Spam Mail vom GMX Account an Adressbuch versandt

#1 Hallo,

von dem GMX Account meiner Freundin wurden Spam Mails an alle im Adressbuch eingetragenen Personen versandt. Meine Freundin benutzt immer die WEB-Oberfläche von GMX mit Firefox (also kein Outlook oder sowas).

Wir haben jetzt über einen anderen PC schon das Passwort des Accounts geändert und auf dem Rechner meiner Freundin Avira AntiVir Personal alles durchsuchen lassen (das Programm ist seit beginn an installiert und läuft immer mit).

Avira hat nichts gefunden. Der Übeltäter muss aber Zugriff auf den Account gehabt haben, sonst wären die E-Mails ja nicht an die Adressen im Adressbuch gegangen, aber im Postausgangsordner und im Papierkorb finde ich kein Hinweise auf die versendeten E-Mails. Was soll ich noch unternehmen?

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.


Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

#3 Malwarebytes:

Code

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Jule :: YOUR-CF5ED83388 [Administrator]

01.06.2012 01:30:46
mbam-log-2012-06-01 (01-30-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210621
Laufzeit: 26 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL.txt

Code

OTL logfile created on: 01.06.2012 13:01:53 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,98 Mb Total Physical Memory | 581,61 Mb Available Physical Memory | 56,91% Memory free
2,41 Gb Paging File | 2,01 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,80 Gb Total Space | 25,21 Gb Free Space | 16,95% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-CF5ED83388 | User Name: Jule | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.06.01 13:00:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.13 19:25:09 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.10.11 11:03:56 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.25 13:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006.06.29 10:30:34 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2006.03.03 00:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe
PRC - [2006.02.07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.05.01 22:04:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006.05.01 22:04:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006.01.04 18:14:36 | 000,049,152 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005.11.23 14:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 04:23:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 04:22:20 | 000,438,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.02.07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.05.05 16:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.22 08:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.11.30 19:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.11.28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.10.20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2004.08.10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.10 14:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {4FBBB58B-B465-49C4-98D8-C6AAF738415F}
IE - HKCU\..\SearchScopes\{4FBBB58B-B465-49C4-98D8-C6AAF738415F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.13 19:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.15 21:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.20 22:18:16 | 000,000,000 | ---D | M]
 
[2010.04.19 12:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Mozilla\Extensions
[2012.05.03 08:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Mozilla\Firefox\Profiles\4f9ckmsx.default\extensions
[2010.09.30 14:21:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Mozilla\Firefox\Profiles\4f9ckmsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.01 01:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.13 19:25:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.04.15 21:15:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.15 21:15:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.15 21:15:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.15 21:15:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.15 21:15:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.15 21:15:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.15 21:15:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Jule\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271671167624 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C94B48-EDC5-4F98-B945-DBA5B5DF6084}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jule\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jule\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.13 16:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.06.01 01:28:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Malwarebytes
[2012.06.01 01:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.01 01:27:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.01 01:27:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.01 01:27:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.01 01:17:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.06.01 01:17:54 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.06.01 00:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Avira
[2012.06.01 00:35:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.06.01 00:35:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.06.01 00:35:08 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.06.01 00:35:08 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.06.01 00:35:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.06.01 00:35:03 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.06.01 00:35:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.05.13 21:10:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\gegl-0.0
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.06.01 01:06:43 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012.06.01 01:06:33 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.01 01:06:32 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2519312393-3464723713-2593321703-1005.job
[2012.06.01 01:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.01 01:06:19 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.01 00:35:35 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.06.01 00:22:33 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.05.29 19:42:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2519312393-3464723713-2593321703-1005.job
[2012.05.13 21:18:14 | 000,000,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Jule\.recently-used.xbel
[2012.05.13 20:48:50 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Jule\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.13 19:48:08 | 000,463,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.13 19:48:08 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.13 19:48:08 | 000,086,134 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.13 19:48:08 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.13 17:10:25 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.05.10 14:14:05 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.05 10:39:24 | 000,107,806 | ---- | M] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Text 1.pdf
[2012.05.05 10:39:04 | 000,051,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Vorlesung 1 SOSE12.pdf
[2012.05.05 10:38:46 | 000,019,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Vorlesung 1 SOSE12.odt
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.06.01 00:35:34 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.05.13 21:18:14 | 000,000,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Jule\.recently-used.xbel
[2012.05.04 21:01:11 | 000,107,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Text 1.pdf
[2012.05.04 19:55:30 | 000,051,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Vorlesung 1 SOSE12.pdf
[2012.05.03 08:43:29 | 000,019,059 | ---- | C] () -- C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Zusammenfassung Vorlesung 1 SOSE12.odt
[2012.02.15 20:00:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.17 11:41:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.19 15:36:25 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL
[2010.10.18 14:48:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.02 21:59:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\$_hpcst$.hpc
[2010.09.27 15:26:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010.08.30 14:52:14 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.08.09 13:31:32 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.06.06 12:26:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.04.19 11:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.08.30 14:52:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2012.06.01 01:11:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\BOM
[2011.05.09 17:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\Canon
[2011.10.30 19:26:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\gtk-2.0
[2011.09.08 22:15:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\ICQ
[2010.11.16 16:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\OpenOffice.org
[2011.02.08 19:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\TeamViewer
[2010.04.18 15:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\toshiba
[2010.04.26 22:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jule\Anwendungsdaten\TS3Client
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010.04.19 20:40:35 | 000,000,000 | ---D | M] -- C:\c97294ad9cd87c6dfb51
[2010.04.18 23:14:41 | 000,000,000 | ---D | M] -- C:\CMPNENTS
[2010.04.18 14:58:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.02.24 04:50:33 | 000,000,000 | ---D | M] -- C:\f622c12f715d9c18e621da92a532f5
[2010.04.18 23:24:13 | 000,000,000 | ---D | M] -- C:\I386
[2010.04.25 05:44:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.06.01 01:27:27 | 000,000,000 | ---D | M] -- C:\Programme
[2010.04.18 15:24:47 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.04.18 23:31:38 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2012.06.01 01:06:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006.09.21 22:23:23 | 000,000,000 | ---D | M] -- C:\TOOLSCD
[2010.04.18 23:37:48 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2012.06.01 01:23:35 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
Invalid Environment Variable: LOCALAPPDATA
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2004.08.10 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2004.08.10 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2004.08.10 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-24 05:18:26

