Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.04.2012, 19:24   #1
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Hallo,

eben ist es passiert. Der Bildschirm wird dunkel und es erscheint ein Fenster welches darauf verweist das mein Bertiebssystem aus sicherheitsgründen gespert ist und ich 50 euro zum entsperren zahlen soll.

Da ich mich schon ein wenig auf diesem Forum informiert habe, habe ich beireits einen OTL scan gemach,die Daten sind hier:

OTL.Txt

Zitat:
OTL logfile created on: 11.04.2012 20:11:55 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sven Bruns\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,62% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 181,72 Gb Free Space | 63,52% Space Free | Partition Type: NTFS

Computer Name: SVENBRUNS-PC | User Name: Sven Bruns | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.11 20:10:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sven Bruns\Downloads\OTL.exe
PRC - [2012.03.27 10:52:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.30 11:05:16 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012.03.27 10:52:58 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.03.30 11:53:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.16 19:28:34 | 000,782,744 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.02 17:04:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.24 16:51:23 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012.02.15 19:06:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.23 01:50:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.08 06:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011.12.08 06:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2003.10.01 16:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F7572 63653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D2671 3D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = hxxp://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263 685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKCU\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F75726365 3D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3 310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 10:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:59:25 | 000,000,000 | ---D | M]

[2011.07.04 14:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Extensions
[2012.04.09 14:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions
[2012.03.01 23:32:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.09 14:49:29 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.27 10:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.29 21:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll
[2012.03.27 10:52:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 10:52:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.27 10:52:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 10:52:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 10:52:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 10:52:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Sven Bruns\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Sven Bruns\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [SkypePM] C:\Users\Sven Bruns\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sven Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB44992-72B9-4A4E-981C-7DC7054017FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ED7889-A2CF-4353-B564-5C4D19614B5D}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E26DC6-E663-4194-9968-55AE29797971}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.09 13:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.04.09 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.04.09 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2012.04.09 13:55:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.30 11:05:17 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Sven Bruns\AppData\Roaming\MinecraftSP.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.11 19:50:02 | 000,755,576 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.11 19:50:02 | 000,701,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.11 19:50:02 | 000,179,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.11 19:50:02 | 000,145,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.11 19:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.11 19:43:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.11 19:43:44 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012.04.11 19:43:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 19:43:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 19:14:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.11 18:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.08 23:09:51 | 003,428,106 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:06:30 | 001,827,981 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:45 | 000,113,029 | ---- | M] () -- C:\Users\Sven Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:59:43 | 001,453,975 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:59:32 | 001,654,842 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:48:36 | 000,340,720 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 083.jpg
[2012.04.08 22:47:00 | 000,374,754 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:59 | 000,284,968 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:54 | 001,846,819 | ---- | M] () -- C:\Users\Sven Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:41:09 | 001,303,838 | ---- | M] () -- C:\Users\Sven Bruns\Documents\DSC00177.JPG
[2012.04.08 22:37:02 | 000,513,318 | ---- | M] () -- C:\Users\Sven Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:32:15 | 001,523,339 | ---- | M] () -- C:\Users\Sven Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:31:24 | 001,471,248 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:56 | 000,914,610 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:36 | 000,336,904 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:33 | 000,424,028 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC19225.JPG
[2012.04.08 22:24:16 | 001,480,648 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:01:17 | 002,127,153 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:22:08 | 002,095,974 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:45:38 | 000,877,259 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:54 | 000,920,432 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:54 | 000,455,343 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9520_1.jpg
[2012.03.30 11:53:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.03.30 11:53:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.29 02:12:16 | 000,161,534 | ---- | M] () -- C:\Users\Sven Bruns\Documents\ultraschall22_3_12.jpg
[2012.03.18 22:28:38 | 001,831,556 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9678.JPG
[2012.03.18 22:26:19 | 002,215,457 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9679.JPG
[2012.03.18 21:13:25 | 000,128,903 | ---- | M] () -- C:\Users\Sven Bruns\Documents\2012-03-18 20-12-27.960.jpg
[2012.03.18 00:59:15 | 000,043,884 | ---- | M] () -- C:\Users\Sven Bruns\Documents\307148_230128800366385_100001078002048_622536_1426374_n.jpg
[2012.03.17 20:25:30 | 000,187,732 | ---- | M] () -- C:\Users\Sven Bruns\Documents\2012-03-17 19-21-36.904.jpg
[2012.03.16 22:37:27 | 000,765,600 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9629.JPG
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.08 23:04:56 | 003,428,106 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:03:24 | 001,827,981 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:12 | 000,113,029 | ---- | C] () -- C:\Users\Sven Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:55:15 | 001,453,975 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:54:24 | 001,654,842 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:47:57 | 000,340,720 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 083.jpg
[2012.04.08 22:46:40 | 000,374,754 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:42 | 000,284,968 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:18 | 001,846,819 | ---- | C] () -- C:\Users\Sven Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:40:35 | 001,303,838 | ---- | C] () -- C:\Users\Sven Bruns\Documents\DSC00177.JPG
[2012.04.08 22:36:43 | 000,513,318 | ---- | C] () -- C:\Users\Sven Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:31:45 | 001,523,339 | ---- | C] () -- C:\Users\Sven Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:30:54 | 001,471,248 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:31 | 000,914,610 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:28 | 000,336,904 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:12 | 000,424,028 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC19225.JPG
[2012.04.08 22:22:31 | 001,480,648 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:00:43 | 002,127,153 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:20:47 | 002,095,974 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:44:27 | 000,877,259 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:00 | 000,920,432 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:22 | 000,455,343 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9520_1.jpg
[2012.03.30 11:05:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 02:12:00 | 000,161,534 | ---- | C] () -- C:\Users\Sven Bruns\Documents\ultraschall22_3_12.jpg
[2012.03.18 22:28:08 | 001,831,556 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9678.JPG
[2012.03.18 22:25:43 | 002,215,457 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9679.JPG
[2012.03.18 21:13:18 | 000,128,903 | ---- | C] () -- C:\Users\Sven Bruns\Documents\2012-03-18 20-12-27.960.jpg
[2012.03.18 00:59:05 | 000,043,884 | ---- | C] () -- C:\Users\Sven Bruns\Documents\307148_230128800366385_100001078002048_622536_1426374_n.jpg
[2012.03.17 20:25:16 | 000,187,732 | ---- | C] () -- C:\Users\Sven Bruns\Documents\2012-03-17 19-21-36.904.jpg
[2012.03.16 22:37:04 | 000,765,600 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9629.JPG
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.17 20:14:16 | 000,093,675 | ---- | C] () -- C:\Users\Sven Bruns\AppData\Roaming\Uninstal.exe
[2011.01.03 15:38:23 | 000,131,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.27 21:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.10.02 14:48:00 | 000,000,317 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.07.30 19:28:16 | 000,000,099 | ---- | C] () -- C:\Users\Sven Bruns\AppData\Local\fusioncache.dat
[2010.07.11 22:32:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.07 18:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.01 18:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66

