Desktop\Dropbox.lnk
[2010.10.28 07:51:43 | 000,001,023 | ---- | M] () -- C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.10.27 21:30:50 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.10.27 16:33:04 | 2147,483,511 | ---- | M] () -- C:\Users\tobias\Container
[2010.10.27 15:12:29 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.10.27 14:42:42 | 000,001,083 | ---- | M] () -- C:\Users\tobias\Desktop\Digsby.lnk
[2010.10.27 14:38:00 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.10.27 13:23:18 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.27 13:23:14 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2010.10.27 13:07:55 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.10.27 13:07:55 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.10.27 13:05:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.23 12:46:14 | 000,000,924 | ---- | C] () -- C:\Users\tobias\Desktop\NTREGOPT.lnk
[2010.11.23 12:46:14 | 000,000,905 | ---- | C] () -- C:\Users\tobias\Desktop\ERUNT.lnk
[2010.11.23 12:40:47 | 000,471,560 | ---- | C] () -- C:\Users\tobias\Desktop\Load.exe
[2010.11.23 12:30:51 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.19 16:30:03 | 000,057,434 | ---- | C] () -- C:\Users\tobias\.recently-used.xbel
[2010.11.19 13:54:25 | 000,167,661 | ---- | C] () -- C:\Users\tobias\Documents\zuroma.xps
[2010.11.19 13:53:57 | 000,165,243 | ---- | C] () -- C:\Users\tobias\Documents\nachfüssen.xps
[2010.11.17 15:23:47 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.11.17 15:05:40 | 000,000,201 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2010.11.17 15:05:33 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.11.16 17:19:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Freeplane.lnk
[2010.11.16 17:19:29 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\Citavi.lnk
[2010.11.16 15:59:51 | 000,420,588 | ---- | C] () -- C:\Users\tobias\Desktop\kommunikatinsw.referat.odp
[2010.11.14 23:35:18 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010.11.14 23:22:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\lastfm_mode_enabled
[2010.11.14 20:20:36 | 000,001,258 | ---- | C] () -- C:\Users\tobias\Desktop\Spybot - Search & Destroy.lnk
[2010.11.12 10:10:35 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.12 09:42:20 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010.11.12 09:36:16 | 000,001,710 | ---- | C] () -- C:\Users\tobias\Documents\License.avastlic
[2010.11.12 09:35:13 | 000,026,162 | ---- | C] () -- C:\Users\tobias\Documents\INV_353919035_26451_201011120857.pdf
[2010.11.10 11:14:31 | 000,006,493 | ---- | C] () -- C:\Users\tobias\Documents\billing_353919035_4cda70839aa2c.pdf
[2010.11.10 10:59:46 | 000,003,639 | ---- | C] () -- C:\Users\tobias\Documents\AIS(3rd-MAR-2011).avastlic
[2010.11.10 10:52:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.11.09 16:06:04 | 000,000,963 | ---- | C] () -- C:\Users\tobias\Desktop\KMPlayer.lnk
[2010.11.06 23:38:04 | 000,000,981 | ---- | C] () -- C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
[2010.11.06 11:15:38 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.11.06 10:51:50 | 000,000,963 | ---- | C] () -- C:\Users\tobias\Desktop\RocketDock.lnk
[2010.11.05 18:50:27 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.10.28 09:45:25 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\TV-Server Configuration.lnk
[2010.10.28 09:42:56 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.28 09:42:26 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2010.10.28 09:42:26 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2010.10.28 09:42:26 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2010.10.28 09:37:40 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2010.10.28 08:52:21 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.10.28 08:24:21 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.10.28 08:09:16 | 000,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2010.10.28 07:58:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.28 07:51:43 | 000,001,043 | ---- | C] () -- C:\Users\tobias\Desktop\Dropbox.lnk
[2010.10.28 07:51:43 | 000,001,023 | ---- | C] () -- C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.10.27 21:30:50 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.10.27 15:12:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.27 14:42:42 | 000,001,083 | ---- | C] () -- C:\Users\tobias\Desktop\Digsby.lnk
[2010.10.27 14:38:00 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.10.27 13:41:47 | 2147,483,511 | ---- | C] () -- C:\Users\tobias\Container
[2010.10.27 13:23:18 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.27 13:17:32 | 000,002,405 | ---- | C] () -- C:\Users\tobias\Desktop\Google Chrome.lnk
[2010.10.27 13:16:52 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-870098056-1383278041-1618102311-1000UA.job
[2010.10.27 13:16:51 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-870098056-1383278041-1618102311-1000Core.job
[2010.10.27 13:05:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.10.27 13:03:38 | 1609,863,168 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.04 07:23:40 | 000,026,355 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp57D5.jpg
[2010.10.04 07:23:10 | 000,029,504 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp57F6.jpg
[2010.10.04 07:22:50 | 000,024,919 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp57E5.jpg
[2010.10.04 07:22:22 | 000,028,305 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5807.jpg
[2010.10.03 11:49:18 | 000,011,057 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5869.jpg
[2010.10.03 11:49:08 | 000,016,965 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5859.jpg
[2010.10.03 11:29:22 | 000,022,777 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5848.jpg
[2010.10.03 11:27:28 | 000,029,169 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5837.jpg
[2010.10.03 11:25:40 | 000,021,000 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp5817.jpg
[2010.09.22 20:38:30 | 000,005,818 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp3AC9.png
[2010.04.14 15:20:48 | 000,030,673 | ---- | C] () -- C:\Users\tobias\AppData\Local\Temptmp57C4.png
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.11.17 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Academic Software Zurich
[2010.11.02 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Amazon
[2010.11.23 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Dropbox
[2010.11.23 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\foobar2000
[2010.11.17 15:05:38 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Foxit
[2010.11.17 15:05:38 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Foxit Software
[2010.11.19 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\gtk-2.0
[2010.10.28 10:05:05 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\LolClient
[2010.11.17 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\OpenOffice.org
[2010.10.27 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\Thunderbird
[2010.10.28 07:52:59 | 000,000,000 | ---D | M] -- C:\Users\tobias\AppData\Roaming\TrueCrypt
[2009.07.14 06:08:49 | 000,012,726 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.11.23 12:25:47 | 1609,863,168 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.23 12:25:51 | 2146,484,224 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.02.03 11:11:44 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=AAFAA48B5F285696047677B42A8DA821 -- C:\Windows\Resources\Themes\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