< End of report >

Extras.txt

Code

OTL Extras logfile created on: 01.06.2012 13:01:54 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Dokumente und Einstellungen\Jule\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,98 Mb Total Physical Memory | 581,61 Mb Available Physical Memory | 56,91% Memory free
2,41 Gb Paging File | 2,01 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,80 Gb Total Space | 25,21 Gb Free Space | 16,95% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-CF5ED83388 | User Name: Jule | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Dokumente und Einstellungen\Jule\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\Jule\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Dokumente und Einstellungen\Jule\Desktop\PCATTCP.exe" = C:\Dokumente und Einstellungen\Jule\Desktop\PCATTCP.exe:*:Enabled:PCAUSA Test TCP (PCATTCP)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"D16AA00FE65B9D2C6E0A57F54400303BF3259CC3" = Windows Driver Package - Intel (w29n51) net  (06/26/2006 9.0.4.17)
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 13.05.2012 15:07:13 | Computer Name = YOUR-CF5ED83388 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 11.0.0.4454, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.05.2012 10:16:27 | Computer Name = YOUR-CF5ED83388 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 31.05.2012 17:27:07 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 17:32:31 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 17:33:45 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 17:33:58 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 17:37:59 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 17:45:54 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 18:43:21 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
Error - 31.05.2012 18:48:50 | Computer Name = YOUR-CF5ED83388 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
[ OSession Events ]
Error - 03.04.2012 13:07:23 | Computer Name = YOUR-CF5ED83388 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5493
 seconds with 3480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.05.2012 04:02:14 | Computer Name = YOUR-CF5ED83388 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
Error - 20.05.2012 06:08:50 | Computer Name = YOUR-CF5ED83388 | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter e1215bf8,
 3. Parameter e1216088, 4. Parameter 7e92e468.
 
Error - 31.05.2012 17:27:06 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 17:32:30 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 17:33:44 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 17:33:57 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 17:37:58 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 17:45:53 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 18:43:20 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
Error - 31.05.2012 18:48:49 | Computer Name = YOUR-CF5ED83388 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
 
 
< End of report >

#4 Bitte• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
• Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Zitat

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
• Entferne rechts den Hacken bei:


• IAT/EAT
• Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
• Show all (sollte abgehackt sein)

• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

#5 Hallo,

ich habe das gleiche Problem und bräuchte ebenfalls Hilfe.

Das Malwareprogramm habe ich installiert und das Logfile kopiert.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aslan :: ASLAN-PC [Administrator]

Schutz: Aktiviert

17.06.2012 15:09:11
mbam-log-2012-06-17 (15-09-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205462
Laufzeit: 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Aslan\Downloads\SoftonicDownloader_fuer_a9cad.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Bitte um einen Feedback,

