WIN7 x64:Avira meldet versteckte Objekte

#1 Hallo,

seit dem 12.04 meldet Avira bei dem täglichen Antivirenscan folgendes:
"Es wurden versteckte Objekte gefunden.

Es wurden ein oder mehrere versteckte Objekte gefunden, die auf eine versteckten Virus oder unerwünschtes Programm hindeuten.

Zur genauen Identifikation und Reparatur ist eine Überorpfung Ihres Computers mit der Avira Rescue-CD erforderlich.

Wollen Sie hierzu den Suchlauf abbrechen?"

Möglichkeiten bleiben "Ja" und der Scan wird abgebrochen oder "Nein" und er scannt weiter.

Wenn ich ihn weiterscannen lasse kommt folgendes Log heraus:

Code

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 13. April 2012  12:45

Es wird nach 3616780 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : TOBIAS

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 16:18:48
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 16:18:47
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 16:18:49
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  15.02.2012 16:18:51
AVREG.DLL      : 12.1.0.36     229128 Bytes  05.04.2012 17:20:42
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 17:26:23
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:32:27
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:24:29
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 17:24:29
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 17:24:29
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 17:24:29
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 17:24:29
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 17:24:29
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 17:24:29
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 17:24:29
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 17:24:29
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 17:24:29
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 17:23:12
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 17:20:42
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 17:21:16
VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 15:37:29
VBASE018.VDF   : 7.11.27.107   161280 Bytes  12.04.2012 09:46:15
VBASE019.VDF   : 7.11.27.108     2048 Bytes  12.04.2012 09:46:16
VBASE020.VDF   : 7.11.27.109     2048 Bytes  12.04.2012 09:46:17
VBASE021.VDF   : 7.11.27.110     2048 Bytes  12.04.2012 09:46:17
VBASE022.VDF   : 7.11.27.111     2048 Bytes  12.04.2012 09:46:17
VBASE023.VDF   : 7.11.27.112     2048 Bytes  12.04.2012 09:46:17
VBASE024.VDF   : 7.11.27.113     2048 Bytes  12.04.2012 09:46:17
VBASE025.VDF   : 7.11.27.114     2048 Bytes  12.04.2012 09:46:17
VBASE026.VDF   : 7.11.27.115     2048 Bytes  12.04.2012 09:46:17
VBASE027.VDF   : 7.11.27.116     2048 Bytes  12.04.2012 09:46:19
VBASE028.VDF   : 7.11.27.117     2048 Bytes  12.04.2012 09:46:20
VBASE029.VDF   : 7.11.27.118     2048 Bytes  12.04.2012 09:46:21
VBASE030.VDF   : 7.11.27.119     2048 Bytes  12.04.2012 09:46:21
VBASE031.VDF   : 7.11.27.140    61952 Bytes  13.04.2012 09:46:04
Engineversion  : 8.2.10.42 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  04.04.2012 17:23:09
AESCN.DLL      : 8.1.8.2       131444 Bytes  10.02.2012 17:36:41
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 18:25:09
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.16.9      807287 Bytes  30.03.2012 17:24:43
AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  04.04.2012 17:23:01
AEHEUR.DLL     : 8.1.4.15     4628855 Bytes  13.04.2012 09:46:10
AEHELP.DLL     : 8.1.19.1      254327 Bytes  02.04.2012 17:20:55
AEGEN.DLL      : 8.1.5.23      409973 Bytes  07.03.2012 18:22:30
AEEXP.DLL      : 8.1.0.29       82293 Bytes  13.04.2012 09:46:10
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 18:21:07
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 16:18:46
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Windows Systemverzeichnis
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysdir.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Freitag, 13. April 2012  12:45

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPLaserJetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1011' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\system32'


Ende des Suchlaufs: Freitag, 13. April 2012  12:54
Benötigte Zeit: 08:56 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

   1282 Verzeichnisse wurden überprüft
  50564 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  50564 Dateien ohne Befall
    145 Archive wurden durchsucht
      0 Warnungen
     64 Hinweise
  98356 Objekte wurden beim Rootkitscan durchsucht
     64 Versteckte Objekte wurden gefunden

