Browsers Protector regmon32.exe / System verseucht?

frischi · 27.04.2012, 08:29

Hallo,

Beim Systemstart kommt von der Comodo Firewall immer die Warnung, dass die regmon32.exe irgendwas ändern will.
Ich blockiere das dann immer.

Hier steht auch noch einiges darüber:

hxxp://windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=20852&page=92

Meint IHr ich kann das so machen? Und muss ich das dann alles abschreiben? Weil Copy & Paste geht nicht in der Eingabeaufforderung, oder?

Und ist mein System eigentlich noch sicher oder total unterwandert?

Würde mich üer Hilfe sehr freuen.

Defogger ist jetzt noch an und ich warte noch auf Antwort, damit ich auf Re-enable klicken kann. Oder kann ich es auch ruhig schließen, und später wieder öffnen und dann re-enablen?

cosinus · 27.04.2012, 15:40

Zitat:

Beim Systemstart kommt von der Comodo Firewall immer die Warnung,

PFWs wie ZoneAlarm oder Comodo sind sinnlose tw. kontraporduktive Resourcenfresser...

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

frischi · 29.04.2012, 16:08

Anti-Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
frischka :: SCHOENERKASTEN [Administrator]

28.04.2012 08:19:18
mbam-log-2012-04-28 (08-19-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 434551
Laufzeit: 39 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4b86a2e8de77364cb89b7a15383c27b6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-29 02:07:31
# local_time=2012-04-29 04:07:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 48184688 48184688 0 0
# compatibility_mode=1024 16777215 100 0 524904 524904 0 0
# compatibility_mode=3073 16777213 80 71 523943 11388710 0 0
# compatibility_mode=5893 16776574 100 94 24415054 87328946 0 0
# compatibility_mode=8192 67108863 100 0 10579 10579 0 0
# scanned=225349
# found=1
# cleaned=0
# scan_time=9366
D:\firefox downloads\Partition Magic.exe	multiple threats (unable to 

clean)	00000000000000000000000000000000	I

Scheint alles ok zu sein, oder?

Soll ich den Ordner "Browsers Protector" einfach löschen?

Oder so wie ich es im ersten Post verlinkt habe?

Würdet Ihr Malwarebytes Spybot vorziehen? Ich habe nämlich auch Spybot installiert.

cosinus · 30.04.2012, 12:24

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:

D:\firefox downloads\Partition Magic.exe

Aus welcher Quelle stammt das?

Zitat:

Würdet Ihr Malwarebytes Spybot vorziehen? Ich habe nämlich auch Spybot installiert.

Spybot wird von vielen völlig überbewertet, das kannst du getrost in die Tonne werfen

frischi · 01.05.2012, 08:39

Woher das Partition Magic.exe kommt weiß ich nichtmehr. Kann ich das nich irgendwie herausfinden?

Ansonsten hatte ich Malewarebytes vorher nie drauf.

Aber ich habe halt Spybot drauf, und das vorher, bevor ich hier überhaupt was gepostet hatte, scannen und löschen lassen. Das hat auch ne Menge gefunden.

cosinus · 01.05.2012, 16:15

Zitat:

Das hat auch ne Menge gefunden.

Schön, diese Aussage hilft nur keinem weiter da wir nicht wissen was genau wo gefunden wurde
Hast du denn auch mittlerweile dieses sinnlose Comodo deinstalliert?

frischi · 01.05.2012, 18:48

Was ist denn an der Comodo so schlimm?

Mein System ist schnell und stören tut sie mich nicht.

Und ich werde gefragt, bevor Programme mit dem Internet kommunizieren.

Was soll ich denn jetzt mit dem Browsers Protector machen? Ist das überhaupt Maleware?

Leider kann ich das mit Spybot jetzt nicht mehr ändern. Ich weiß noch nicht mal, ob ich das jetzt wirklich deinstallieren soll, weil dann die Quarantäne nicht mehr eingesehen, bzw. das Backup dann weg ist?

cosinus · 01.05.2012, 19:08

Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

frischi · 02.05.2012, 07:55

Danke für die Links. Die werde ich mir mal durchlesen.