Danke und schönen Sonntag


GA

#6 Extras:
OTL Extras logfile created on: 17.06.2012 16:10:52 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Aslan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,74 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 51,27% Memory free
5,48 Gb Paging File | 3,89 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 215,92 Gb Free Space | 75,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ASLAN-PC | User Name: Aslan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EC4C8B9-4C54-4FBD-8A19-40BDBF9238A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31CD7B1D-BEF4-46AA-8063-BF878B830393}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BC0B2F8-8035-4B46-ACFD-1F2009F02004}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A38326C-94EF-45A3-BF85-222AF6783957}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C9CF12E-68F7-4A11-A943-6E9169B25258}" = rport=139 | protocol=6 | dir=out | app=system |
"{5AF26890-8CFF-4805-9885-7451999DB257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5F3A9D6B-CABF-41AE-BEB2-AB2E445B2024}" = lport=139 | protocol=6 | dir=in | app=system |
"{662E3263-C748-41D7-A435-638828509587}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73905D1D-2BB0-435B-8864-129FFA95B0B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{880CF1A2-BAA9-4D79-8F29-C0C21425A93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A1105E7-EEB1-4554-9CFD-D21473CC78AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{93DB47FE-D5DC-4677-87CD-E2F1B24BD510}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C6E2776-C034-43AB-B3F4-C5B536EF80A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9DD5DC23-1C2D-47DC-90FA-8BC994C6B695}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ACE0067D-0EF1-4459-B43C-D6CD29FD9464}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3B97428-D41C-483A-818D-A4CEB5E8AB6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBDEFBF0-FB9D-4268-BED8-13687A243029}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C185C9C4-8C8F-456E-9883-FAE6381ADAFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C410D03C-EF58-4D6F-A640-6EDD6928303A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF656394-32EA-4EB0-8A73-C18F7EE08135}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D6C3A627-2B59-44C1-BAE7-19DD798AB5AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{E39B1C3A-4DED-49AC-BDDD-91F4EE58D5A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E51DF67D-FA1D-49C6-9F80-81D08FEE9783}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4443FFE-C4AB-4D5B-A623-ABB25C34CC38}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5DFED80-DD0F-48E8-8E53-2687B9E98A8C}" = lport=137 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A815EB-EE49-4D08-9F82-DA615A7259BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CA2F2E5-52DF-44B3-B6FA-FE87CDDCAF1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1127E459-15DD-4B8C-8EE1-954A372F261C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C35F2B7-21D9-43E1-9085-05A91264C735}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{280DD083-AB8B-4C29-96C6-9BA51CB01B90}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3A08048F-99BA-4C46-B64E-E08DBF9DD941}" = dir=in | app=c:\users\aslan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3F267E34-A451-45EF-8D89-B837ADCCD086}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{401CA761-C8B6-46F1-A275-EC9C05185B8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45FB230E-2561-4D72-88B3-2F8F1993818A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C692810-75FD-4516-BF2A-DBDA86FDD0B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{532035A0-5620-4624-880F-839344D122E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{675F73A6-56FF-469C-BC49-3444D7CDBAB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A63758C-A177-4F88-A65E-DA0CE21881D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DD292DE-1782-45CA-A8BD-2BBBC78D62A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F21C575-3C54-496E-A8D9-2175259DC787}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{92057610-4770-4022-B77D-E212C26D1209}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A307E238-3F60-46BD-92CF-4360EFCB96B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AB299D92-2E66-4D15-925E-3CD873566A24}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD2A645D-1A1E-4C93-AC80-F3C49B749865}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B1315269-5CC6-4CF2-8308-C0ACF62CA418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B316FDA7-A8FE-46D8-B7DA-C35C3FB8A7E6}" = protocol=6 | dir=out | app=system |
"{BC423FF6-658A-4B8B-88E6-EFEDAF7485DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C20735A1-4300-44EA-A5F2-9CB2AF2AD98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C960FAD3-7C27-457D-989D-3FC64AED758F}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D47152EA-E1F4-425B-B7C3-A48A0ECB7BBE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB968DA3-8FF7-4044-A0F8-841318576417}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2C677F5-7547-42A9-9B4E-D259A93790F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F609BC78-4948-4B97-97F5-7EB880535E10}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{E66CA679-04AD-42F7-94C5-11ADDA1E9531}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0D5A6730-93CA-4B67-B349-FA6B4A0316E6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{c501e4e7-4c77-46aa-8cc5-173e31f062eb}" = Nero 9 Essentials
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"DivX Setup" = DivX-Setup
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Rainmeter" = Rainmeter
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 18.03.2012 15:53:59 | Computer Name = Aslan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 18.03.2012 16:04:06 | Computer Name = Aslan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: jscript9.dll, Version: 9.0.8112.16441,
Zeitstempel: 0x4ee8124d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00070bdc ID des fehlerhaften
Prozesses: 0x1358 Startzeit der fehlerhaften Anwendung: 0x01cd0534bb264fdd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\jscript9.dll Berichtskennung: 83cece7f-7135-11e1-8099-1c7508167816

Error - 18.03.2012 18:05:29 | Computer Name = Aslan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.


Error - 18.03.2012 18:22:05 | Computer Name = Aslan-PC | Source = Google Update | ID = 20
Description =

Error - 18.03.2012 18:34:10 | Computer Name = Aslan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.


Error - 18.03.2012 18:38:07 | Computer Name = Aslan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: de4 Startzeit: 01cd05577283ca40 Endzeit: 46 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:

Error - 18.03.2012 18:42:31 | Computer Name = Aslan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1388 Startzeit: 01cd0557ca60d425 Endzeit: 55 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:

Error - 20.03.2012 05:50:58 | Computer Name = Aslan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 21.03.2012 08:37:29 | Computer Name = Aslan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 21.03.2012 08:37:44 | Computer Name = Aslan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.

Error - 21.03.2012 08:37:59 | Computer Name = Aslan-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 16.06.2012 17:55:41 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 16.06.2012 17:55:41 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.

Error - 16.06.2012 17:56:41 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 16.06.2012 17:57:41 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056

Error - 16.06.2012 17:57:41 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 17.06.2012 05:53:32 | Computer Name = Aslan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 11:52:19 unerwartet heruntergefahren.

Error - 17.06.2012 05:53:58 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 17.06.2012 05:54:27 | Computer Name = Aslan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 17.06.2012 09:32:30 | Computer Name = Aslan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 17.06.2012 09:52:40 | Computer Name = Aslan-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

#7 Hier fehlt aber das OTL.txt Log.

