Probleme beim Öffnen und Installieren von Programmen

Fredska · 23.10.2011, 18:26

Hi!
Sporadisch öffnen sich Programme erst nach einigen Minuten des Anklickens. Manche Installationen, bspw. die eines Internet-Sticks, die eigentlich in Sekunden erledigt ist, nimmt eine halbe Stunde in Anspruch, funktioniert dann aber trotzdem.

Also hier nun die Log-Files, die mir die in den Anweisungen genannten Programme lieferten:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-23 18:58:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD502HI rev.1AG01113
Running: cpmdi7e2.exe; Driver: C:\Users\Freddi\AppData\Local\Temp\pxtiipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9D35EF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9D35EFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9D35F080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9D35F11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 81EB5B74 4 Bytes [3C, EF, 35, 9D]
.text ntkrnlpa.exe!KeSetEvent + 621 81EB5DA4 8 Bytes [E4, EF, 35, 9D, 80, F0, 35, ...] {IN AL, 0xef; XOR EAX, 0x35f0809d; POPF }
.text ntkrnlpa.exe!KeSetEvent + 681 81EB5E04 4 Bytes [1C, F1, 35, 9D]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D31B300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D36A300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!LdrLoadDll 772393A8 5 Bytes JMP 68A4FAE0 D:\Programs\Firefox\xul.dll (Mozilla Foundation)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtClose 77274164 5 Bytes JMP 6AE3A740 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtCreateFile 77274224 5 Bytes JMP 6AE3A580 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtOpenFile 77274A04 5 Bytes JMP 6AE3A500 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtQueryInformationFile 77274C74 5 Bytes JMP 6AE3A7B0 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtReadFile 77274E84 5 Bytes JMP 6AE3A620 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtSetInformationFile 77275134 5 Bytes JMP 6AE3A830 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] ntdll.dll!NtWriteFile 77275494 5 Bytes JMP 6AE3A6B0 C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (Data Manager/MusicLab, LLC)
.text D:\Programs\Firefox\firefox.exe[2192] USER32.dll!GetWindowInfo 760B428E 5 Bytes JMP 68BCF855 D:\Programs\Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2496] kernel32.dll!SetUnhandledExceptionFilter 76A5A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programs\Daemon Tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x0C 0x71 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0x4B 0x68 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x3F 0x10 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x57 0x74 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x75 0x91 0xA2 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x75 0x91 0xA2 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programs\Daemon Tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x0C 0x71 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x39 0x4B 0x68 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x3F 0x10 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0x57 0x74 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x75 0x91 0xA2 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x75 0x91 0xA2 0x93 ...

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 23.10.2011 18:10:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Programs\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 73,02% Memory free
6,71 Gb Paging File | 5,90 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,04 Gb Total Space | 238,35 Gb Free Space | 74,48% Space Free | Partition Type: NTFS
Drive D: | 145,72 Gb Total Space | 111,78 Gb Free Space | 76,71% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 931,51 Gb Total Space | 455,10 Gb Free Space | 48,86% Space Free | Partition Type: NTFS

Computer Name: FREDDISPC | User Name: Freddi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.23 18:09:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Programs\OTL\OTL.exe
PRC - [2011.10.15 21:26:24 | 003,077,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2011.09.23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2011.09.21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2011.09.13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.09 12:36:31 | 001,598,392 | ---- | M] (MusicLab, LLC) -- C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () -- D:\Programs\Inet Stick Fabi\WTGService.exe
PRC - [2009.06.17 12:28:46 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.15 21:26:24 | 003,077,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe

========== Win32 Services (SafeList) ==========

SRV - [2011.09.12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- D:\Programs\Inet Stick Fabi\WTGService.exe -- (WTGService)
SRV - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2099.12.11 01:27:42 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2099.10.05 17:01:13 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2011.10.06 17:44:40 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.10.06 17:44:39 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.09.07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.08.12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007.12.17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006.10.18 13:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://search.bearshare.com//web?src=ffb&appid=0&systemid=2&sr=0&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.10.08 19:18:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programs\Firefox\components [2011.10.08 20:59:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programs\Firefox\plugins