Kann man denn jetzt zu dem Browser Protector nichts Konkretes mehr sagen, weil ich mit Spybot praktisch schon alle Spuren verwischt habe?

Ist dieser Browser Protector nicht bekannt? Sollte ich den Ordner einfach mit Lockhunter löschen? Oder mit Killbox?

Oder es so machen, wie ich es oben verlinkt habe?

Soll ich den roten Text in die Eingabeaufforderung schreiben, oder wie ist das gemeint?

Nicht, dass ich mir mit dem roten Text selber nen Virus schreibe, oder sowas:-)
Macht das Sinn?

Bei den Programmen habe ich auch eine "Startsearch Toolbar 1.3" gefunden, welche sich nicht mehr deinstallieren lässt. Ich brauche angeblich Administratorrechte. Ich bin aber als Admin angemeldet.Ist die vielleicht bekannt und kann ich die irgendwie loswerden?

Ich habe schon öfters gehört. dass man normale Weise nicht als Admin in Windows angemeldet sein soll. Kann ich mich jetzt nachträglich als GAst anmelden, ohne permanente Zugriffrechte-Probleme zu kriegen?
Also wenn ich jetzt als Gast angemeldet bin, kann ich dann keine Spiele mehr öffnen, oder andere Programme mehr voll fiúnktionsfähig benutzen? Und wie könnte ich das verhindern?

Danke für die Hilfe schon mal.

EDIT:

Ok, ich weiß zwar ncht warum, aber ich konnte Startsearch Toolbra, und auch Browser Protector problemlos deinstallieren. Es kamen zwar mehrer Warnhinweise wegen Umschreibung der Registry der Comodo, aber wenn die eh eher Unsinn ist, dann wird das wohl ok so sein. Jetzt scheint der Müll jedenfalls runter zu sein.

Hoffe, es ist jetzt alles in Ordnung.

cosinus · 02.05.2012, 13:51

Ich weiß leider immer noch nicht, was die Menge da genau ist/war was da gefunden wurde - deswegen kann man nun keine echte Aussage mehr dazu machen.

Hast du Comodo nun deinstalliert? Wenn nicht bitte jetzt machen

Mach danach ein OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

frischi · 08.05.2012, 09:02

So, bin jetzt endlich dazu gekommen:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.05.2012 09:23:48 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = D:\firefox downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,26% Memory free
10,00 Gb Paging File | 8,67 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,04 Gb Total Space | 2,36 Gb Free Space | 6,04% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 53,47 Gb Free Space | 28,82% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 55,83 Gb Free Space | 38,11% Space Free | Partition Type: NTFS
Drive F: | 225,08 Gb Total Space | 78,64 Gb Free Space | 34,94% Space Free | Partition Type: NTFS
Drive N: | 443,23 Gb Total Space | 282,95 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
Drive O: | 488,28 Gb Total Space | 29,97 Gb Free Space | 6,14% Space Free | Partition Type: NTFS
 
Computer Name: SCHOENERKASTEN | User Name: frischka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 09:53:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\firefox downloads\OTL.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.01.26 16:53:00 | 002,345,792 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.01.26 05:17:24 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.12.24 21:06:27 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt\TrueCrypt.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.03.07 15:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- E:\progrämmchen\VirtualCloneDrive\VCDDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.26 05:17:08 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.30 15:57:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.26 16:53:00 | 002,345,792 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.01.26 05:17:24 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.12.24 21:06:27 | 001,517,520 | ---- | M] (TrueCrypt Foundation) [Auto | Stopped] -- C:\Windows\SysWOW64\TrueCrypt.exe -- (TrueCryptSystemFavorites)
SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.02.02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.10.05 18:01:23 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.26 15:39:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Programme\Office2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.03.09 16:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.24 21:06:27 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.08.15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011.03.24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.03.24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.17 21:24:40 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.10.17 21:24:35 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.09.24 14:01:08 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.07.15 14:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.24 14:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2010.06.24 14:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 15:02:34 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.05.05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012.03.09 16:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.03.24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes,DefaultScope = {43409D1C-033B-47A9-9213-B16E4BFE9E48}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{43409D1C-033B-47A9-9213-B16E4BFE9E48}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=2295174221254240&p2=^A9T^YYYYYY^YY^US
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 3D 96 DF 8F 72 CB 01  [binary data]
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\..\SearchScopes\{43409D1C-033B-47A9-9213-B16E4BFE9E48}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://duckduckgo.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\progrämmchen\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\progrämmchen\adobe reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 21:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.05.04 09:55:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.27 09:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.23 12:28:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.09 12:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.18 09:15:38 | 000,000,000 | ---D | M]
 