#8 Ops, da ging wohl was beim Speichern schief....mom...kommt gleich nach. Danke für die ANtwort :-)

#9 Bitte schön:

OTL.Txt:
OTL logfile created on: 17.06.2012 23:54:52 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Aslan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,74 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 51,44% Memory free
5,48 Gb Paging File | 3,28 Gb Available in Paging File | 59,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 215,13 Gb Free Space | 75,49% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ASLAN-PC | User Name: Aslan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.06.17 15:43:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aslan\Downloads\OTL.exe
PRC - [2012.06.16 02:09:56 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.07.06 15:36:18 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010.06.29 00:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.06.09 12:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.06.13 16:57:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 16:57:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 23:17:37 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.12 17:17:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 17:16:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 17:16:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 17:16:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 17:16:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 17:15:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.16 21:50:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010.06.09 12:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012.06.16 02:14:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.16 12:22:26 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.11 19:45:06 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.04.21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.04.05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011.04.05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011.04.05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011.02.08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2011.03.31 10:50:32 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110411.038\EX64.SYS -- (NAVEX15)
DRV - [2011.03.31 10:50:31 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110411.038\ENG64.SYS -- (NAVENG)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110411.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011.02.25 23:59:11 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.02.14 01:02:11 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 08 F9 9F C2 4C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE454
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Aslan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011.09.27 21:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_9_4 [2012.06.17 22:35:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.06 17:47:39 | 000,000,000 | ---D | M]