Danach also Avira Rescue-CD gebootet und vollständigen Suchlauf gestartet, Ergebnis:

Code

Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:         8.2.10.38
VDF Version:        7.11.27.122
Scan start time: Fri Apr 13 17:43:57 2012
configuration file: /etc/avira/scancl.conf
WARNING: [Unsupported archive type] /media/Devices/sdb2/Programme/World_of_Tanks_closed_Beta/Updates/wot_62.66229_61.58710_client.patch


WARNING: [Compression method not supported] /media/Devices/sdb2/Programme/World_of_Tanks_closed_Beta/Updates/wot_63.83333_content_de.patch


WARNING: [Bad archive header] /media/Devices/sdb2/temp/Battlefield3/Data.zip


WARNING: [Archive is invalid or corrupt] /media/Devices/sdf2/Program Files/WinRAR/rarnew.dat


WARNING: [Bad compressed data] /media/Devices/sdf2/Program Files (x86)/SlySoft/CloneCD/ccd-uninst.exe


WARNING: [Bad compressed data] /media/Devices/sdf2/Program Files (x86)/Elaborate Bytes/CloneDVD2/CloneDVD2-uninst.exe


WARNING: [Unexpected end of file] /media/Devices/sdf2/Users/Admin/AppData/Local/Temp/jar_cache649751232584271228.tmp


WARNING: [Bad compressed data] /media/Devices/sdf2/Users/Admin/Downloads/GordianKnot.RipPack.0.35.0.Setup.2.exe --> [ProgramFilesDir]/GordianKnot/VobSub_2.23.exe


WARNING: [File is encrypted] /media/Devices/sdf2/Users/Admin/Downloads/WinRAR.v4.00.zip


WARNING: [Unexpected end of file] /media/Devices/sdf2/Users/Admin/Downloads/WinRAR_4.01.zip.part


WARNING: [File is encrypted] /media/Devices/sdf2/Users/Admin/Downloads/avira_free_antivirus_de.exe --> avsdklist.zip


WARNING: [File is encrypted] /media/Devices/sdf2/Users/Admin/Downloads/avira_free_antivirus_de.exe --> manualuninstallconfig.zip


WARNING: [File is encrypted] /media/Devices/sdf2/Users/Admin/Downloads/avira_free_antivirus_de.exe --> productreleasenotes.zip


WARNING: [File is encrypted] /media/Devices/sdf2/Users/Admin/Downloads/avira_free_antivirus_de.exe --> qatestedproducts.zip


WARNING: [The files in archive are multiple volume] /media/Devices/sdg1/backup c/Program Files (x86)-incomplete/Nokia/Nokia Ovi Suite/Help/webhelp.jar


WARNING: [The files in archive are multiple volume] /media/Devices/sdg1/backup c/Program Files (x86)-incomplete/Nokia/Nokia Ovi Suite/Help/OviSuiteHelp_ger.exe --> webhelp.jar


WARNING: [Bad compressed data] /media/Devices/sdg1/backup c/Program Files (x86)-incomplete/SlySoft/CloneCD/ccd-uninst.exe


WARNING: [Archive is invalid or corrupt] /media/Devices/sdg1/backup c/Program Files-incomplete/WinRAR/rarnew.dat


WARNING: [Unexpected end of file] /media/Devices/sdg1/backup c/Users/Admin/Desktop/DTS2AC3/AudioConverterTools.ZIP --> MediaInfo/uninst.exe


WARNING: [Bad archive header] /media/Devices/sdg1/backup c/Users/Admin/Downloads/k6d_6.0.2.iso --> boot/images/seatg207.img --> seatg207.img


WARNING: [All files in archive are encrypted] /media/Devices/sdg1/backup c/Users/Admin/Downloads/FL29.rar


WARNING: [File is encrypted] /media/Devices/sdg1/backup c/Users/Admin/Downloads/JDownloader_PW___bersicht.zip


WARNING: [Unexpected end of file] /media/Devices/sdg1/backup c/Users/Admin/Downloads/Tools/MediaInfo/uninst.exe


WARNING: [Unsupported archive type] /media/Devices/sdg1/Backup J/World_of_Tanks_closed_Beta/Updates/wot_62.66229_61.58710_client.patch