[2012.04.22 11:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frischka\AppData\Roaming\mozilla\Extensions
[2010.09.24 00:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frischka\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.05 08:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\frischka\AppData\Roaming\mozilla\Firefox\Profiles\e1qz396y.default\extensions
[2012.04.30 23:12:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\frischka\AppData\Roaming\mozilla\Firefox\Profiles\e1qz396y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.23 12:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\FRISCHKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E1QZ396Y.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\FRISCHKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E1QZ396Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FRISCHKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E1QZ396Y.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\progrämmchen\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GrooveMonitor] E:\Programme\Office2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] E:\progrämmchen\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001..\Run: [TrueCrypt] C:\Program Files (x86)\truecrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\system32\driverstore\filerepository\atiilhag.inf_amd64_neutral_951c1812f542740a] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\system32\driverstore\filerepository\atiriol6.inf_amd64_neutral_bde34ad5722cca75] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff5a607728bcaa26] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_019357585ef99a63] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff5a607728bcaa26.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_019357585ef99a63.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_de-de_f8d25a2640ae7677.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Office2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Office2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - E:\progrämmchen\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Office2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.17.150.123 85.17.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AAB0FD3-C993-4910-902E-91DB7894CCC7}: DhcpNameServer = 85.17.150.123 85.17.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA0521A0-6CD3-4469-8E2C-DE124F7B850D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA0521A0-6CD3-4469-8E2C-DE124F7B850D}: NameServer = 85.214.73.63,204.152.184.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programme\Office2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ac45930-23db-11e0-a44e-0025225c240f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac45930-23db-11e0-a44e-0025225c240f}\Shell\AutoRun\command - "" = M:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: vsmon - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.08 09:18:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.04 09:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.04.29 10:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.27 16:48:47 | 000,000,000 | ---D | C] -- C:\Users\frischka\AppData\Roaming\Malwarebytes
[2012.04.27 16:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.27 16:48:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.27 16:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.27 09:07:06 | 000,000,000 | ---D | C] -- C:\Users\frischka\Desktop\logfiles
[2012.04.25 20:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.04.25 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012.04.23 16:24:38 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012.04.23 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\frischka\AppData\Local\Comodo
[2012.04.23 12:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.04.23 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012.04.23 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\frischka\AppData\Roaming\AVG2012
[2012.04.23 11:44:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.04.23 11:44:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.04.23 11:43:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.04.23 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.04.23 11:43:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.04.23 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.04.23 11:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.04.23 11:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.04.23 11:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.04.23 11:05:05 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.04.23 11:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.04.22 11:51:21 | 000,000,000 | ---D | C] -- C:\Users\frischka\Desktop\firefox
[2012.04.22 11:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.04.19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012.04.12 15:20:06 | 000,000,000 | ---D | C] -- C:\Users\frischka\AppData\Local\Alt.Binz
[2012.04.12 15:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt.Binz
[2012.04.11 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\frischka\Desktop\lg stick