[2012.03.31 19:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aslan\AppData\Roaming\mozilla\Extensions
[2012.03.31 19:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aslan\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=161&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Aslan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Aslan\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Aslan\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Aslan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D396D3-7D5E-49D9-A19F-4772B88CEA85}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.06.17 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Roaming\Malwarebytes
[2012.06.17 15:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.17 15:02:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.17 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.17 15:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.16 13:37:00 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2931969B-81F8-474B-9BFC-8D518CB4294C}
[2012.06.15 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C41F6CA3-5DCD-4C10-B2C4-21EBE0EB3635}
[2012.06.14 23:20:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{32F2F8C5-CD2F-4DBF-AC5D-E5ADFD25C7E1}
[2012.06.14 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CEBDEC14-FBBB-4085-BD2C-696153331D8B}
[2012.06.14 15:28:01 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{13F20E48-E7B9-4A26-89BB-088F333E9840}
[2012.06.14 15:27:49 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2CD68A49-C3CB-47A4-8EE4-37B93EF5087A}
[2012.06.13 22:15:19 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{F6733219-D638-4828-9138-1411A3DA0B9C}
[2012.06.13 22:15:08 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2BF69199-6AA5-43C2-97F8-8623DFC5842B}
[2012.06.13 16:57:17 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D8880D1E-493E-4114-8793-519F62323FAA}
[2012.06.13 16:57:05 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C022F6AC-2A5B-4FB1-8B1F-A3855FE54166}
[2012.06.13 13:45:06 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{7FD33A8C-0396-4855-8EDF-DA790E416BD1}
[2012.06.13 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{46769EB2-BA7B-4DCF-B3CF-3449E7F566C6}
[2012.06.12 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{8AA6565A-8F03-4F3E-B11B-ECC7866D8619}
[2012.06.12 19:32:12 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{0AC60C84-D58A-4EA9-8B05-BE7456A2C190}
[2012.06.12 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{50797CAF-451A-42CE-983C-92394FFBF69A}
[2012.06.12 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{3FEA3765-0D4A-43D2-8787-B3814D230FD7}
[2012.06.11 20:09:46 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{DA705BC4-1B9B-48C8-983D-3F8C276B7450}
[2012.06.11 20:09:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{7A6E605E-E270-4877-B621-B008077430B4}
[2012.06.11 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{A2B82EE9-A399-4437-8A63-4609C7C5FDBF}
[2012.06.11 15:23:03 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E2DCB2AD-19CC-40E3-A256-229E3715F615}
[2012.06.11 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E8CF3959-D7F3-4A64-AE62-70A473E58AD7}
[2012.06.11 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D73F2178-5F30-47E6-B442-CE0B7175FE3A}
[2012.06.10 23:19:12 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5E31207F-5908-47AC-AAF0-6CB731FA3AF0}
[2012.06.10 23:19:02 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{48FDE812-D4EF-4E77-AFC9-DCFF0BEA0E6E}
[2012.06.10 14:58:13 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{95AA42B3-FB54-43B1-83F2-911E2DAA45DD}
[2012.06.10 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E8B6D476-839C-47C6-9D81-77A628E7C378}
[2012.06.10 12:59:59 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5140D504-B468-4C4E-9F2B-D2E8029C0C33}
[2012.06.10 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E3BB7C10-9594-451F-8F72-177C8FEC6012}
[2012.06.10 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6008C2F0-0CAF-4AA8-B4DC-4BFB5779003E}
[2012.06.10 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CBF57F22-AD4C-4555-BFF6-97AD2DE4AC37}
[2012.06.10 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{262E226E-982C-41E7-B143-CE80E7E45962}
[2012.06.10 11:43:34 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{270C1808-666D-4958-9962-7567387A2EC9}
[2012.06.10 01:39:28 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5B7EE574-3699-41F9-9C01-3A81E6F9A679}
[2012.06.10 01:39:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{50FD3BFC-D78A-499E-81E5-941261215A22}
[2012.06.09 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AD2A4EC4-5F7A-4030-8A78-295207E7CE55}
[2012.06.09 15:10:42 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{132DB160-E99E-47FB-8C2A-702CE8AD3B2A}
[2012.06.09 12:42:57 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4CFDCF4C-E430-4A95-8B58-E99A99DE3C8A}
[2012.06.09 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{71D9428F-E594-44BD-8FC9-E55EA112C349}
[2012.06.08 22:19:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{708E8424-B18C-4B63-9F2B-23FE0BA43BF8}
[2012.06.08 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1B08303D-EA98-45BA-AD89-49D70821B01F}
[2012.06.08 20:36:20 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6468F9B8-E7FA-443E-A23C-205B3B1A8D2B}
[2012.06.08 20:36:08 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4F02A184-5E8D-40FA-8509-9B5B151104D3}
[2012.06.08 17:27:31 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E6C3D0AC-CE09-4955-B84A-4D89F9D2264D}
[2012.06.08 17:27:20 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CC77DD0A-D984-44B1-AE8E-287E3909BE82}
[2012.06.08 09:23:20 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{851A50BA-5FCA-4EC5-8789-DD8F6C159A0A}
[2012.06.08 09:23:08 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1C1A72FB-5E69-4C4A-9697-2A433377E1C2}
[2012.06.08 09:03:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6F37DA2B-38FE-4FE6-A1A2-9D384692C238}
[2012.06.08 09:03:13 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5025F1CF-BF9B-4F15-B469-E4071E23A0D3}
[2012.06.08 08:58:46 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{F4B528AA-DBB9-4E4A-9FC4-25393A98D135}
[2012.06.08 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5849F111-AA6B-4B03-8074-D9F3FF5F258A}
[2012.06.08 08:04:35 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{96893DCA-CA6C-41E9-936E-AF21AF5933E4}
[2012.06.08 08:04:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{88E90F51-F0BC-4689-B3D6-3913C3A70A1F}
[2012.06.08 06:22:20 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E3060DEA-24EC-47BB-AB3A-9746EF3E126A}
[2012.06.08 06:22:09 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5D594BB8-9093-497E-8C90-560635796152}
[2012.06.08 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{B6D22741-D20F-4D51-96E5-4AF1799B0522}
[2012.06.08 00:57:18 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2A3D53B9-E4EB-4740-8678-F5E7C76E2EB2}
[2012.06.08 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D30388EC-F111-4DAB-A9F1-67DB53DD0F93}
[2012.06.08 00:08:14 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{3FD50871-EE0F-4A3F-A1DA-83BEC32CD148}
[2012.06.07 23:48:18 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4D9403A7-EB9A-418C-8F03-727E20EDA3C7}
[2012.06.07 23:48:08 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{91F19360-90F8-4475-AF39-DFE72730B01D}
[2012.06.07 17:10:42 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6FE40FB3-E0E0-4D78-BEFE-0ABAB0F79282}
[2012.06.07 17:10:32 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{BD2941F0-5573-41B2-B0E1-DABFF565EBF7}
[2012.06.07 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D9BC24C5-823E-43E1-8D87-F27233660103}
[2012.06.07 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{16DA8F59-C908-4350-9755-34C4BAA87214}
[2012.06.07 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{91DA91A9-8C88-4F03-AC09-92F1822479C7}
[2012.06.07 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E50540CC-A90D-4C02-A90D-64EDAE7913C3}
[2012.06.07 12:34:06 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6DA05E3D-97D5-4556-823E-FC6C17591192}
[2012.06.07 12:33:56 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CFEC0478-215D-4D56-BB7C-A393B198BDC3}