[2011.10.18 13:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddi\AppData\Roaming\mozilla\Extensions
[2011.10.18 13:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddi\AppData\Roaming\mozilla\Firefox\Profiles\1feqmsy1.default\extensions
[2011.10.18 13:10:33 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Freddi\AppData\Roaming\mozilla\Firefox\Profiles\1feqmsy1.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011.10.18 13:10:26 | 000,002,503 | ---- | M] () -- C:\Users\Freddi\AppData\Roaming\Mozilla\Firefox\Profiles\1feqmsy1.default\searchplugins\SearchResults.xml
[2011.10.08 19:18:35 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.173.68.20 10.173.68.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F1815F3-1D47-444C-BB30-5C0B2ACD73BC}: DhcpNameServer = 10.173.68.20 10.173.68.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.31 06:10:28 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{54d9e4e4-f74b-11e0-af32-002354d87541}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9e4e4-f74b-11e0-af32-002354d87541}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{a8a609c9-ccce-1243-9140-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a609c9-ccce-1243-9140-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.11.02 00:17:12 | 000,356,352 | R--- | M] ()
O33 - MountPoints2\{dfad66f7-ccd1-1243-a2ea-dff3028f81e6}\Shell - "" = AutoRun
O33 - MountPoints2\{dfad66f7-ccd1-1243-a2ea-dff3028f81e6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{dfad66f7-ccd1-1243-a2ea-dff3028f81e6}\Shell\directx\command - "" = G:\DirectX\dxsetup.exe
O33 - MountPoints2\{dfad66f7-ccd1-1243-a2ea-dff3028f81e6}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2099.12.12 12:57:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2099.12.11 02:05:15 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Skype
[2099.12.11 02:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2099.12.11 02:02:38 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\Command and Conquer Generals Zero Hour Data
[2099.12.11 01:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2099.12.11 01:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2099.12.11 01:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2099.12.11 01:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2099.12.11 01:52:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2099.12.11 01:39:39 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\Command and Conquer Generals Data
[2099.12.11 01:37:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2099.12.11 01:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2099.12.11 01:35:36 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2099.12.11 01:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2099.12.11 01:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2099.12.11 01:27:42 | 000,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2099.12.11 01:27:33 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\DAEMON Tools Lite
[2099.12.11 01:23:46 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2099.12.11 01:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Antivir
[2099.12.11 01:21:38 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2099.12.11 01:17:41 | 000,000,000 | R--D | C] -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2099.12.11 01:17:41 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Searches
[2099.12.11 01:17:41 | 000,000,000 | R--D | C] -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2099.12.11 01:17:32 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Identities
[2099.12.11 01:17:30 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Contacts
[2099.12.11 01:17:29 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\VirtualStore
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Vorlagen
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\AppData\Local\Verlauf
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\AppData\Local\Temporary Internet Files
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Startmenü
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\SendTo
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Recent
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Netzwerkumgebung
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Lokale Einstellungen
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Documents\Eigene Videos
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Documents\Eigene Musik
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Eigene Dateien
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Documents\Eigene Bilder
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Druckumgebung
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Cookies
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\AppData\Local\Anwendungsdaten
[2099.12.11 01:17:27 | 000,000,000 | -HSD | C] -- C:\Users\Freddi\Anwendungsdaten
[2099.12.11 01:17:27 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Microsoft
[2099.12.11 01:17:26 | 000,000,000 | --SD | C] -- C:\Users\Freddi\AppData\Roaming\Microsoft
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Videos
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Saved Games
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Pictures
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Music
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Links
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Favorites
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Downloads
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Documents
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\Desktop
[2099.12.11 01:17:26 | 000,000,000 | R--D | C] -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2099.12.11 01:17:26 | 000,000,000 | -H-D | C] -- C:\Users\Freddi\AppData
[2099.12.11 01:17:26 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Temp
[2099.12.11 01:17:26 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Media Center Programs
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2099.12.11 01:15:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2099.12.11 01:15:05 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2099.12.11 01:09:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2099.12.11 01:06:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2099.12.11 00:57:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2099.12.11 00:55:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2099.12.11 00:55:29 | 000,000,000 | -HSD | C] -- C:\Boot
[2099.10.05 16:47:32 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2099.10.05 16:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2099.10.05 16:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011.10.23 03:07:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.10.22 13:14:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011.10.22 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\Gothic3ForsakenGods
[2011.10.22 12:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2011.10.22 11:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\JoWooD