WARNING: [Compression method not supported] /media/Devices/sdg1/Backup J/World_of_Tanks_closed_Beta/Updates/wot_63.83333_content_de.patch


WARNING: [Unsupported archive version] /media/Devices/sdg2/Software/privoxy_setup_3_0_3-2.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038446.exe


WARNING: [Unsupported archive version] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038448.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038449.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038452.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038456.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038458.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038460.exe


WARNING: [File is encrypted] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038462.exe


WARNING: [Unexpected end of block read] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038466.exe --> {app}\StarBurn_SuperVideoCD.iso


WARNING: [Unexpected end of block read] /media/Devices/sdg2/System Volume Information/_restore{8E702B01-F4CE-4372-B145-616A813731BB}/RP352/A0038466.exe --> {app}\StarBurn_VideoCD.iso


Statistics :
Directories............... : 75400
Archives.................. : 16677
Files..................... : 2468390
Infected.............. : 0
Warnings.............. : 36
Suspicious............ : 0
Infections................ : 0

Auffällig war lediglich das Windows Defender seit 35 Tagen nicht mehr durchgelaufen ist. Habe ich also nachgeholt mit einem komplett Scan -> System laut Windows Defender in Ordnung.

Zusätzlich habe ich auch noch "Kaspersky Rescue Disk 10" gebootet und damit mal einen Scan durhgeführt. Dort wurde auch nichts gefunden, allerdings waren meiner Ansicht nach nicht alle Laufwerke gemountet.

Danach noch einen Scan mit Malewarebytes Anti Maleware durchgeführt:

Code

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: TOBIAS [Administrator]

Schutz: Aktiviert

14.04.2012 09:26:27
mbam-log-2012-04-14 (09-26-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 630081
Laufzeit: 1 Stunde(n), 39 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine infizierten Objekte gefunden)

(Ende)

Zusätzlich noch MBRCheck.exe ausgeführt:

Code

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows 7 Professional
Windows Information:        Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:    ASUSTeK Computer INC.
BIOS Manufacturer:        American Megatrends Inc.
System Manufacturer:        System manufacturer
System Product Name:        System Product Name
Logical Drives Mask:        0x00000dfc