[2012.06.07 10:50:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{16113C64-D538-4F75-B3CC-696FD28C6556}
[2012.06.07 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{10D76CAD-6710-4034-B6EE-F0E21FF4F8CF}
[2012.06.07 00:49:14 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4BA53E31-F659-40ED-8BA2-F4314E7D35A1}
[2012.06.07 00:49:03 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4A10035B-BDDF-429B-A004-5F5E667CA597}
[2012.06.06 20:49:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{0BF34A12-97FB-40F4-A909-D038909A5F43}
[2012.06.06 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{EED07B27-2952-4A9A-99FA-88C0C498AEA8}
[2012.06.06 17:41:04 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5DAC5E52-654B-4A71-A3CA-904BDE5DEF77}
[2012.06.06 17:40:53 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{0DF3F43D-2F93-44FD-8A37-65668E468A22}
[2012.06.06 15:28:09 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{25BC2ECB-3721-455F-B6AE-1F233E1BEBD2}
[2012.06.06 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{50847855-0289-4144-89C0-F9841A7523A5}
[2012.06.06 14:04:21 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{618991C9-3197-458C-8072-E4ADF6A6F258}
[2012.06.06 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{F24B75B7-1519-4974-BD5E-02F5FA0F3B86}
[2012.06.05 22:58:34 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{A8ECDBB1-ED67-4616-929A-1CEAA269D271}
[2012.06.05 22:56:57 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2E2C6401-389C-48C7-BFD2-E9146396EFBE}
[2012.06.05 13:58:14 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{FD87B0BF-EE9C-4F50-B0CA-306EFB8C7E7A}
[2012.06.05 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{445AE156-0E83-49C9-A793-2BD7BD85E2C2}
[2012.06.04 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AAF7FC3F-D2ED-4424-A888-C0992F2021B1}
[2012.06.04 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2E36B6C9-B32C-4781-8805-64750099C173}
[2012.06.04 12:32:49 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C84140C0-E22D-4F89-ADAA-9E53EFF21BA3}
[2012.06.04 12:32:37 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{A68FFE60-0068-4F9D-93B6-C73244CD83F4}
[2012.06.03 23:12:34 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{8FAA9852-9C2E-4F93-A2B8-38F1498C8160}
[2012.06.03 23:12:22 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{EBA56751-D442-4012-ADE3-7349EE07893D}
[2012.06.03 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{BD0863BB-757C-4373-979D-2D775782D25C}
[2012.06.03 22:44:38 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{8902A156-829A-4754-A184-572920D7C3F2}
[2012.06.03 22:15:18 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1D387033-0503-49D9-BED3-59C54BFBC92F}
[2012.06.03 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{7BCCC0FD-8C51-4CCA-961A-DA4E5ACB8A6F}
[2012.06.03 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E5EAF96D-1E06-4966-8203-33AB5A38C3E4}
[2012.06.03 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E13CEA39-C5CD-4B89-BC79-8B8072F0B0C7}
[2012.06.03 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{68C26441-01AB-453A-B738-1A520DF3183A}
[2012.06.03 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{32D5FCC1-6D07-4058-9150-7CE204395CA0}
[2012.06.03 03:50:09 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C2875B6E-0BFA-4BAA-B72F-E82F13AB3678}
[2012.06.03 03:49:57 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{EC8E6BA8-933C-477B-B3C7-608AFC09F3C5}
[2012.06.02 20:56:23 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{72DA96B5-F889-4105-8EFB-CE416D408EC7}
[2012.06.02 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2F6D3EA0-251B-42F4-8C63-2E09170296BE}
[2012.06.01 21:22:48 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{FEDC0185-ED14-49B6-A393-D3DF87AEA39E}
[2012.06.01 21:22:35 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{EFA32F10-81AD-454B-860A-EA748E9A2223}
[2012.06.01 11:47:51 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1BB33320-F53E-4FE6-B411-97361CA538F5}
[2012.06.01 11:47:39 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{8048C491-695A-4EB8-8709-FBBBB03D5A7E}
[2012.06.01 03:08:48 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AE0FE3A3-892A-466E-B937-3FB578CBB9E2}
[2012.06.01 03:08:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E699B17A-828D-433C-97B5-327DF168E4E9}
[2012.06.01 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AA135C75-91AE-4377-AD60-5D071D2DD66A}
[2012.06.01 00:42:12 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{899780A6-DD6A-4075-B16A-1A26BC22D6CA}
[2012.05.31 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2534CA60-2574-462E-8969-2E8DAE0FCB0A}
[2012.05.31 12:50:32 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{DAD748AF-B771-4789-984F-1800F158565B}
[2012.05.30 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6110A6AF-E2D1-4B94-992F-123424EF2498}
[2012.05.30 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5DE5BAA1-7EED-4A32-9810-0957A8D15BD4}
[2012.05.30 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2AB8A4CF-1937-4810-B736-976964321CDA}
[2012.05.30 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5D612EB9-FB9B-4E61-B5A7-D93D1E633009}
[2012.05.30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E8FC2005-32C9-4B0B-A529-7B1FEB12B6FA}
[2012.05.30 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{5B4AE488-1D1A-481D-97EA-F1BD2302FEB5}
[2012.05.30 14:22:00 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{A9DBF24C-81B6-4160-A455-BC672C426F23}
[2012.05.30 14:21:47 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6E7B27AC-CCDF-41A4-913F-7B3ECF19CFCA}
[2012.05.29 23:59:07 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D3BF1E53-5CB9-4BD8-A5EF-96A55CA11FC4}
[2012.05.29 23:58:55 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{ED3FAC0D-3304-442E-8992-5033BA504128}
[2012.05.29 20:40:52 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{0C513264-24AF-4BFE-A362-4D628BC3D325}
[2012.05.29 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{409561D3-E4CB-4BB1-8533-EDA1E2846EB1}
[2012.05.29 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CE7CFF07-309A-41E6-9D16-1EC9AFBB1DD3}
[2012.05.29 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6D4342F6-F67E-4E86-8FA2-CA297E78F4D1}
[2012.05.28 14:55:23 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{6449DA24-1E5C-41DC-8DC0-02BB5A38751B}
[2012.05.28 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{26A250C0-4F27-409E-891A-942D04889BD8}
[2012.05.28 12:50:53 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{770D37FF-CE3A-4B61-A086-AB0F48B81B7A}
[2012.05.28 12:50:41 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{507FC7B4-CDE0-4C45-A395-2692FA40C847}
[2012.05.28 11:05:47 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E7C3B0E3-A119-4755-89AD-65350B2547A4}
[2012.05.28 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{3D522923-A0AA-43CA-AC51-3B6D0DB01900}
[2012.05.28 02:15:34 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4E016CE2-E318-466E-B0CE-B510FF189DE4}
[2012.05.28 02:15:17 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CB4AB148-1411-45DC-922E-FB96BB8A0D6F}
[2012.05.28 01:37:24 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4224499C-662A-442D-8E2E-69CD33CF2E3E}
[2012.05.28 01:37:11 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4CB79EE1-5CC6-4029-95C9-9A82CFECAE91}
[2012.05.27 22:41:39 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{03B79D3A-1276-41CF-8A96-75CD011C93E1}
[2012.05.27 22:41:28 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D7D3C061-6169-45D1-9B4B-677C065BC8F6}
[2012.05.27 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4C2712F0-CCDB-4877-8C28-DA2633FE6553}
[2012.05.27 21:37:39 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{7E7C32AF-72E9-47FF-876F-E5B10F73DB7B}
[2012.05.27 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{F30FBD7A-C0F7-4F6D-B843-DAA624F9DBAA}
[2012.05.27 15:55:57 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{0A3AE4D7-948A-4267-BD88-B6367F3DF12E}
[2012.05.27 13:22:58 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{81D446A7-B315-482F-A9EE-3E0CFD715E3A}
[2012.05.27 13:22:45 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{471B9087-5A64-4FC2-A50F-0D40E41DCB82}
[2012.05.26 14:15:55 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1999DF0B-E29F-4886-A6D3-5E17930BEB41}