[2011.10.22 11:49:16 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Oblivion
[2011.10.19 01:37:55 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Freelancer
[2011.10.19 01:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.10.19 01:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.10.18 13:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2011.10.18 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\PackageAware
[2011.10.18 10:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.10.16 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\Command & Conquer 3 Tiberium Wars
[2011.10.15 23:57:55 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.10.15 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\Freddi\riotsGamesLogs
[2011.10.15 21:54:09 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\LolClient
[2011.10.15 21:51:46 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Inet Stick Fabi
[2011.10.15 21:51:31 | 000,157,968 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
[2011.10.15 21:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
[2011.10.15 21:35:25 | 000,103,424 | ---- | C] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys
[2011.10.15 21:26:29 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\PMB Files
[2011.10.15 21:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.10.15 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011.10.15 19:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2011.10.15 19:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011.10.15 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\Anno 1404
[2011.10.15 13:28:53 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Ubisoft
[2011.10.15 13:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2011.10.14 22:44:22 | 000,000,000 | RH-D | C] -- C:\Users\Freddi\AppData\Roaming\SecuROM
[2011.10.14 22:44:21 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll
[2011.10.14 14:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.10.14 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011.10.14 14:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.10.14 14:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.10.14 14:24:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.10.14 14:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.10.14 14:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011.10.14 14:21:30 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Microsoft Help
[2011.10.14 14:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.10.14 14:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.10.14 14:20:21 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.10.13 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Gas Powered Games
[2011.10.13 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Freddi\Documents\My Games
[2011.10.13 13:59:25 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.10.13 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Adobe
[2011.10.11 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.10.11 00:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.11 00:16:24 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\ImgBurn
[2011.10.10 23:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.10.10 23:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.10.10 23:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.10.10 08:26:02 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Macromedia
[2011.10.10 08:26:02 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Adobe
[2011.10.10 08:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.10.10 08:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.10.10 08:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011.10.10 08:13:59 | 000,000,000 | -H-D | C] -- C:\Users\Freddi\Desktop\Risen
[2011.10.10 01:22:12 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\vlc
[2011.10.10 01:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.10.09 21:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.10.09 21:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.10.09 21:39:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.10.09 21:36:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.10.09 20:34:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.10.08 22:30:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.10.08 22:30:53 | 000,000,000 | ---D | C] -- C:\cf68fed53b9fc71359deb15584f02037
[2011.10.08 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\Mozilla
[2011.10.08 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Mozilla
[2011.10.08 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\NVIDIA
[2011.10.08 20:18:18 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Risen
[2011.10.08 19:30:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.10.08 19:20:05 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Roaming\AVG2012
[2011.10.08 19:18:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.10.08 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.10.08 19:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.10.08 19:16:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.10.08 19:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.10.08 19:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.10.08 18:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011.10.06 19:04:54 | 000,000,000 | ---D | C] -- C:\Users\Freddi\AppData\Local\Microsoft Games
[2011.10.06 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011.10.06 17:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Treiber
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099.12.12 12:58:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2099.12.11 02:12:03 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2099.12.11 02:12:03 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2099.12.11 01:40:44 | 000,000,552 | ---- | M] () -- C:\Users\Freddi\AppData\Local\d3d8caps.dat
[2099.12.11 01:11:04 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2099.12.11 00:55:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2099.10.05 17:01:24 | 000,007,090 | ---- | M] () -- C:\Windows\System32\nvnrm.nvu
[2099.10.05 17:01:13 | 000,002,344 | ---- | M] () -- C:\Windows\System32\nvsmb.nvu
[2099.10.05 17:01:13 | 000,001,383 | ---- | M] () -- C:\Windows\System32\nvsmu.nvu
[2011.10.23 18:08:42 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.23 18:08:42 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.23 18:08:42 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.23 18:08:42 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.23 18:03:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.23 18:03:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.23 18:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.23 18:03:37 | 3488,825,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.23 17:58:21 | 000,372,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.23 17:55:28 | 000,000,192 | ---- | M] () -- C:\Users\Freddi\defogger_reenable