[2010.09.24 14:01:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\frischka\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.08 09:27:41 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 09:27:41 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 09:26:15 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.08 09:26:15 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.08 09:26:15 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.08 09:26:15 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.08 09:26:15 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.08 09:20:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.08 09:20:20 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 09:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 08:46:11 | 097,433,685 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.05.07 17:51:11 | 000,065,418 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.29 20:24:57 | 000,007,607 | ---- | M] () -- C:\Users\frischka\AppData\Local\Resmon.ResmonCfg
[2012.04.28 18:54:25 | 000,526,005 | ---- | M] () -- C:\Users\frischka\Desktop\Ausschreibung zur Kreisliga Süd.pdf
[2012.04.28 18:53:14 | 000,525,485 | ---- | M] () -- C:\Users\frischka\Desktop\Ausschreibung zur Bezirksliga Süd.pdf
[2012.04.27 16:48:41 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 08:58:36 | 000,000,000 | ---- | M] () -- C:\Users\frischka\defogger_reenable
[2012.04.23 13:33:29 | 002,340,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.23 13:16:41 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.23 12:25:00 | 000,017,407 | ---- | M] () -- C:\Users\frischka\AppData\Local\dt.dat
[2012.04.23 11:44:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.23 11:44:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.23 11:38:39 | 000,000,988 | ---- | M] () -- C:\Users\frischka\Documents\cc_20120423_113835.reg
[2012.04.23 11:38:11 | 000,007,264 | ---- | M] () -- C:\Users\frischka\Documents\cc_20120423_113804.reg
[2012.04.23 10:58:22 | 000,697,376 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.04.22 11:36:35 | 000,075,045 | ---- | M] () -- C:\Windows\SysWow64\d8737f78.exe
[2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012.04.17 11:25:35 | 000,111,521 | ---- | M] () -- C:\Users\frischka\Documents\Gewinnausschüttung.jpg
[2012.04.17 11:23:27 | 000,030,311 | ---- | M] () -- C:\Users\frischka\Documents\Gewinnausschüttung.pdf
[2012.04.14 11:59:13 | 000,000,076 | ---- | M] () -- C:\Windows\DVDFab.INI
[2012.04.12 15:19:38 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2012.04.09 21:17:39 | 000,013,542 | ---- | M] () -- C:\Users\frischka\Desktop\KMPlayer.exe - Verknüpfung.lnk
[2012.04.09 12:32:26 | 000,000,704 | ---- | M] () -- C:\Users\frischka\Desktop\Star Trek Online.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.08 08:46:11 | 097,433,685 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.05.07 17:51:11 | 000,065,418 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.30 15:57:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.28 18:54:25 | 000,526,005 | ---- | C] () -- C:\Users\frischka\Desktop\Ausschreibung zur Kreisliga Süd.pdf
[2012.04.28 18:53:14 | 000,525,485 | ---- | C] () -- C:\Users\frischka\Desktop\Ausschreibung zur Bezirksliga Süd.pdf
[2012.04.27 16:48:41 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 08:58:36 | 000,000,000 | ---- | C] () -- C:\Users\frischka\defogger_reenable
[2012.04.23 12:28:51 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.23 12:25:00 | 000,017,407 | ---- | C] () -- C:\Users\frischka\AppData\Local\dt.dat
[2012.04.23 11:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.04.23 11:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.04.23 11:38:37 | 000,000,988 | ---- | C] () -- C:\Users\frischka\Documents\cc_20120423_113835.reg
[2012.04.23 11:38:09 | 000,007,264 | ---- | C] () -- C:\Users\frischka\Documents\cc_20120423_113804.reg
[2012.04.23 11:05:08 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.04.22 11:36:35 | 000,075,045 | ---- | C] () -- C:\Windows\SysWow64\d8737f78.exe
[2012.04.17 11:15:20 | 000,111,521 | ---- | C] () -- C:\Users\frischka\Documents\Gewinnausschüttung.jpg
[2012.04.17 11:07:39 | 000,030,311 | ---- | C] () -- C:\Users\frischka\Documents\Gewinnausschüttung.pdf
[2012.04.15 12:57:49 | 000,697,376 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.04.12 15:18:38 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2012.04.09 21:17:39 | 000,013,542 | ---- | C] () -- C:\Users\frischka\Desktop\KMPlayer.exe - Verknüpfung.lnk
[2012.04.09 12:32:26 | 000,000,704 | ---- | C] () -- C:\Users\frischka\Desktop\Star Trek Online.lnk
[2012.04.02 13:49:58 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.26 05:17:32 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.26 09:27:02 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.25 10:26:36 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.10.25 10:23:27 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.22 19:20:48 | 000,000,076 | ---- | C] () -- C:\Windows\DVDFab.INI
[2011.07.18 15:42:52 | 000,007,607 | ---- | C] () -- C:\Users\frischka\AppData\Local\Resmon.ResmonCfg
[2011.07.17 22:21:32 | 000,000,551 | ---- | C] () -- C:\Users\frischka\AppData\Roaming\AutoGK.ini