Kernel Drivers (total 155):
  0x02C4E000 \SystemRoot\system32\ntoskrnl.exe
  0x02C05000 \SystemRoot\system32\hal.dll
  0x00BA9000 \SystemRoot\system32\kdcom.dll
  0x00C24000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00C73000 \SystemRoot\system32\PSHED.dll
  0x00C87000 \SystemRoot\system32\CLFS.SYS
  0x00CE5000 \SystemRoot\system32\CI.dll
  0x00EA2000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F46000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F55000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FAC000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FB5000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00FBF000 \SystemRoot\system32\drivers\pci.sys
  0x00FF2000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E86000 \SystemRoot\system32\drivers\pciide.sys
  0x00E8D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00DA5000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00DBF000 \SystemRoot\system32\drivers\vmbus.sys
  0x00C00000 \SystemRoot\system32\drivers\winhv.sys
  0x0107C000 \SystemRoot\system32\drivers\iaStorV.sys
  0x01217000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x015B1000 \SystemRoot\system32\drivers\atapi.sys
  0x015BA000 \SystemRoot\system32\drivers\ataport.SYS
  0x015E4000 \SystemRoot\system32\drivers\amdxata.sys
  0x0119A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01200000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01626000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
  0x017C9000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01820000 \SystemRoot\System32\Drivers\cng.sys
  0x01892000 \SystemRoot\System32\drivers\pcw.sys
  0x018A3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x018AD000 \SystemRoot\system32\drivers\ndis.sys
  0x019A0000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01AAA000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01C9D000 \SystemRoot\System32\drivers\tcpip.sys
  0x01EA1000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01EEB000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01EFB000 \SystemRoot\system32\drivers\volsnap.sys
  0x01F47000 \SystemRoot\System32\Drivers\spldr.sys
  0x01F4F000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01F89000 \SystemRoot\System32\Drivers\mup.sys
  0x01F9B000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01FA4000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01FDE000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01C00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x047D6000 \SystemRoot\system32\drivers\cdrom.sys
  0x04400000 \SystemRoot\System32\Drivers\Null.SYS
  0x04409000 \SystemRoot\System32\Drivers\Beep.SYS
  0x04410000 \SystemRoot\System32\drivers\vga.sys
  0x01C3E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01C63000 \SystemRoot\System32\drivers\watchdog.sys
  0x0441E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01C73000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01C7C000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01C85000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01AD5000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01AE6000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01C90000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01B08000 \SystemRoot\system32\drivers\afd.sys
  0x01B91000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x01FF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x01BD6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x01A00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01A0F000 \SystemRoot\system32\DRIVERS\serial.sys
  0x01A2C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x01A6F000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01A8A000 \SystemRoot\system32\drivers\termdd.sys
  0x07270000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x072C1000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x072CD000 \SystemRoot\system32\drivers\mssmbios.sys
  0x072D8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x072E4000 \SystemRoot\System32\drivers\discache.sys
  0x072F3000 \SystemRoot\system32\drivers\csc.sys
  0x07376000 \SystemRoot\System32\Drivers\dfsc.sys
  0x07394000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x073A5000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x073AF000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x073D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x07200000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x07216000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x07856000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x074A3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x07597000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x07400000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x07424000 \SystemRoot\system32\drivers\usbehci.sys
  0x07435000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x0748B000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
  0x075DD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x08314000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x075EA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x075F2000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x08399000 \SystemRoot\system32\drivers\i8042prt.sys
  0x083B7000 \SystemRoot\system32\drivers\kbdclass.sys
  0x083C6000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x07499000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x083D6000 \SystemRoot\system32\drivers\ksthunk.sys
  0x07800000 \SystemRoot\system32\drivers\ks.sys
  0x083DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x01600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x083F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0864E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0867D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x08698000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x086B9000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x086D3000 \SystemRoot\system32\DRIVERS\tap0901.sys
  0x086E0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x086EB000 \SystemRoot\system32\drivers\mouclass.sys
  0x086FA000 \SystemRoot\system32\drivers\swenum.sys
  0x086FC000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x0870E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x08768000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0877D000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x08797000 \SystemRoot\system32\drivers\portcls.sys
  0x087D4000 \SystemRoot\system32\drivers\drmk.sys
  0x0941A000 \SystemRoot\system32\drivers\HdAudio.sys
  0x09476000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x04427000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x09484000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x09497000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x094B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x094B6000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x094C4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x094DD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x094E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x00050000 \SystemRoot\System32\win32k.sys
  0x094F3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x094FF000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00520000 \SystemRoot\System32\TSDDD.dll
  0x00760000 \SystemRoot\System32\cdd.dll
  0x0950D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x0952D000 \SystemRoot\system32\drivers\luafv.sys
  0x09550000 \SystemRoot\system32\drivers\WudfPf.sys
  0x09571000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x09586000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x03EC6000 \SystemRoot\system32\drivers\HTTP.sys
  0x03F8F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x03FAD000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x03FC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x03E4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03E72000 \SystemRoot\System32\Drivers\adfs.SYS
  0x068B1000 \SystemRoot\system32\drivers\peauth.sys
  0x06957000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06962000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06993000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06800000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x09259000 \SystemRoot\System32\DRIVERS\srv.sys
  0x77760000 \Windows\System32\ntdll.dll
  0x47960000 \Windows\System32\smss.exe
  0xFFA80000 \Windows\System32\apisetschema.dll
  0xFF7C0000 \Windows\System32\autochk.exe