[2011.10.23 15:04:55 | 107,140,893 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.10.22 12:02:24 | 000,001,537 | ---- | M] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2011.10.21 23:06:36 | 000,059,392 | ---- | M] () -- C:\Users\Freddi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 01:30:26 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011.10.18 10:49:30 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.10.16 13:59:23 | 000,001,115 | ---- | M] () -- C:\Users\Freddi\Desktop\PC-Wecker 4.00 by IP-MAN - Verknüpfung.lnk
[2011.10.16 03:19:00 | 000,001,153 | ---- | M] () -- C:\Users\Freddi\Desktop\Warkeys.lnk
[2011.10.15 19:17:57 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
[2011.10.15 19:07:47 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III.lnk
[2011.10.14 22:44:21 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll
[2011.10.13 18:12:39 | 000,061,717 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.10.11 12:57:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.10.10 23:18:28 | 000,001,356 | ---- | M] () -- C:\Users\Freddi\AppData\Local\d3d9caps.dat
[2011.10.10 23:18:02 | 178,499,301 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.06 17:44:40 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.10.06 17:44:39 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099.12.12 12:58:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2099.12.12 12:57:31 | 178,499,301 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2099.12.11 02:11:25 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2099.12.11 02:11:25 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2099.12.11 01:40:44 | 000,000,552 | ---- | C] () -- C:\Users\Freddi\AppData\Local\d3d8caps.dat
[2099.12.11 01:17:41 | 000,000,949 | ---- | C] () -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2099.12.11 01:17:40 | 000,000,944 | ---- | C] () -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2099.12.11 01:17:30 | 000,000,915 | ---- | C] () -- C:\Users\Freddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2099.12.11 01:17:28 | 000,001,356 | ---- | C] () -- C:\Users\Freddi\AppData\Local\d3d9caps.dat
[2099.12.11 01:10:47 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2099.12.11 00:55:31 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2099.12.11 00:55:29 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2099.10.05 17:02:54 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2099.10.05 16:47:19 | 000,059,392 | ---- | C] () -- C:\Users\Freddi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.23 17:55:17 | 000,000,192 | ---- | C] () -- C:\Users\Freddi\defogger_reenable
[2011.10.23 15:04:55 | 107,140,893 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.10.22 12:02:24 | 000,001,537 | ---- | C] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2011.10.19 01:30:26 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2011.10.16 13:59:23 | 000,001,115 | ---- | C] () -- C:\Users\Freddi\Desktop\PC-Wecker 4.00 by IP-MAN - Verknüpfung.lnk
[2011.10.16 03:19:00 | 000,001,153 | ---- | C] () -- C:\Users\Freddi\Desktop\Warkeys.lnk
[2011.10.15 19:14:34 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
[2011.10.15 19:05:26 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III.lnk
[2011.10.13 18:12:39 | 000,061,717 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.10.11 12:57:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.10.10 23:59:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.10.10 23:48:07 | 3488,825,344 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.10 08:25:21 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.10.09 21:25:47 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011.10.09 21:25:46 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011.10.09 21:25:46 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011.10.09 21:25:35 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011.10.09 21:25:34 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011.10.09 21:25:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.09 21:25:13 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011.10.09 21:24:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.09 21:24:53 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011.10.09 21:24:50 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011.10.09 21:24:48 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.10.09 20:54:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.09 20:54:54 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.10.09 20:32:03 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.10.09 20:32:03 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.10.09 20:32:03 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.10.08 20:59:59 | 000,000,599 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.08 19:15:44 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.10.08 18:51:12 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.10.08 18:51:12 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.10.06 17:44:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.10.06 17:44:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.01.21 09:15:58 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,131,012 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,372,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.18 13:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2011.10.08 19:20:05 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\AVG2012
[2011.10.16 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2099.12.11 01:32:37 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\DAEMON Tools Lite
[2011.10.11 12:51:13 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\ImgBurn
[2011.10.15 21:52:20 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\Inet Stick Fabi
[2011.10.15 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\LolClient
[2011.10.15 13:28:53 | 000,000,000 | ---D | M] -- C:\Users\Freddi\AppData\Roaming\Ubisoft
[2011.10.23 18:02:13 | 000,026,694 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.10.08 19:30:56 | 000,000,000 | -H-D | M] -- C:\$AVG
[2099.12.11 01:17:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.09 21:46:49 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.09 21:22:21 | 000,000,000 | ---D | M] -- C:\cf68fed53b9fc71359deb15584f02037
[2011.10.23 03:26:17 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2099.12.11 01:15:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.14 14:20:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2099.12.11 01:52:34 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.22 11:58:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.19 01:35:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2099.12.11 01:15:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.23 18:12:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.13 13:01:10 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.22 13:15:34 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-23 01:08:56