[2011.07.10 15:14:04 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.07.10 15:14:04 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.07.10 15:14:04 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.07.10 15:14:04 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.07.10 15:14:04 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.01.30 22:27:23 | 001,594,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.02 11:19:05 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2010.10.02 11:19:05 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.10.02 11:18:45 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.10.02 11:18:45 | 000,000,621 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.10.02 11:18:44 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.09.26 15:43:04 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.09.26 15:24:32 | 000,012,800 | ---- | C] () -- C:\Users\frischka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 14:01:08 | 000,099,384 | ---- | C] () -- C:\Users\frischka\AppData\Roaming\inst.exe
[2010.09.24 14:01:08 | 000,007,859 | ---- | C] () -- C:\Users\frischka\AppData\Roaming\pcouffin.cat
[2010.09.24 14:01:08 | 000,001,167 | ---- | C] () -- C:\Users\frischka\AppData\Roaming\pcouffin.inf
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2011.12.02 11:08:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\aborange
[2011.07.24 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\AnvSoft
[2012.04.23 11:45:26 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\AVG2012
[2011.10.20 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\avidemux
[2011.12.02 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\BayHunter
[2011.11.16 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Canon
[2010.09.24 23:07:49 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\DAEMON Tools Lite
[2012.04.02 11:08:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\DVDFab
[2012.04.14 22:29:54 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\foobar2000
[2010.09.24 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Free Download Manager
[2012.01.05 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\FreeFLVConverter
[2011.12.02 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\GetRightToGo
[2011.03.20 01:17:00 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\GrabPro
[2011.10.26 15:25:48 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\gtk-2.0
[2011.10.15 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ImgBurn
[2010.10.24 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Ivacy
[2011.10.20 12:58:47 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\LockHunter
[2011.11.06 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\mkvtoolnix
[2012.03.11 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\MPEG Streamclip
[2011.12.20 12:43:14 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\MyPhoneExplorer
[2011.08.23 11:44:10 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Nokia
[2010.09.26 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Nokia Ovi Suite
[2011.03.20 11:20:21 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Orbit
[2010.09.26 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\PC Suite
[2011.11.08 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Power Sound Editor Free
[2011.03.20 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ProgSense
[2011.10.01 20:27:01 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ProtectDISC
[2011.11.23 10:07:29 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Publish Providers
[2011.03.19 23:04:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Replay Media Catcher 4
[2011.01.22 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\RouterControl
[2011.11.23 10:07:31 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Sony
[2011.11.24 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Sony Creative Software
[2011.08.10 20:48:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\SynthMaker
[2010.09.24 00:33:11 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Thunderbird
[2011.06.09 09:48:22 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\TIPP10
[2012.05.07 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Tria
[2012.03.08 13:22:59 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\TrueCrypt
[2010.12.09 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\veetle_vlc
[2011.08.14 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\VPNTunnel
[2011.10.08 17:31:30 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Vso
[2011.07.07 09:13:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Wireshark
[2010.10.30 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\XMedia Recode
[2011.06.06 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Youtube Downloader HD
[2012.04.16 11:15:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.02 11:08:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\aborange
[2012.03.10 11:52:02 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Adobe
[2011.07.24 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\AnvSoft
[2010.10.31 22:19:33 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ATI
[2012.04.23 11:45:26 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\AVG2012
[2011.10.20 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\avidemux
[2011.11.06 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\AVS4YOU
[2011.12.02 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\BayHunter
[2011.11.16 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Canon
[2011.10.12 09:15:57 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\CyberLink
[2010.09.24 23:07:49 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\DAEMON Tools Lite
[2011.08.17 17:20:35 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\DivX