[2012.05.26 14:15:43 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2F770C58-11B8-46E5-ADA7-3BC893F0255E}
[2012.05.25 22:34:05 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{FEDED56C-7E49-4187-AC02-35F7620EE513}
[2012.05.25 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4FA7D879-7E2F-4B8C-81DC-473A64898EF2}
[2012.05.25 15:54:29 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{ACC8FDD6-06FC-449A-8A87-3A7AD02F9D19}
[2012.05.25 15:54:17 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{81B05353-9633-43C8-8C9B-4CB583625B6F}
[2012.05.24 23:37:47 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{9430F8B7-26E1-4F19-8937-87C55B006895}
[2012.05.24 23:37:31 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AE1B3981-D6AC-4BD5-89DD-8981E37AF5EA}
[2012.05.24 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{3FC148AB-3C1B-41FD-8A13-41758C7ABABB}
[2012.05.24 21:44:00 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C3F1D307-A4B2-47FD-BB98-9831A8C1F9E5}
[2012.05.24 18:13:33 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{98A5BE20-B362-45E6-B588-C7576884999D}
[2012.05.24 18:13:21 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{8964A0E5-46D9-4F06-AF31-A746FB90FC4D}
[2012.05.24 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{D353DD6F-4857-4984-86D6-6111E1FBB1DA}
[2012.05.24 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{B1B48E64-BC57-4B86-937E-C68545E60BBE}
[2012.05.24 02:32:33 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{EB395CBF-7E46-48DB-AF7D-D14E7C6AB441}
[2012.05.24 02:32:21 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{F1CD76C0-CD0F-49B8-9865-B30F9AAE0051}
[2012.05.23 12:11:33 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{13ACE452-8603-4D71-BD30-EA313955F050}
[2012.05.23 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1A13FCCD-6680-4000-853D-68D9E356B94E}
[2012.05.22 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{34FD524D-9E87-4F01-9A16-7C73395A2FB4}
[2012.05.22 22:29:16 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{E840F1EE-328A-4911-A2CF-A81AE7B8E399}
[2012.05.22 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{68C50A88-58DF-416F-9876-D98A62E3A836}
[2012.05.22 19:24:50 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1CEE5BD9-DBF5-4D5A-9DBF-C02B2AA5015C}
[2012.05.22 15:56:41 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{9E676E4C-B754-4F61-AD71-539C86726828}
[2012.05.22 15:56:30 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{73E766AE-43F2-457D-8FEE-854D90102CAC}
[2012.05.22 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2FA37010-36DE-4ED3-9BDE-F6FE7096C362}
[2012.05.22 00:30:45 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{46201939-1C58-4372-BC95-EA2D15902950}
[2012.05.21 14:58:54 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{4D2D60D7-AA3A-4EBB-BFE6-1DE63CFA50BF}
[2012.05.21 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{68C4BC01-6F2E-4126-9ED9-6CA8BB2E1CA7}
[2012.05.21 14:26:25 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{C81A002C-6BBB-4E9B-8CC5-801660BED80C}
[2012.05.21 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1C557BA1-D67C-4ACB-9874-7EA2878319C1}
[2012.05.20 23:52:14 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{B608AC2A-F209-4429-B256-65A29398821A}
[2012.05.20 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{546C50DB-3C99-4E17-ABB1-B5F6212852D2}
[2012.05.20 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{2959FFD3-1A11-49E8-816F-6E2D6283D6FA}
[2012.05.20 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{CECD60A4-8397-4C3A-89F0-92CFD09EFA91}
[2012.05.20 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{3BDBF0B5-A097-4B7B-B4C4-8C1403416A78}
[2012.05.20 14:22:03 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{AB2FBB57-E1F5-4671-BDEC-775EE6657DA6}
[2012.05.20 11:22:31 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{038C4D8C-7295-4BDA-B3CE-7FD4737893FA}
[2012.05.20 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{77D61914-8982-4575-8D07-0D20AC31DCD9}
[2012.05.19 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{56F43FCB-C938-4E4A-A4B8-BA2C8B703F0F}
[2012.05.19 21:01:36 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{604AA084-5C36-4866-A263-508EE10A1FF5}
[2012.05.19 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{23C2ACDD-F343-47AC-B1D1-1B72900D4F9D}
[2012.05.19 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{9B8CF33B-D8B4-4A65-A5B0-B28EA1F4BE9E}
[2012.05.19 10:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.19 10:17:24 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1D6BD9BA-7790-4172-A288-2E56F0EC0766}
[2012.05.19 10:17:11 | 000,000,000 | ---D | C] -- C:\Users\Aslan\AppData\Local\{1E499FB1-93A8-4B0B-AC1E-F8597E50A986}
[22 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.06.17 23:45:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 23:22:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3934503612-2356915741-2126463240-1000UA.job
[2012.06.17 23:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.17 22:42:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 22:42:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 22:34:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.17 22:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.17 22:34:30 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.17 20:22:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3934503612-2356915741-2126463240-1000Core.job
[2012.06.17 20:17:22 | 001,513,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.17 20:17:22 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.17 20:17:22 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.17 20:17:22 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.17 20:17:22 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.17 15:02:24 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.17 12:00:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.13 16:55:40 | 000,286,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 15:10:41 | 002,068,544 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207020.003\Cat.DB
[2012.06.12 13:11:54 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.06.08 23:11:26 | 000,490,330 | ---- | M] () -- C:\Users\Aslan\Desktop\Leiser-Timberland-Artikelnr. 66148, EU 43,US 9.png
[2012.06.08 13:00:43 | 001,316,979 | ---- | M] () -- C:\Users\Aslan\Desktop\hager-technischer-anhang.pdf
[2012.06.08 04:08:38 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207020.003\isolate.ini
[2012.06.06 01:06:12 | 000,007,978 | ---- | M] () -- C:\Users\Aslan\Desktop\Bewerbungsliste.rtf
[2012.06.01 02:11:40 | 000,425,085 | ---- | M] () -- C:\Users\Aslan\Desktop\Ihre+Bewerbung-BASF.pdf
[2012.05.31 12:48:13 | 000,000,810 | ---- | M] () -- C:\Windows\SysWow64\RegistrationConfig.xml
[2012.05.20 11:20:26 | 000,000,678 | ---- | M] () -- C:\Windows\SysWow64\ThreatDefinitionsConfig.xml
[22 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.06.17 15:02:24 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.16 02:09:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 23:11:26 | 000,490,330 | ---- | C] () -- C:\Users\Aslan\Desktop\Leiser-Timberland-Artikelnr. 66148, EU 43,US 9.png
[2012.06.08 13:00:43 | 001,316,979 | ---- | C] () -- C:\Users\Aslan\Desktop\hager-technischer-anhang.pdf
[2012.06.06 01:06:12 | 000,007,978 | ---- | C] () -- C:\Users\Aslan\Desktop\Bewerbungsliste.rtf
[2012.06.01 02:11:40 | 000,425,085 | ---- | C] () -- C:\Users\Aslan\Desktop\Ihre+Bewerbung-BASF.pdf
[2012.05.20 11:20:26 | 000,000,810 | ---- | C] () -- C:\Windows\SysWow64\RegistrationConfig.xml
[2012.05.20 11:20:26 | 000,000,678 | ---- | C] () -- C:\Windows\SysWow64\ThreatDefinitionsConfig.xml
[2012.03.12 08:22:32 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.08 19:21:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.18 13:07:00 | 001,541,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.16 12:12:05 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.16 12:12:05 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.09.13 10:44:17 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.09.13 10:44:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.09.13 10:44:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.09.13 10:44:17 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.09.13 10:44:16 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[color=#E56717]========== LOP Check ==========[/color]