Processes (total 53):
       0 System Idle Process
       4 System
     344 C:\Windows\System32\smss.exe
     452 csrss.exe
     532 C:\Windows\System32\wininit.exe
     544 csrss.exe
     592 C:\Windows\System32\services.exe
     608 C:\Windows\System32\lsass.exe
     616 C:\Windows\System32\lsm.exe
     652 C:\Windows\System32\winlogon.exe
     752 C:\Windows\System32\svchost.exe
     808 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
     960 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
     968 C:\Windows\System32\conhost.exe
    1004 C:\Windows\System32\svchost.exe
     472 C:\Windows\System32\atiesrxx.exe
     436 C:\Windows\System32\svchost.exe
     116 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\audiodg.exe
    1204 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\spoolsv.exe
    1464 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1484 C:\Windows\System32\svchost.exe
    1536 C:\Windows\System32\atieclxx.exe
    1652 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1760 C:\Program Files\Bonjour\mDNSResponder.exe
    1800 C:\Windows\System32\svchost.exe
    1840 C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    1928 C:\Windows\SysWOW64\svchost.exe
    1952 C:\Windows\System32\svchost.exe
    1988 C:\Windows\System32\svchost.exe
    2012 C:\Windows\SysWOW64\PnkBstrA.exe
    1308 C:\Windows\System32\svchost.exe
    1076 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1292 C:\Windows\System32\taskhost.exe
    2160 C:\Windows\System32\userinit.exe
    2172 C:\Windows\System32\dwm.exe
    2352 C:\Windows\explorer.exe
    2764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2800 C:\Windows\WindowsMobile\wmdc.exe
    3052 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2112 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
    2256 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    2316 C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
    2692 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
    2664 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    1596 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3020 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3016 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    3568 C:\Users\Admin\Desktop\MBRCheck.exe
    3580 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`08100000  (NTFS)
\\.\G: --> \\.\PhysicalDrive4 at offset 0x0000007d`00146e00  (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`08100000  (NTFS)

PhysicalDrive3 Model Number: INTELSSDSA2CW120G3, Rev: 4PC10302
PhysicalDrive2 Model Number: INTELSSDSA2CW120G3, Rev: 4PC10302
PhysicalDrive4 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
PhysicalDrive0 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
PhysicalDrive1 Model Number: WDCWD20EARS-00MVWB0, Rev: 51.0AB51

      Size  Device Name          MBR Status
  --------------------------------------------
    111 GB  \\.\PhysicalDrive3   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
   3726 GB  \\.\PhysicalDrive2   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive4   Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
   3726 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
   1863 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Hier ist auffällig das bei PhysicalDrive4 "Unknown MBR code" gemeldet wird.

Zum Schluss noch der OTL Log:

Code

OTL logfile created on: 13.04.2012 13:43:19 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 62,64% Memory free
11,99 Gb Paging File | 9,68 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 29,47 Gb Free Space | 26,39% Space Free | Partition Type: NTFS
Drive D: | 3725,90 Gb Total Space | 2662,07 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive E: | 500,00 Gb Total Space | 40,39 Gb Free Space | 8,08% Space Free | Partition Type: NTFS
Drive F: | 3725,90 Gb Total Space | 3529,20 Gb Free Space | 94,72% Space Free | Partition Type: NTFS
Drive G: | 431,51 Gb Total Space | 317,95 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive H: | 254,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1862,89 Gb Total Space | 1764,20 Gb Free Space | 94,70% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.04.13 13:25:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.03.18 16:50:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.17 21:34:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.05.19 15:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.19 15:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.06.01 09:26:34 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.04.11 13:08:12 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3b71a150b8fd174473cc7bd117ec4c1f\IAStorUtil.ni.dll
MOD - [2012.04.11 13:01:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.11 13:01:55 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.03.18 16:50:40 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.17 14:09:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 14:08:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.17 14:08:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 14:08:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.17 14:08:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.02 19:51:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7f855e46c807fffebd034a3a0ab7376a\IAStorCommon.ni.dll
MOD - [2012.01.02 19:50:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.30 13:34:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.17 21:34:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.12 15:27:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.10.12 15:27:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.19 15:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.01 09:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.02.15 18:18:49 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2011.12.05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.07.19 13:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2011.07.03 22:49:43 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.05.10 17:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:[b]64bit:[/b] - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:[b]64bit:[/b] - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.12.18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 BD 19 6B BA 39 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=de&q="
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.12 13:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 16:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 13:37:03 | 000,000,000 | ---D | M]
 