< End of report >
Und der Extras.Txt

Zitat:
OTL Extras logfile created on: 11.04.2012 20:11:55 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sven Bruns\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,62% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 181,72 Gb Free Space | 63,52% Space Free | Partition Type: NTFS

Computer Name: SVENBRUNS-PC | User Name: Sven Bruns | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FE855C-49F7-4321-9018-E99D2911BF74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A5EC315-BD8D-4DE7-834C-B81584352EA3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31587F4E-0104-44DE-9ACE-481F9B5F6876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37731CA7-924B-4C2F-BA83-C0AD103DC263}" = rport=138 | protocol=17 | dir=out | app=system |
"{397AD80C-58B7-45F7-A0E6-2561DA60847E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F01B11E-EBB4-44AA-B86F-35032AE80884}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EEF9F08-E1AD-4210-B535-345D548166EC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5887F2E8-EEBD-4B8B-ACD4-9FE3A58B878A}" = rport=445 | protocol=6 | dir=out | app=system |
"{68B6B7EB-111F-4F8A-9D85-3B966523DD15}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FEE1401-3489-4DAA-9D6D-D058EE7B3534}" = lport=139 | protocol=6 | dir=in | app=system |
"{726543D5-FAB1-4B3C-BC24-4602B2FB8BC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76336373-76D3-4DDF-894D-4ABA685C6A64}" = rport=139 | protocol=6 | dir=out | app=system |
"{880AF3BE-D86B-402A-8ABE-1004061693AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{90864EDA-C1FB-45CF-83D4-F8E3F8694C1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{975A30BD-730A-4DB6-9449-24DFDB342A8D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A07A428-AFC1-41C3-9D3A-95C51752417A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9B62E070-05E8-4BE1-AEE8-6F0EB05A0CEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8BAC809-D972-4348-A0E3-7FBA92C3E1EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{E673FD2A-666F-4FDC-AA7F-3637F1C0A0B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{E813D9B0-36E4-4BAA-9081-6A8DF6D9D6D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F43885FE-9E67-4C99-AE9E-7DEA8F7B3621}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E2786-D70F-42C2-BC1F-7BEC6532F82E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{040AC6FD-3F6F-4FE8-9C2C-80CF5C673344}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{052F5F46-C69D-41E9-B495-1A66671257EA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{07951826-83F7-4F4F-8C0C-EF9307F4BA14}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{090EEF73-8C10-4983-88BC-747B14CC08D2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0A43F416-7341-492E-A864-6ADF67CB0407}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{13252E86-40BE-4561-A447-931FDA2584B8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{17230C58-6E76-4F9E-89D2-F43C4DB9FFC8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{1B2D38EF-98C3-41FC-826A-5269ACED6DAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D9455D0-E7B2-49CA-A4E8-80B7607F0F52}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{1E1E92B4-1205-4A01-A3B6-EFEDE8656CA3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1F20EAEA-C475-40F9-B9AD-3582DFAC0292}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2364F9BC-6D3E-4614-BEC8-0AACCEBD6670}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2419BFE0-D490-4A1D-8251-F6A6E8D788FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{263E06CB-7C1D-47E8-BF54-CD01F986946D}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{2FEB73DF-B192-4219-9D3A-EF7F00D70851}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{31BD00FD-E22B-468D-8ED8-00FEA44FB403}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{349923A8-3E77-454A-98A3-E3009ED37409}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{34D95A5D-786A-46E8-ADDC-C9E9D3EEE051}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B7DCAF3-2D8D-48CB-B7D7-98295FA6FA11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4063F404-F4AC-4A41-9A50-CE7A9384AE79}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{42ECDD52-6A2F-4F42-9BDE-68CAEA3F9787}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4E953062-C043-42B0-8D9A-D3392CB58126}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{50C88C0B-E181-4AB9-95ED-0096EE7C711C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{51C99631-8034-4DA3-B36A-BDFD7CCF5BDA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{55E76D07-3AD3-41D7-8887-2419749DE8F5}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5C2A7B3E-D5B2-42CC-BC26-3D18958E61D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E0D774A-88BD-4505-AE95-50C89E6D00E9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{63343252-0E01-4E90-AF71-F62AD7A5FB76}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6816091F-1B0C-48FA-BD42-F4E090CD2522}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{697FE200-23BD-4834-B23D-49F57A48633A}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{6A6F3CC2-C12B-4E0A-A35F-44BACF90BA67}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{6CE7BB9B-02D8-4207-B251-7822DBB469E5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{728986F6-E75E-4F08-AA72-C2AFAF2E7C55}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B790699-A844-4434-8562-9BFB0CEDFA1C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{86D4181E-E957-42A4-957F-DD88F9D9CA92}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8BD773B1-8CE9-42F6-AACB-48646E22D0C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{92BD4ADA-C001-4727-B148-834050D99BEB}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{94A48538-A729-46C9-8E9B-B7DED674B721}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9565A9AC-D7C7-4B3B-BECD-2276B4E37696}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{968001CE-8AAE-44B4-98CD-E0FC546E5EFA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{968F929F-3B4A-4EBE-9DEF-9AB304AD2968}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{9AC5B61E-E937-4376-8F5A-4510E8184AA4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9BBCCB8F-7758-4B60-9068-CBB6B744240F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C83B037-057B-4680-9B63-09DFBD531D78}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{9D2AD973-D2AE-4C22-8716-C96F995DD8B8}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{A016B58D-602C-44E4-B027-9ADBD1D437D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A06D9415-C45D-4E73-A393-8F49194588F7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A2A48BA5-D9F4-4F1B-9E78-BF74B920C429}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A467D61E-8325-40B6-9E8B-FD81E2D7A087}" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"{B21CCDFA-579D-4A01-A5F7-1A5637F4F593}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{B6F89355-668C-42A8-A210-CE549DC0628B}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{C2564A1D-5607-4933-8260-D2D173EDA93D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C53A8478-74AF-4447-A58C-222A2061B18D}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{CBF6AF06-B065-4AC8-9A70-438D440FA897}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{CD71B661-0A6B-4893-8538-5A8FC07E5ED4}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D414B8D9-9FB4-45C2-AA96-163DBEC62FF1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D8BD469B-9C8A-4475-9D04-2466B8945A8B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DDA30025-88BA-4907-9488-221BB551BC7F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E3F31649-0629-43FA-9F5D-D1B2EB12BD67}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7DBDE06-81EA-42A0-8275-BB3841861E6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA842413-33E1-4292-B790-48052C5D1CE4}" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"{EFD652FB-74C1-4AED-ADDB-AF3D42547B19}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{FFBD26DB-2736-42B4-9DCF-DC6B9B8EA31A}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{033563FE-AAFF-4A89-828F-4432081EB919}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{0F99EC1F-8947-445A-9B1C-3839C9916A1D}C:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{109E00C9-A268-44CC-AF09-0BA5F80639AD}C:\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{17B07D08-3867-49A0-9DE2-61C88AD38179}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{1AF8B40A-862A-4000-A4A3-211F0EC548FA}C:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe |
"TCP Query User{1B0E52DF-EC91-4578-851B-FFE8E4984445}C:\program files\icq7.013_58_25\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"TCP Query User{369679C6-1D84-4D95-BD8F-E402C801C755}C:\users\sven bruns\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{3A0D9053-4D9B-44B9-9AB2-7E386685312D}C:\users\sven bruns\downloads\maestia-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader(2).exe |
"TCP Query User{4B3E27CC-8C22-4EA2-B38D-B1E0DC52A346}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{4C13F984-8591-4CE6-AAD0-664492B85C6E}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{632D1759-28C8-4028-BF98-59DBD2153196}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{6988E270-9E70-4C56-89A3-28B448D15847}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{6F015FD0-5D3E-472D-9ECC-3AEAB36639B4}C:\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\metin2\metin2.bin |
"TCP Query User{7BB45777-7D7E-4DC9-A4D6-F6B1BFDCA2A2}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8391AECD-BBEA-491C-A9A1-5A3D17BE7DF9}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{8CF84167-562F-488A-B08F-F05928C7A960}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{93B66497-BCAA-4386-889B-16F06ACE399F}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{ADABDB29-5822-4B9B-90A3-D21536905A03}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{BACD5A20-7BAF-40B7-B5D3-DC1D62382D8C}C:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe |
"TCP Query User{BBA0FF9A-DB54-45C0-86EE-D6D87D2E887F}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{C69ABFD5-1C1E-4139-A212-C95E1D95D628}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{CB66F115-ADD0-4764-938F-EB503DA7F36F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3568211-70A9-40A6-A872-117E8C0E6CC0}C:\users\sven bruns\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader.exe |
"TCP Query User{F13F40AF-1555-4E56-AE7B-946EBF7756CD}C:\users\sven bruns\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F2F63EEC-EC62-41ED-B6E8-2EE3DA6C22DC}C:\program files\icq7.013_58_25\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"TCP Query User{FEC41743-1039-4049-A5AB-11B5EF5C0E2B}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
"UDP Query User{09020D36-228C-4838-8A53-0F521B5904BA}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{0E8FD9F3-7674-46F0-8422-9861E3ECD66C}C:\users\sven bruns\downloads\maestia-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader(2).exe |
"UDP Query User{13BB40F1-5CD7-44EA-96ED-3F71653EA281}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{141CE644-2C54-4BF6-A264-6DEAEFACCC99}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{14BA1B52-059C-41D0-9D0B-84AB5A1F2495}C:\program files\icq7.013_58_25\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"UDP Query User{1F217F20-B746-42B0-ACE8-EC8106D4254B}C:\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\metin2\metin2.bin |
"UDP Query User{1FC71B10-5AC5-449A-B5F6-91F4B59D80DA}C:\program files\icq7.013_58_25\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"UDP Query User{2CED225B-6DF6-4022-BA58-E0339FDA0DBF}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{3EE5CA3A-8C11-4F36-878A-5F535FAFB732}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{42D1B247-BAC0-496A-B2CF-6A87FB434F7B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{440263AB-1C5C-47DD-920E-CF425DA7C523}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{47C99A0E-7E88-4B38-8220-94FB6ACC2929}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
"UDP Query User{7A5D1BD6-C043-4175-AA31-C4F69954E0BB}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{82229CC6-E4A4-483A-A60A-2AA7E65B6ED9}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{8E768C10-14A0-4FFB-AA35-EFC042C54814}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{9FD5420B-4F32-4921-B265-6BD346FDB126}C:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe |
"UDP Query User{A3AA958B-0C1D-45B2-BE03-A0F203E390D1}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"UDP Query User{AAA24C0D-70DE-4769-959C-59DC48251E31}C:\users\sven bruns\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B09F60C8-85AD-4214-BD40-404A816D22E2}C:\users\sven bruns\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader.exe |
"UDP Query User{B564AD2B-0112-496C-95B8-9108E82BAB05}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{C4F6FA83-5C69-4DB7-B97A-1400476C17AC}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{C9B91EF9-168A-4FD4-A056-5EF9E071CD46}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{CF3B8A68-5756-48FD-A5DD-3ADD8F673C58}C:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{D2E74216-4CA4-444F-A87C-BC9C9D5A834A}C:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe |
"UDP Query User{D32BDB7B-3479-4498-AE1D-818727DF448D}C:\users\sven bruns\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{EA1434F3-8173-4C9C-A5C8-B262A64D4A1F}C:\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF163C0-7019-4d01-ADCF-0E1D386C7141}" = IObit Toolbar v5.2
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE39C8A5-C98D-4702-807F-265FCF9F54FD}" = TubeBox!
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D53073B2-2504-4D58-BC66-4DE4E19F54B3}_is1" = Yaric version 3.4.2.0
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABM" = ABM 1.1
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602
"Game Booster_is1" = Game Booster 3
"GridVista" = Acer GridVista
"iLivid" = iLivid
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"Neffy" = Neffy 1,3,29,0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"SearchAnonymizer" = SearchAnonymizer
"Steam App 105600" = Terraria
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Two Worlds Pinball" = Two Worlds Pinball
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.01.2011 17:39:40 | Computer Name = SvenBruns-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.01.2011 17:39:40 | Computer Name = SvenBruns-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15.01.2011 10:51:36 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2011 12:20:00 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2011 12:34:46 | Computer Name = SvenBruns-PC | Source = VSS | ID = 8194
Description =

Error - 15.01.2011 12:43:20 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000006, Fehleroffset 0x00003596, Prozess-ID 0x1780, Anwendungsstartzeit 01cbb4d2b45d3410.