< End of report >

OTL Extras logfile created on: 23.10.2011 18:10:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Programs\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 73,02% Memory free
6,71 Gb Paging File | 5,90 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,04 Gb Total Space | 238,35 Gb Free Space | 74,48% Space Free | Partition Type: NTFS
Drive D: | 145,72 Gb Total Space | 111,78 Gb Free Space | 76,71% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 931,51 Gb Total Space | 455,10 Gb Free Space | 48,86% Space Free | Partition Type: NTFS

Computer Name: FREDDISPC | User Name: Freddi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{464BDBBF-FCAB-4A13-95EA-162AE51F90DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11AEBB5E-4AC8-49E8-8873-A65764C5FC59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{12B74F32-293D-414A-854B-87600F745041}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{131EE19C-EAB2-4565-9B76-A5E4D2D0A113}" = protocol=17 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{136CDB83-5B71-44F6-B4A0-C75B9ACEC242}" = protocol=17 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{17A7E153-9B57-4B96-8DCE-059B70658648}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3162AD70-73E5-43CD-90DC-33469F1C99E0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{4A1AA522-3C68-495E-8606-B9D6839A89FB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EBDEB5A-C98B-4394-A7A9-E94CC99B288B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{6BDD1B61-F429-4389-A6EA-0E457A990C81}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{6D98F983-A763-44BD-93D6-31E0E04F9786}" = protocol=6 | dir=in | app=d:\games\anno 1404\anno4.exe |
"{6EE53B27-6A39-4AE9-9DFF-DB0174E15549}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{80E1E8E7-0775-42EE-B2A1-4E3383291FFE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{98F35686-75BF-4B74-BBF2-788A32EF90E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9D415A61-0603-4A5A-A48B-E8E1C4B92607}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A729E968-D3C1-43C0-B28B-64AC2D7E0C14}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{AEB235EA-7DE7-4998-A029-D0C2C7AF51EC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B194F42F-11A4-4810-9E18-F04E5E8B9DAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA577FAE-FC39-463A-89AE-DA1323C4A2D4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{BC3C2D6E-FA3C-4CBF-99B3-2F5CC5A8F6EB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{C6BEF3DC-6446-49C6-BDD1-5E313C7F36CF}" = protocol=6 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"{D0010733-74EB-4821-9312-EF4660DFB510}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D62A193A-E2F9-48BC-9111-F2AED1702F56}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{D82EE878-82E5-4A41-875C-D18ABABCDF53}" = dir=in | app=d:\games\c&c tiberium wars\retailexe\1.0\cnc3game.dat |
"{DBC1D7DA-C853-4E0D-AD2C-10ED8CB0923A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E576D7D0-C7F8-4E87-924A-7D2FC1E22514}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E73F889F-C59C-4B77-B26B-E9C3FAECABE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E745EDB3-E1E9-4B74-B83A-EC973C73E865}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FB64F443-D30E-41A4-BF06-6FBB0BB4FC07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{37DD3ACF-04A5-4DED-A84B-0D3EE1D103E2}C:1\spiele\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=c:1\spiele\demigod\bin\demigod.exe |
"TCP Query User{51A0CD6A-6662-4332-BD08-6137BF6FE058}H:\spiele\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=h:\spiele\demigod\bin\demigod.exe |
"TCP Query User{7515C6C4-B75E-4494-9061-DD615709FBB1}D:\games\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\games\modern warfare 2\iw4mp.exe |
"TCP Query User{C2DD6EEA-8794-44DC-9C6B-A327CB45E139}D:\neuer ordner\warcraft iii\roc\war3.exe" = protocol=6 | dir=in | app=d:\neuer ordner\warcraft iii\roc\war3.exe |
"UDP Query User{B4D7D773-C2BB-4F4B-8AAB-F44A93D38B5D}D:\neuer ordner\warcraft iii\roc\war3.exe" = protocol=17 | dir=in | app=d:\neuer ordner\warcraft iii\roc\war3.exe |
"UDP Query User{BACB459E-FF85-4C61-BDD7-58AEBF09D5F5}D:\games\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\games\modern warfare 2\iw4mp.exe |
"UDP Query User{CABB9985-D038-437C-9F1B-B3300420029E}H:\spiele\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=h:\spiele\demigod\bin\demigod.exe |
"UDP Query User{EF702140-638F-4E12-90FA-7A96444A93C5}C:1\spiele\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=c:1\spiele\demigod\bin\demigod.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"BearShare 2 MediaBar" = MediaBar
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freelancer 1.0" = Freelancer
"ImgBurn" = ImgBurn
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.3.0b
"XSManager" = XSManager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.10.2011 05:48:36 | Computer Name = FreddisPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cnc3game.dat, Version 1.0.2588.1237, Zeitstempel
0x00000000, fehlerhaftes Modul cnc3game.dat, Version 1.0.2588.1237, Zeitstempel
0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0003f37d, Prozess-ID 0x774,
Anwendungsstartzeit 01cc8d7aabc10649.