--- --- ---

Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.11.2010 12:56:09 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 20,18 Gb Free Space | 3,38% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 550,00 Gb Total Space | 149,72 Gb Free Space | 27,22% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-WIN7 | User Name: tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\tobias\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{642AB043-7802-41AD-9A4F-E4A06076C8F5}" = PCTV Package - Windows Media Center
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast5" = avast! Internet Security
"Citavi" = Citavi 2.5
"Digsby" = Digsby
"Digsby Donates" = Digsby Donates
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v1.1.1
"Foxit Reader" = Foxit Reader
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaPortal" = MediaPortal
"MediaPortal TV Server" = MediaPortal TV Server / Client
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2010 02:07:42 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 21.11.2010 14:32:44 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 21.11.2010 15:16:23 | Computer Name = tobias-Win7 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.11.2010 02:15:45 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 22.11.2010 10:01:46 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 22.11.2010 12:40:18 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 22.11.2010 16:10:12 | Computer Name = tobias-Win7 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.11.2010 03:52:15 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 23.11.2010 07:26:10 | Computer Name = tobias-Win7 | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
 
Error - 23.11.2010 07:43:01 | Computer Name = tobias-Win7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winlogon.exe, Version: 6.1.7600.16447,
Zeitstempel: 0x4ae7b522 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be02b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001adaa
ID
des fehlerhaften Prozesses: 0x24c Startzeit der fehlerhaften Anwendung: 0x01cb8b012fd6d731
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\winlogon.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d3011a65-f6f6-11df-9d98-00158316bed2
 
[ System Events ]
Error - 19.11.2010 22:38:07 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
Error - 20.11.2010 02:13:57 | Computer Name = tobias-Win7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.11.2010 02:13:58 | Computer Name = tobias-Win7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.11.2010 02:13:58 | Computer Name = tobias-Win7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.11.2010 02:13:59 | Computer Name = tobias-Win7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.11.2010 17:53:43 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
Error - 22.11.2010 03:05:05 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
Error - 22.11.2010 10:03:47 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
Error - 22.11.2010 20:30:54 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
Error - 23.11.2010 04:30:47 | Computer Name = tobias-Win7 | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
 
 
< End of report >

--- --- ---

Hoffe einer von euch wird daraus schlau.
grüße

cosinus · 23.11.2010, 19:46

Hallo,

da muss bei der Deinstallation wohl was schiefgelaufen sein...

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
[2010.11.06 11:15:29 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.06 11:15:29 | 000,081,584 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.06 11:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
:Files
C:\Program Files (x86)\Avira
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Ephoras · 24.11.2010, 15:33

Zitat:

All processes killed
========== OTL ==========
Unable to kill active process sched.exe!
Error: Unable to stop service AntiVirSchedulerService!
Unable to delete service\driver key AntiVirSchedulerService.
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe moved successfully.
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe moved successfully.
C:\Windows\SysNative\drivers\avipbb.sys moved successfully.
C:\Windows\SysNative\drivers\avgntflt.sys moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\UPDATE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\SYSSAFE folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\REPORTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\PROFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\INFECTED folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\IDX folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTS folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\BACKUP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Avira folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE folder moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop folder moved successfully.
C:\Program Files (x86)\Avira folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: tobias
->Temp folder emptied: 2613430 bytes
->Temporary Internet Files folder emptied: 11664984 bytes
->Java cache emptied: 626598 bytes
->Google Chrome cache emptied: 302187498 bytes
->Flash cache emptied: 14667 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10413752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 53769834 bytes

Total Files Cleaned = 364,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11242010_152634

Files\Folders moved on Reboot...
C:\Users\tobias\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

bei dieem hochfahren bis jetzt keine werbugng

hoffe da sbleibt so.

Danke

PS, wie kann ich das Präfix auf gelöst setzen?

Trotz AntiVir de-Installation noch Werbung beim Hochfahren

Antiviren-, Firewall- und andere Schutzprogramme: Trotz AntiVir de-Installation noch Werbung beim Hochfahren