Error - 15.01.2011 12:43:31 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit
der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern;
oder der Datenträger fehlt. Das Programm 1602 wurde wegen dieses Fehlers geschlossen.

Programm:
1602 Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000013 Datenträgertyp: 0

Error - 15.01.2011 17:15:27 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000005, Fehleroffset 0x00003596, Prozess-ID 0x290, Anwendungsstartzeit 01cbb4d651cc9c60.

Error - 15.01.2011 21:25:28 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000005, Fehleroffset 0x00003596, Prozess-ID 0xf4c, Anwendungsstartzeit 01cbb4f95ea04810.

Error - 16.01.2011 05:14:33 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.04.2012 13:41:15 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11.04.2012 13:44:50 | Computer Name = SvenBruns-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.

Error - 11.04.2012 13:45:40 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:50 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:51 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:54 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:55 | Computer Name = SvenBruns-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11.04.2012 13:46:44 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11.04.2012 13:46:44 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.04.2012 14:17:50 | Computer Name = SvenBruns-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.


< End of report >

Alt 12.04.2012, 13:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 15.04.2012, 09:29   #3
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



okay also ich war die letzten tage leider verhindert und konnte deshalb die scans erst heute beenden
hier ist der malware log
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.12.08

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Sven  Bruns :: SVENBRUNS-PC [Administrator]

12.04.2012 21:42:45
mbam-log-2012-04-13 (14-09-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440017
Laufzeit: 1 Stunde(n), 39 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         
und der ESET log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f339e44a02989843937111a2ce7bdb45
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-13 03:03:20
# local_time=2012-04-13 05:03:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 15552598 15552598 0 0
# compatibility_mode=5892 16776574 100 100 6111378 171852065 0 0
# compatibility_mode=8192 67108863 100 0 233 233 0 0
# scanned=239592
# found=10
# cleaned=0
# scan_time=10063
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe	a variant of Win32/1AntiVirus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMVLYZC3\iobitToolbar[1].msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2bd26fa9-14a14f5f	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\empire_earth__ultimate_edition.exe	a variant of Win32/MediaGet application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gb3-setup(1).exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gb3-setup.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gtk2120-setup.exe	a variant of Win32/1AntiVirus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f339e44a02989843937111a2ce7bdb45
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 12:16:53
# local_time=2012-04-15 02:16:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 15672177 15672177 0 0
# compatibility_mode=5892 16776573 100 100 6230957 171971644 0 0
# compatibility_mode=8192 67108863 100 0 119812 119812 0 0
# scanned=241562
# found=10
# cleaned=0
# scan_time=10097
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe	a variant of Win32/1AntiVirus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMVLYZC3\iobitToolbar[1].msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2bd26fa9-14a14f5f	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\empire_earth__ultimate_edition.exe	a variant of Win32/MediaGet application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gb3-setup(1).exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gb3-setup.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\gtk2120-setup.exe	a variant of Win32/1AntiVirus application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 15.04.2012, 16:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2012, 21:24   #5
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Vielen Vielen Dank
Nachdem ich den malwarescan wiederholt habe und dir ergebnisse gelöscht habe läuft mein pc nun wieder einwandfrei )
Ein herzlichen dank an das Team


Alt 16.04.2012, 11:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Ja wir sind hier aber noch nicht fertig

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€

Alt 17.04.2012, 23:12   #7
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Also1. ja alles läuft wieder uneingeschränkt
und2. ich habe eben durchgeguckt ich vermisse keine Daten oder ähnliches

Alt 18.04.2012, 12:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2012, 15:30   #9
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Tut mir leid das ich mich so lange nicht gemeldet habe bei uns ist ein blitz eingeschlagen und es gab probleme mit dem neuen router
aber hier der OTL log
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

Alt 24.04.2012, 15:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Ich will ein Log sehen und nicht das was ich selbst gepostet hab
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2012, 16:15   #11
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



jaa okay tut mir leid ich habe vergessen beim log auf kopieren zu gehen
jetzt aber meiner

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.04.2012 16:08:12 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sven  Bruns\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 71,81% Memory free
6,23 Gb Paging File | 5,59 Gb Available in Paging File | 89,66% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 180,33 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
 
Computer Name: SVENBRUNS-PC | User Name: Sven  Bruns | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.11 20:10:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sven  Bruns\Downloads\OTL.exe
PRC - [2012.02.21 15:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Programme\IObit\Game Booster\gbtray.exe
PRC - [2011.10.27 10:36:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009.03.05 09:43:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.05 13:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.22 13:14:15 | 020,297,512 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.04.22 13:14:14 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2012.04.22 13:14:14 | 000,907,048 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.04.22 13:14:14 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.04.22 13:14:14 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2011.12.15 16:16:32 | 000,516,440 | ---- | M] () -- C:\Programme\IObit\Game Booster\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.15 23:53:19 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.02 17:04:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.24 16:51:23 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012.02.15 19:06:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.04 16:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011.12.23 01:50:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.08 06:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011.12.08 06:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2003.10.01 16:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = hxxp://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 10:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:59:25 | 000,000,000 | ---D | M]
 