[2012.06.03 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Ad-Aware Antivirus
[2012.04.19 18:50:39 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Advanced System Protector
[2012.05.06 17:42:58 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\loadtbs
[2012.04.13 02:39:27 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Nitro PDF
[2011.02.26 22:56:18 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Packard Bell
[2012.05.10 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Rainmeter
[2011.02.13 23:14:34 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\SNS
[2012.06.06 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\SoftGrid Client
[2012.04.19 20:13:59 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Systweak
[2012.03.31 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\TomTom
[2011.03.18 13:07:46 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\TP
[2011.06.25 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\WildTangent
[2011.09.21 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\Aslan\AppData\Roaming\Windows Live Writer
[2012.06.17 12:00:00 | 000,001,080 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.17 20:22:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3934503612-2356915741-2126463240-1000Core.job
[2012.06.17 23:22:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3934503612-2356915741-2126463240-1000UA.job
[2012.06.16 23:55:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

#10 Was hast Du für Beschwerden?

#11 Hallo,

auch unerwünschtes Versenden von angeblichen Mails über GMS-Account.

Liebe Grüße

GA

#12 Besteht das Problem dann noch oder hat sich da nun erledigt?

#13 Ich weiß es nicht, da ich nicht mehr auf mein Account zugreifen kann. Ich habe angeblich mehrmals ein falsches Passwort eingegeben und nun geht über GMX gar nichts mehr. Das System akzeptiert meine alternative E-Mailadresse nicht.


Danke und lieben Gruß

GA

#14 Da kann ich auch nichts machen. Du musst wohl mit GMX in Kontakt treten.

#15 Hallo, ich habe genau dasselbe Problem. Die Emails werden an Adressen ausm GMX Adressbuch versendet und von einer Yahoo Mail Adresse.

Können wir das mit mir auch mal durchgehen? Ich sende gleich die Logs.