Error - 18.10.2011 19:34:32 | Computer Name = FreddisPC | Source = WinMgmt | ID = 10
Description =

Error - 19.10.2011 21:31:03 | Computer Name = FreddisPC | Source = WinMgmt | ID = 10
Description =

Error - 22.10.2011 04:14:01 | Computer Name = FreddisPC | Source = WinMgmt | ID = 10
Description =

Error - 22.10.2011 06:47:50 | Computer Name = FreddisPC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 17e8 Anfangszeit: 01cc90a7a04a7e20 Zeitpunkt
der Beendigung: 12

Error - 22.10.2011 06:52:32 | Computer Name = FreddisPC | Source = WinMgmt | ID = 10
Description =

Error - 22.10.2011 06:56:09 | Computer Name = FreddisPC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 6ac Anfangszeit: 01cc90a8956d195d Zeitpunkt
der Beendigung: 16

Error - 22.10.2011 07:18:52 | Computer Name = FreddisPC | Source = WinMgmt | ID = 10
Description =

Error - 22.10.2011 07:37:10 | Computer Name = FreddisPC | Source = VSS | ID = 8194
Description =

Error - 22.10.2011 07:38:31 | Computer Name = FreddisPC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 10.10.2011 15:06:52 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7011
Description =

Error - 10.10.2011 15:07:22 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7011
Description =

Error - 10.10.2011 16:00:16 | Computer Name = FreddisPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.10.2011 um 21:57:07 unerwartet heruntergefahren.

Error - 10.10.2011 17:10:17 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.10.2011 17:19:46 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7023
Description =

Error - 10.10.2011 17:19:46 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.10.2011 17:59:44 | Computer Name = FreddisPC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2011 17:59:44 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.10.2011 17:59:44 | Computer Name = FreddisPC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.10.2011 18:26:43 | Computer Name = FreddisPC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

< End of report >

Liebe Grüße,
Fred

cosinus · 24.10.2011, 11:19

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Fredska · 24.10.2011, 19:10

Moin moin!
Das erste Programm habe ich durchalufen lassen und Eset läuft jetzt bereits 3 Stunden und 2,5h davon auf 99 Prozent des dritten Schrittes- ist das normal? Es hat bereits eine Bedrohung gefunden, wobei diese aber höchstwahrscheinlich in einem Zeitraum gefunden wurde, als mein Antivirusprogramm eingeschaltet war, da ich einkaufen war und AVG sich nach einer viertel Stunde automatisch wieder einschaltet. Mist, ich merke gerade, dass es wieder aktiviert ist.

Ist das sehr schlimm bzw. kommen einfach eigenartige Meldungen, wenn das Antivirenprogramm an ist oder wirkt sich das insoweit aus, dass das Ergebnis verfälscht wird?

Also hier die Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8011

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.10.2011 16:44:04
mbam-log-2011-10-24 (16-44-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170517
Laufzeit: 3 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 24.10.2011, 19:18

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Fredska · 27.10.2011, 15:58

Okay, also hier nun die Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8029

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

27.10.2011 16:53:45
mbam-log-2011-10-27 (16-53-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Durchsuchte Objekte: 311923
Laufzeit: 1 Stunde(n), 10 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\Games\Risen\bin\Engine.dll (Trojan.Agent) -> Quarantined and deleted successfully.
d:\Games\Risen\bin\Game.dll (Trojan.Agent) -> Quarantined and deleted successfully.
d:\Games\Risen\bin\Risen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\Games\Risen\bin\scripts\script_game.dll (Trojan.Agent) -> Quarantined and deleted successfully.
k:\$RECYCLE.BIN\s-1-5-21-3241891054-2309148978-130390521-1000\$RJEVERE\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
k:\Spiele\Sicherheits-CD's\schlacht um mittelerde 2\ea games.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
k:\Zeug\programme\Div X\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
k:\Zeug\Stuff\ea.games.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Wie Du siehst, habe ich einfach auf "Entfernen" gedrückt; ich hoffe das war nicht falsch.

cosinus · 27.10.2011, 18:42

Zitat:

k:\Spiele\Sicherheits-CD's\schlacht um mittelerde 2\ea games.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
k:\Zeug\programme\Div X\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
k:\Zeug\Stuff\ea.games.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

Probleme beim Öffnen und Installieren von Programmen

Log-Analyse und Auswertung: Probleme beim Öffnen und Installieren von Programmen