[2011.07.04 14:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Extensions
[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions
[2012.03.01 23:32:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.27 10:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.29 21:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll
[2012.03.27 10:52:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 10:52:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.27 10:52:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 10:52:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 10:52:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 10:52:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [Akamai NetSession Interface] "C:\Users\Sven  Bruns\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [MediaGet2] C:\Users\Sven  Bruns\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sven  Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB44992-72B9-4A4E-981C-7DC7054017FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ED7889-A2CF-4353-B564-5C4D19614B5D}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E26DC6-E663-4194-9968-55AE29797971}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 4StoryPrePatch - hkey= - key= - C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.17 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.17 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.04.16 20:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.04.16 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.04.16 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2012.04.13 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.12 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Sven  Bruns\AppData\Roaming\Malwarebytes
[2012.04.12 21:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.12 21:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.12 21:16:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.12 21:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.11 21:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.11 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.30 11:05:17 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Sven  Bruns\AppData\Roaming\MinecraftSP.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.24 14:48:59 | 000,001,356 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Local\d3d9caps.dat
[2012.04.24 14:12:52 | 000,755,576 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.24 14:12:52 | 000,701,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.24 14:12:52 | 000,179,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.24 14:12:52 | 000,145,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.24 14:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.24 14:06:06 | 000,000,870 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk
[2012.04.24 13:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.24 13:49:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 13:49:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 13:49:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.24 13:49:10 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012.04.24 00:14:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.23 21:48:53 | 002,116,023 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1833.JPG
[2012.04.23 21:48:44 | 001,942,801 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1722.JPG
[2012.04.21 00:16:34 | 000,002,529 | ---- | M] () -- C:\Users\Sven  Bruns\Desktop\TubeBox! starten.lnk
[2012.04.17 22:17:33 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.17 01:31:17 | 001,718,986 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_5966_Prismen.jpg
[2012.04.17 01:23:55 | 001,595,751 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1571.JPG
[2012.04.15 23:53:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.15 23:53:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.15 23:33:34 | 000,083,860 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1565_1-tile.jpg
[2012.04.12 21:16:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.11 21:03:07 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.08 23:09:51 | 003,428,106 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:06:30 | 001,827,981 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:45 | 000,113,029 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:59:43 | 001,453,975 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:59:32 | 001,654,842 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:48:36 | 000,340,720 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 083.jpg
[2012.04.08 22:47:00 | 000,374,754 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:59 | 000,284,968 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:54 | 001,846,819 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:41:09 | 001,303,838 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\DSC00177.JPG
[2012.04.08 22:37:02 | 000,513,318 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:32:15 | 001,523,339 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:31:24 | 001,471,248 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:56 | 000,914,610 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:36 | 000,336,904 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:33 | 000,424,028 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC19225.JPG
[2012.04.08 22:24:16 | 001,480,648 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:01:17 | 002,127,153 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:22:08 | 002,095,974 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:45:38 | 000,877,259 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:54 | 000,920,432 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:54 | 000,455,343 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9520_1.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.29 02:12:16 | 000,161,534 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\ultraschall22_3_12.jpg
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.24 14:06:06 | 000,000,870 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk
[2012.04.23 21:48:15 | 002,116,023 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1833.JPG
[2012.04.23 21:47:49 | 001,942,801 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1722.JPG
[2012.04.17 01:30:45 | 001,718,986 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_5966_Prismen.jpg
[2012.04.17 01:23:24 | 001,595,751 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1571.JPG
[2012.04.15 23:33:19 | 000,083,860 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1565_1-tile.jpg
[2012.04.12 21:16:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.11 21:03:07 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.08 23:04:56 | 003,428,106 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:03:24 | 001,827,981 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:12 | 000,113,029 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:55:15 | 001,453,975 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:54:24 | 001,654,842 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:47:57 | 000,340,720 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 083.jpg
[2012.04.08 22:46:40 | 000,374,754 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:42 | 000,284,968 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:18 | 001,846,819 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:40:35 | 001,303,838 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\DSC00177.JPG
[2012.04.08 22:36:43 | 000,513,318 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:31:45 | 001,523,339 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:30:54 | 001,471,248 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:31 | 000,914,610 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:28 | 000,336,904 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:12 | 000,424,028 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC19225.JPG
[2012.04.08 22:22:31 | 001,480,648 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:00:43 | 002,127,153 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:20:47 | 002,095,974 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:44:27 | 000,877,259 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:00 | 000,920,432 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:22 | 000,455,343 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9520_1.jpg
[2012.03.30 11:05:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 02:12:00 | 000,161,534 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\ultraschall22_3_12.jpg
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.17 20:14:16 | 000,093,675 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Uninstal.exe
[2011.01.03 15:38:23 | 000,131,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.27 21:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.10.02 14:48:00 | 000,000,317 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.07.30 19:28:16 | 000,000,099 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Local\fusioncache.dat
[2010.07.11 22:32:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.07 18:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.01 18:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.29 16:00:01 | 000,000,000 | -HSD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.#
[2012.01.04 00:11:28 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.minecraft
[2010.01.19 15:22:43 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Acer
[2009.04.26 11:08:56 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Acer GameZone Console
[2010.01.01 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Adobe
[2012.01.18 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Apple Computer
[2010.03.09 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Audacity
[2011.10.16 14:06:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Avira
[2011.04.20 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\BitZipper
[2010.01.01 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Corel
[2012.04.15 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DAEMON Tools Lite
[2011.02.05 21:10:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DivX
[2010.08.17 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.25 23:56:22 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Firefly Studios
[2011.06.10 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\FLEXnet
[2010.07.25 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\FOG Downloader
[2012.02.13 20:20:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\GetRightToGo
[2011.12.30 16:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\GHISLER
[2011.05.24 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Google
[2011.02.03 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\gtk-2.0
[2012.04.23 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\icq
[2009.12.30 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Identities
[2011.10.16 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\InstallShield
[2010.01.01 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\InterVideo
[2011.08.13 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Jens Lorek
[2009.12.30 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Leadertech
[2011.06.05 22:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\LolClient
[2009.12.30 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Macromedia
[2012.04.12 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Media Center Programs
[2012.02.25 17:33:57 | 000,000,000 | --SD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft
[2011.07.04 14:27:27 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Mozilla
[2012.02.15 22:06:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\MyPhoneExplorer
[2012.01.20 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\NVIDIA
[2010.03.01 16:31:41 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\OCS
[2010.10.06 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\OpenOffice.org
[2011.12.30 16:32:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Opera
[2010.12.27 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\PhotoScape
[2010.06.01 18:25:52 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\PlayFirst
[2012.02.13 16:24:07 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung
[2009.12.31 16:37:47 | 000,000,000 | RH-D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\SecuROM
[2011.05.25 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Sierra
[2010.04.28 19:54:40 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Sierra Entertainment
[2012.04.24 00:49:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Skype
[2010.12.11 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\skypePM
[2012.02.01 16:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Softpark
[2011.12.17 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Spore
[2010.05.13 10:45:53 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Teeworlds
[2010.09.01 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\TubeBox
[2011.06.10 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Vodafone
[2010.01.01 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.20 16:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Sven  Bruns\AppData\Roaming\MinecraftSP.exe
[2011.05.17 20:14:20 | 000,093,675 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Uninstal.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_2213260d.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_3b251e1f.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_45091238.exe
[2010.08.16 20:06:36 | 000,003,262 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_4e45323b.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_63cb6bfc.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_6b8930a.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_6e5d1ad4.exe
[2010.08.16 20:06:36 | 000,003,262 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_701f5d03.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_7a5a767d.exe
[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_7f967ff5.exe
[2010.09.01 17:37:37 | 000,009,662 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe
[2011.08.13 00:27:53 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe
[2012.02.06 21:39:04 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe
[2011.06.26 17:05:38 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe
[2010.09.01 17:39:23 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe
[2010.12.20 21:07:14 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2012.04.21 00:16:34 | 000,010,134 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_7F7458BFD582C00FF78826.exe
[2012.04.21 00:16:34 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_853F67D554F05449430E7E.exe
[2012.04.21 00:16:34 | 000,355,574 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_E460DD8AE65E9AE8A7F8F8.exe
[2012.04.21 00:16:34 | 000,355,574 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_EF47F7F6FC8D853BE6A60C.exe
[2012.04.21 00:16:34 | 000,080,992 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_FEB897155D11C908CCA7A9.exe
[2011.06.05 14:07:10 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.02.24 16:51:23 | 000,040,960 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012.03.01 23:37:12 | 000,106,408 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.01 23:37:12 | 000,101,288 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.01 23:37:12 | 000,021,416 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\drivers\atapi.sys
[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_90788e4d\atapi.sys
[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22375_none_dd7b1aaf3adbaafe\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.11.06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6be1d3ca\atapi.sys
[2008.11.06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22303_none_ddc4c98f3aa4b4b9\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66