[2012.04.24 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\dvdcss
[2012.04.02 11:08:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\DVDFab
[2012.04.14 22:29:54 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\foobar2000
[2010.09.24 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Free Download Manager
[2012.01.05 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\FreeFLVConverter
[2011.12.02 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\GetRightToGo
[2011.03.20 01:17:00 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\GrabPro
[2010.09.24 14:25:09 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\GRETECH
[2011.10.26 15:25:48 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\gtk-2.0
[2010.09.23 23:57:20 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Identities
[2011.10.15 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ImgBurn
[2010.10.24 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Ivacy
[2011.10.20 12:58:47 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\LockHunter
[2012.04.23 09:13:03 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Macromedia
[2012.04.27 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Media Center Programs
[2012.03.15 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Media Player Classic
[2012.05.02 13:44:23 | 000,000,000 | --SD | M] -- C:\Users\frischka\AppData\Roaming\Microsoft
[2011.11.06 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\mkvtoolnix
[2010.09.24 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Mozilla
[2012.03.11 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\MPEG Streamclip
[2011.12.20 12:43:14 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\MyPhoneExplorer
[2011.08.23 11:44:10 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Nokia
[2010.09.26 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Nokia Ovi Suite
[2011.10.20 10:28:09 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\NVIDIA
[2011.03.20 11:20:21 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Orbit
[2010.09.26 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\PC Suite
[2011.11.08 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Power Sound Editor Free
[2011.03.20 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ProgSense
[2011.10.01 20:27:01 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\ProtectDISC
[2011.11.23 10:07:29 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Publish Providers
[2011.03.19 23:04:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Replay Media Catcher 4
[2011.01.22 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\RouterControl
[2010.09.26 21:41:11 | 000,000,000 | RH-D | M] -- C:\Users\frischka\AppData\Roaming\SecuROM
[2011.11.23 10:07:31 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Sony
[2011.11.24 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Sony Creative Software
[2011.08.10 20:48:41 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\SynthMaker
[2010.09.24 00:33:11 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Thunderbird
[2011.06.09 09:48:22 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\TIPP10
[2012.05.07 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Tria
[2012.03.08 13:22:59 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\TrueCrypt
[2010.12.09 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\veetle_vlc
[2012.05.07 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\vlc
[2011.08.14 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\VPNTunnel
[2011.10.08 17:31:30 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Vso
[2010.09.24 12:29:18 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\WinRAR
[2011.07.07 09:13:07 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Wireshark
[2010.10.30 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\XMedia Recode
[2011.06.06 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\frischka\AppData\Roaming\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2011.10.08 17:31:29 | 000,099,384 | ---- | M] () -- C:\Users\frischka\AppData\Roaming\inst.exe
[2011.03.19 18:16:36 | 000,003,584 | R--- | M] () -- C:\Users\frischka\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2012.04.22 11:50:02 | 000,158,000 | ---- | M] () -- C:\Users\frischka\AppData\Roaming\Mozilla\Firefox\Profiles\e1qz396y.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

[/code]

cosinus · 08.05.2012, 11:24

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2858204846-2121497546-2517329616-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ac45930-23db-11e0-a44e-0025225c240f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac45930-23db-11e0-a44e-0025225c240f}\Shell\AutoRun\command - "" = M:\setup.exe -a
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

frischi · 08.05.2012, 11:31

Habe ich denn was Unangenehmes auf dem Rechner, sodass ich jetzt was fixen muss, oder ist das jetzt Prophylaxe?

Werde das jedenfalls heute noch machen und das File dann posten.

cosinus · 08.05.2012, 12:11

Ein paar Mülleinträge entfernen

08.05.2012, 12:11	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Browsers Protector regmon32.exe / System verseucht? Ein paar Mülleinträge entfernen __________________ Logfiles bitte immer in CODE-Tags posten

Browsers Protector regmon32.exe / System verseucht?

Plagegeister aller Art und deren Bekämpfung: Browsers Protector regmon32.exe / System verseucht?