[2011.07.03 20:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.04.03 17:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jtcpqete.default\extensions
[2011.07.03 22:23:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jtcpqete.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.24 18:28:02 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jtcpqete.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012.03.28 21:54:41 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jtcpqete.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.10 17:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.12 13:37:01 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTCPQETE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTCPQETE.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTCPQETE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTCPQETE.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTCPQETE.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
[2012.03.18 16:50:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.19 09:41:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.19 09:41:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.19 09:41:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.03 22:30:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.19 09:41:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.19 09:41:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.19 09:41:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.12 15:29:23 | 000,001,364 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.1.6 NPI3E2444.fritz.box
O1 - Hosts: 192.168.1.6 drucker
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashFXP - Link helper plugin for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FLASHF~1\IEFlash.dll (OpenSight Software, LLC)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C08A4102-D302-4A93-99AA-8643C25CF6C3}: NameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:[b]64bit:[/b] {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: [b]AdobeCS5.5ServiceManager[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: [b]facemoods[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.04.13 13:25:16 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.04.13 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.04.13 13:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 13:08:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 13:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.13 13:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.10 17:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2012.03.30 14:37:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\www.coolstream.to
[2012.03.27 18:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.03.27 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.03.22 16:51:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (2)
[2012.03.20 20:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SeriousBit
[2012.03.19 18:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.03.19 18:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.03.19 18:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.03.19 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.03.19 18:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.04.13 13:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.13 13:25:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.04.13 13:08:31 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.13 12:58:45 | 000,080,384 | ---- | M] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2012.04.13 08:52:25 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 08:52:25 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 08:48:08 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.13 08:48:08 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.13 08:48:08 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.13 08:48:08 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.13 08:48:08 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.13 08:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.13 08:43:48 | 535,314,431 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.12 20:00:20 | 000,473,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.12 13:37:03 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.04.12 10:15:44 | 000,071,152 | ---- | M] () -- C:\Users\Admin\Desktop\sky-i12.png
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.27 18:36:38 | 001,399,222 | ---- | M] () -- C:\Users\Admin\Desktop\identity card.pdf
[2012.03.27 18:09:44 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012.03.23 19:50:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.23 19:50:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.23 19:49:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.19 18:06:53 | 000,002,054 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.04.13 13:08:31 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.13 12:58:45 | 000,080,384 | ---- | C] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2012.04.12 10:15:44 | 000,071,152 | ---- | C] () -- C:\Users\Admin\Desktop\sky-i12.png
[2012.03.30 13:34:46 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.27 18:36:38 | 001,399,222 | ---- | C] () -- C:\Users\Admin\Desktop\identity card.pdf
[2012.03.27 18:09:44 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012.03.19 18:06:53 | 000,002,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012.02.17 20:54:47 | 000,914,684 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2012.02.17 20:54:39 | 000,135,183 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012.02.17 20:44:12 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012.02.15 18:15:25 | 000,004,874 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.17 20:33:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\chrtmp
[2012.01.17 20:28:07 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.01 14:45:38 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.15 22:50:15 | 000,000,128 | ---- | C] () -- C:\Windows\kaillera.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.09 18:47:45 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.09 18:47:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.08 20:33:40 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2011.08.08 17:46:29 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.07.16 18:21:34 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.07.10 13:10:41 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat.temp
[2011.07.10 13:09:08 | 000,194,986 | ---- | C] () -- C:\Windows\hppins12.dat.temp
[2011.07.09 10:48:30 | 000,000,079 | ---- | C] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini
[2011.07.05 10:38:26 | 000,007,668 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.07.04 09:21:11 | 000,000,731 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.07.04 09:19:57 | 000,196,486 | ---- | C] () -- C:\Windows\hppins12.dat
[2011.07.04 09:19:57 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011.07.03 20:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012.01.16 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2011.07.18 12:26:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2011.07.03 22:55:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011.07.13 19:49:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.08.20 16:24:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kalypso Media
[2011.11.06 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.02.17 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012.02.23 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2012.01.18 23:04:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wargaming.net
[2012.01.15 10:59:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.07.03 20:17:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.06 20:14:03 | 000,000,000 | ---D | M] -- C:\AMD
[2011.07.03 20:21:22 | 000,000,000 | ---D | M] -- C:\ATI
[2011.07.04 09:19:21 | 000,000,000 | ---D | M] -- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
[2012.04.12 13:37:13 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.03 20:17:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.03 20:52:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.07.03 22:56:00 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.07.09 15:05:07 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.13 13:32:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.13 13:29:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.13 13:08:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.03 20:17:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.03 20:17:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.09 11:51:42 | 000,000,000 | ---D | M] -- C:\SymCache
[2012.04.13 13:44:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.15 18:17:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.13 08:43:44 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:66633281