< End of report >
         
--- --- ---

Alt 24.04.2012, 18:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = http://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found
[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [Akamai NetSession Interface] "C:\Users\Sven  Bruns\AppData\Local\Akamai\netsession_win.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2012.04.16 20:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.04.24 14:06:06 | 000,000,870 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk
[2010.01.29 16:00:01 | 000,000,000 | -HSD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.#
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66
:Files
C:\Program Files\Common Files\Spigot
C:\Programme\IObit Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2012, 19:19   #13
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Also ich habe jetzt den Fix durchgeführt und nach dem Neustart des Pc's hat sich ein txt Dokument geöffnet mit folgendem Inhalt
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B5DF01E-94F3-4B82-9700-139A992F3241}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51E04947-AB45-42CE-858E-F6FD1C8D479B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5563AAF7-7046-4495-8335-DC629DF6396A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68DD83F7-F025-42FC-878B-74D33BF624D6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7618F766-ED79-48CE-9260-513B449259D0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE40754-0A3B-4F03-B024-444150929C91}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9626998A-4368-4575-B283-513944583C6C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=382950&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.facebook.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=" removed from keyword.URL
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\IOBIT TOOLBAR\FF folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
File C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
File C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\ not found.
File E:\umenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.
File D:\arun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Program Files\Application Updater folder moved successfully.
C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk moved successfully.
C:\Users\Sven  Bruns\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:E1982A23 deleted successfully.
ADS C:\ProgramData\TEMP:814B9485 deleted successfully.
ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:35759C73 deleted successfully.
ADS C:\ProgramData\TEMP:6C5EC3CD deleted successfully.
ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:4A0829E0 deleted successfully.
ADS C:\ProgramData\TEMP:BB24555F deleted successfully.
ADS C:\ProgramData\TEMP:F6C0CA66 deleted successfully.
========== FILES ==========
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
File\Folder C:\Programme\IObit Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sven  Bruns
->Temp folder emptied: 292474697 bytes
->Temporary Internet Files folder emptied: 275102502 bytes
->Java cache emptied: 443321 bytes
->FireFox cache emptied: 1129173127 bytes
->Flash cache emptied: 9515 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2258076 bytes
RecycleBin emptied: 6059542 bytes
 
Total Files Cleaned = 1.627,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sven  Bruns
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.41.0 log created on 04242012_200755

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 24.04.2012, 19:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2012, 19:29   #15
Gyroyoy
 
Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Standard

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€



okay hier das Log vom Kaspersky
Code:
ATTFilter
20:26:25.0869 5420	TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
20:26:26.0531 5420	============================================================
20:26:26.0532 5420	Current date / time: 2012/04/24 20:26:26.0531
20:26:26.0532 5420	SystemInfo:
20:26:26.0532 5420	
20:26:26.0532 5420	OS Version: 6.0.6002 ServicePack: 2.0
20:26:26.0532 5420	Product type: Workstation
20:26:26.0532 5420	ComputerName: SVENBRUNS-PC
20:26:26.0533 5420	UserName: Sven  Bruns
20:26:26.0533 5420	Windows directory: C:\Windows
20:26:26.0533 5420	System windows directory: C:\Windows
20:26:26.0533 5420	Processor architecture: Intel x86
20:26:26.0533 5420	Number of processors: 2
20:26:26.0533 5420	Page size: 0x1000
20:26:26.0533 5420	Boot type: Normal boot
20:26:26.0533 5420	============================================================
20:26:27.0289 5420	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:26:27.0296 5420	============================================================
20:26:27.0297 5420	\Device\Harddisk0\DR0:
20:26:27.0297 5420	MBR partitions:
20:26:27.0297 5420	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x23C2D800
20:26:27.0297 5420	============================================================
20:26:27.0331 5420	C: <-> \Device\Harddisk0\DR0\Partition0
20:26:27.0331 5420	============================================================
20:26:27.0331 5420	Initialize success
20:26:27.0331 5420	============================================================
20:26:29.0721 4756	============================================================
20:26:29.0721 4756	Scan started
20:26:29.0721 4756	Mode: Manual; 
20:26:29.0721 4756	============================================================
20:26:30.0238 4756	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:26:30.0247 4756	ACPI - ok
20:26:30.0398 4756	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:30.0402 4756	AdobeFlashPlayerUpdateSvc - ok
20:26:30.0496 4756	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:26:30.0508 4756	adp94xx - ok
20:26:30.0560 4756	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:26:30.0594 4756	adpahci - ok
20:26:30.0632 4756	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:26:30.0635 4756	adpu160m - ok
20:26:30.0716 4756	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:26:30.0721 4756	adpu320 - ok
20:26:30.0785 4756	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:26:30.0786 4756	AeLookupSvc - ok
20:26:30.0872 4756	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:26:30.0884 4756	AFD - ok
20:26:30.0937 4756	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:26:30.0940 4756	agp440 - ok
20:26:30.0983 4756	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:26:30.0986 4756	aic78xx - ok
20:26:31.0025 4756	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:26:31.0030 4756	ALG - ok
20:26:31.0067 4756	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:26:31.0069 4756	aliide - ok
20:26:31.0124 4756	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:26:31.0126 4756	amdagp - ok
20:26:31.0167 4756	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:26:31.0168 4756	amdide - ok
20:26:31.0204 4756	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:26:31.0206 4756	AmdK7 - ok
20:26:31.0207 4756	Scan interrupted by user!
20:26:31.0208 4756	Scan interrupted by user!
20:26:31.0208 4756	Scan interrupted by user!
20:26:31.0208 4756	============================================================
20:26:31.0208 4756	Scan finished
20:26:31.0208 4756	============================================================
20:26:31.0225 5516	Detected object count: 0
20:26:31.0225 5516	Actual detected object count: 0
20:26:46.0245 5364	============================================================
20:26:46.0245 5364	Scan started
20:26:46.0245 5364	Mode: Manual; SigCheck; TDLFS; 
20:26:46.0245 5364	============================================================
20:26:46.0463 5364	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:26:46.0655 5364	ACPI - ok
20:26:46.0698 5364	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:46.0720 5364	AdobeFlashPlayerUpdateSvc - ok
20:26:46.0778 5364	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:26:46.0809 5364	adp94xx - ok
20:26:46.0862 5364	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:26:46.0886 5364	adpahci - ok
20:26:46.0911 5364	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:26:46.0929 5364	adpu160m - ok
20:26:46.0964 5364	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:26:46.0984 5364	adpu320 - ok
20:26:47.0039 5364	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:26:47.0177 5364	AeLookupSvc - ok
20:26:47.0228 5364	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:26:47.0296 5364	AFD - ok
20:26:47.0323 5364	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:26:47.0339 5364	agp440 - ok
20:26:47.0367 5364	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:26:47.0385 5364	aic78xx - ok
20:26:47.0423 5364	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:26:47.0601 5364	ALG - ok
20:26:47.0643 5364	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:26:47.0657 5364	aliide - ok
20:26:47.0687 5364	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:26:47.0703 5364	amdagp - ok
20:26:47.0731 5364	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:26:47.0748 5364	amdide - ok
20:26:47.0779 5364	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:26:47.0827 5364	AmdK7 - ok
20:26:47.0844 5364	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:26:47.0904 5364	AmdK8 - ok
20:26:47.0958 5364	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
20:26:48.0035 5364	androidusb - ok
20:26:48.0146 5364	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:26:48.0161 5364	AntiVirSchedulerService - ok
20:26:48.0210 5364	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:26:48.0225 5364	AntiVirService - ok
20:26:48.0269 5364	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:26:48.0324 5364	Appinfo - ok
20:26:48.0443 5364	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:48.0458 5364	Apple Mobile Device - ok
20:26:48.0511 5364	Application Updater - ok
20:26:48.0550 5364	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:26:48.0567 5364	arc - ok
20:26:48.0609 5364	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:26:48.0629 5364	arcsas - ok
20:26:48.0763 5364	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:26:48.0779 5364	aspnet_state - ok
20:26:48.0821 5364	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:48.0879 5364	AsyncMac - ok
20:26:48.0903 5364	atapi           (0fd275041f8b2197ee964361b4192a18) C:\Windows\system32\drivers\atapi.sys
20:26:48.0920 5364	atapi - ok
20:26:49.0038 5364	athr            (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
20:26:49.0160 5364	athr - ok
20:26:49.0234 5364	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:49.0302 5364	AudioEndpointBuilder - ok
20:26:49.0310 5364	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:49.0347 5364	Audiosrv - ok
20:26:49.0384 5364	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
20:26:49.0419 5364	avipbb - ok
20:26:49.0434 5364	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:49.0448 5364	avkmgr - ok
20:26:49.0549 5364	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:26:49.0577 5364	BcmSqlStartupSvc - ok
20:26:49.0602 5364	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:26:49.0667 5364	Beep - ok
20:26:49.0731 5364	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:26:49.0820 5364	BFE - ok
20:26:49.0916 5364	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:26:50.0043 5364	BITS - ok
20:26:50.0075 5364	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:26:50.0117 5364	blbdrive - ok
20:26:50.0200 5364	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:26:50.0222 5364	Bonjour Service - ok
20:26:50.0258 5364	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:26:50.0308 5364	bowser - ok
20:26:50.0344 5364	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:26:50.0396 5364	BrFiltLo - ok
20:26:50.0436 5364	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:26:50.0480 5364	BrFiltUp - ok
20:26:50.0512 5364	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:26:50.0574 5364	Browser - ok
20:26:50.0599 5364	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:26:50.0804 5364	Brserid - ok
20:26:50.0829 5364	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:26:50.0912 5364	BrSerWdm - ok
20:26:50.0933 5364	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:26:51.0023 5364	BrUsbMdm - ok
20:26:51.0039 5364	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:26:51.0118 5364	BrUsbSer - ok
20:26:51.0136 5364	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:26:51.0225 5364	BTHMODEM - ok
20:26:51.0269 5364	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:51.0331 5364	cdfs - ok
20:26:51.0381 5364	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:51.0430 5364	cdrom - ok
20:26:51.0473 5364	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:51.0522 5364	CertPropSvc - ok
20:26:51.0570 5364	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:26:51.0610 5364	circlass - ok