< End of report >

Extra.txt

Code

OTL Extras logfile created on: 13.04.2012 13:35:00 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,38% Memory free
11,99 Gb Paging File | 9,79 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 29,45 Gb Free Space | 26,37% Space Free | Partition Type: NTFS
Drive D: | 3725,90 Gb Total Space | 2662,07 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive E: | 500,00 Gb Total Space | 40,39 Gb Free Space | 8,08% Space Free | Partition Type: NTFS
Drive F: | 3725,90 Gb Total Space | 3529,20 Gb Free Space | 94,72% Space Free | Partition Type: NTFS
Drive G: | 431,51 Gb Total Space | 317,95 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive H: | 254,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1862,89 Gb Total Space | 1764,20 Gb Free Space | 94,70% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B8FA866-D2B9-45EA-928D-61CF32735427}" = hppPQVideoCM2320
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D52D01-C65D-4A29-99E0-E02030597B4F}_is1" = Cities In Motion - Patch 1.0.22
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37F03AE9-D51D-4B1C-806F-3DA898E330BD}_is1" = Cities In Motion - Design Classics
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ACB6AF7-5C8F-4272-B487-7F6FBBEB8A5A}" = Intel® Solid-State Drive Toolbox
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{501E4F62-257C-4FCE-960C-ABA85DC60AB0}" = hppTLBXFXCM2320
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68416881-7697-46F7-BBAF-8741D5C3584F}_is1" = Cities In Motion - Design Marvels
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7B3050F8-E4DA-4276-8972-A75DC2A671A2}_is1" = Cities In Motion - Design Now
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{899EF246-6FF0-4A9C-9689-80C2CA0BD868}_is1" = Cities In Motion - Metro Stations
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.1
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C29DF2E-4EC8-485A-AAB9-A70727F29494}_is1" = Cities In Motion - Tokyo
"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD6FDE5E-FDA6-43CA-93B6-C90C9DB3FE52}_is1" = Cities In Motion - German Cities
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B11E789C-8A0B-470A-AB34-63CD65F9CE81}_is1" = Cities In Motion - U.S. Cities
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_14cffbe014b566bef9e9125ea146ab9" = Adobe Creative Suite 4 Master Collection
"ArtMoney PRO_is1" = ArtMoney PRO v7.35.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"ESN Sonar-0.70.4" = ESN Sonar
"HaaliMkx" = Haali Media Splitter
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"Semper Fi_is1" = Semper Fi 1.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"VLC media player" = VLC media player 1.1.11
"WFTK" = Canon Utilities WFT Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

In den letzten Tage wurde von mri eigentlich nur ein Windows Update durchgeführt, ob das aber damit zusammenhängt kann ich nicht sagen. Villeicht sieht einer von euch wo der Fehler liegt.

#2 Hallo und Willkommen

Die versteckten Daten deuten nicht auf Malware hin. Diese sind in Avira normal. Ich sehe auch nichts was auf Malware hindeutet. Macht das System dann probleme?

#3 Nein, sonst sind weiter keine Probleme aufgetreten. Avira meldet halt nur bei jedem Scan das versteckte Objekte gefunden wurden und will eine überprüfung mit Rescue CD.

Naja, ich werd das ganze mal in den nächsten Tagen beobachten.
Trotzdem vielen dank für deine Hilfe!

#4 Auch im AVIRA Forum steht überall dass man sich keine Sorgen machen soll.

#5 Ist dies denn eine neue "Funktion" Seiten Aviras? Ich habe das auch und hatte diese Meldung all die Jahre zuvor nie gehabt.
War anfangs ebenfalls erst einmal beunruhigt und habe einen rundum-Check gemacht...