20:26:51.0662 5364	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:26:51.0690 5364	CLFS - ok
20:26:51.0784 5364	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:51.0800 5364	clr_optimization_v2.0.50727_32 - ok
20:26:51.0910 5364	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:51.0926 5364	clr_optimization_v4.0.30319_32 - ok
20:26:51.0952 5364	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:52.0015 5364	CmBatt - ok
20:26:52.0034 5364	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:26:52.0050 5364	cmdide - ok
20:26:52.0144 5364	CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
20:26:52.0255 5364	CnxtHdAudService - ok
20:26:52.0306 5364	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:26:52.0321 5364	Compbatt - ok
20:26:52.0326 5364	COMSysApp - ok
20:26:52.0340 5364	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:26:52.0357 5364	crcdisk - ok
20:26:52.0380 5364	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:26:52.0440 5364	Crusoe - ok
20:26:52.0496 5364	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:26:52.0549 5364	CryptSvc - ok
20:26:52.0628 5364	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:52.0750 5364	DcomLaunch - ok
20:26:52.0812 5364	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:26:52.0858 5364	DfsC - ok
20:26:53.0050 5364	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:26:53.0364 5364	DFSR - ok
20:26:53.0532 5364	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:26:53.0591 5364	Dhcp - ok
20:26:53.0656 5364	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:26:53.0675 5364	disk - ok
20:26:53.0711 5364	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:26:53.0723 5364	DKbFltr - ok
20:26:53.0797 5364	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:26:53.0851 5364	Dnscache - ok
20:26:53.0889 5364	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:26:53.0953 5364	dot3svc - ok
20:26:53.0994 5364	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:26:54.0086 5364	DPS - ok
20:26:54.0136 5364	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:26:54.0191 5364	drmkaud - ok
20:26:54.0265 5364	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:54.0306 5364	DXGKrnl - ok
20:26:54.0345 5364	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:26:54.0417 5364	E1G60 - ok
20:26:54.0442 5364	EagleNT - ok
20:26:54.0469 5364	EagleXNt - ok
20:26:54.0512 5364	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:26:54.0560 5364	EapHost - ok
20:26:54.0703 5364	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:26:54.0737 5364	Ecache - ok
20:26:54.0822 5364	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:26:54.0877 5364	ehRecvr - ok
20:26:54.0908 5364	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:26:54.0960 5364	ehSched - ok
20:26:54.0977 5364	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:26:55.0018 5364	ehstart - ok
20:26:55.0092 5364	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:26:55.0154 5364	elxstor - ok
20:26:55.0225 5364	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:26:55.0302 5364	EMDMgmt - ok
20:26:55.0526 5364	ePowerSvc       (bf5a69708fdd68ea1e20e72e2afe6996) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:26:55.0564 5364	ePowerSvc - ok
20:26:55.0639 5364	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:26:55.0715 5364	ErrDev - ok
20:26:55.0785 5364	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:26:55.0836 5364	EventSystem - ok
20:26:55.0919 5364	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:26:55.0974 5364	exfat - ok
20:26:56.0035 5364	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:26:56.0096 5364	fastfat - ok
20:26:56.0134 5364	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:26:56.0214 5364	fdc - ok
20:26:56.0390 5364	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:26:56.0431 5364	fdPHost - ok
20:26:56.0439 5364	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:26:56.0521 5364	FDResPub - ok
20:26:56.0553 5364	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:26:56.0569 5364	FileInfo - ok
20:26:56.0606 5364	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:26:56.0672 5364	Filetrace - ok
20:26:56.0697 5364	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:56.0760 5364	flpydisk - ok
20:26:56.0798 5364	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:26:56.0823 5364	FltMgr - ok
20:26:56.0974 5364	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:26:57.0055 5364	FontCache - ok
20:26:57.0115 5364	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:26:57.0130 5364	FontCache3.0.0.0 - ok
20:26:57.0161 5364	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:57.0216 5364	Fs_Rec - ok
20:26:57.0243 5364	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:26:57.0260 5364	gagp30kx - ok
20:26:57.0287 5364	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:57.0299 5364	GEARAspiWDM - ok
20:26:57.0360 5364	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:26:57.0422 5364	gpsvc - ok
20:26:57.0551 5364	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:57.0566 5364	gupdate - ok
20:26:57.0572 5364	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:57.0587 5364	gupdatem - ok
20:26:57.0640 5364	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:26:57.0666 5364	gusvc - ok
20:26:57.0709 5364	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:26:57.0724 5364	hamachi - ok
20:26:57.0772 5364	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:26:57.0877 5364	HdAudAddService - ok
20:26:57.0963 5364	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:58.0031 5364	HDAudBus - ok
20:26:58.0048 5364	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:26:58.0139 5364	HidBth - ok
20:26:58.0173 5364	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:26:58.0260 5364	HidIr - ok
20:26:58.0301 5364	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:26:58.0363 5364	hidserv - ok
20:26:58.0395 5364	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:58.0440 5364	HidUsb - ok
20:26:58.0487 5364	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:26:58.0550 5364	hkmsvc - ok
20:26:58.0574 5364	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:26:58.0592 5364	HpCISSs - ok
20:26:58.0644 5364	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:26:58.0723 5364	HTTP - ok
20:26:58.0756 5364	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:26:58.0773 5364	i2omp - ok
20:26:58.0814 5364	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:58.0862 5364	i8042prt - ok
20:26:59.0001 5364	IAANTMON        (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:26:59.0025 5364	IAANTMON - ok
20:26:59.0083 5364	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
20:26:59.0103 5364	iaStor - ok
20:26:59.0137 5364	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:26:59.0167 5364	iaStorV - ok
20:26:59.0232 5364	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:26:59.0240 5364	IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:26:59.0240 5364	IDriverT - detected UnsignedFile.Multi.Generic (1)
20:26:59.0366 5364	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:26:59.0458 5364	idsvc - ok
20:26:59.0495 5364	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:26:59.0510 5364	iirsp - ok
20:26:59.0578 5364	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:26:59.0651 5364	IKEEXT - ok
20:26:59.0734 5364	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\System32\OEM\Factory\int15.sys
20:26:59.0757 5364	int15.sys ( UnsignedFile.Multi.Generic ) - warning
20:26:59.0757 5364	int15.sys - detected UnsignedFile.Multi.Generic (1)
20:26:59.0788 5364	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:26:59.0803 5364	intelide - ok
20:26:59.0856 5364	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:59.0918 5364	intelppm - ok
20:26:59.0953 5364	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:27:00.0018 5364	IPBusEnum - ok
20:27:00.0037 5364	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:00.0101 5364	IpFilterDriver - ok
20:27:00.0150 5364	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:27:00.0224 5364	iphlpsvc - ok
20:27:00.0232 5364	IpInIp - ok
20:27:00.0265 5364	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:27:00.0310 5364	IPMIDRV - ok
20:27:00.0340 5364	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:27:00.0394 5364	IPNAT - ok
20:27:00.0551 5364	iPod Service    (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
20:27:00.0588 5364	iPod Service - ok
20:27:00.0617 5364	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:27:00.0661 5364	IRENUM - ok
20:27:00.0691 5364	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:27:00.0708 5364	isapnp - ok
20:27:00.0765 5364	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:27:00.0788 5364	iScsiPrt - ok
20:27:00.0817 5364	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:27:00.0833 5364	iteatapi - ok
20:27:00.0861 5364	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:27:00.0875 5364	iteraid - ok
20:27:00.0899 5364	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:00.0917 5364	kbdclass - ok
20:27:00.0953 5364	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:01.0000 5364	kbdhid - ok
20:27:01.0017 5364	KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:27:01.0062 5364	KeyIso - ok
20:27:01.0123 5364	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:27:01.0162 5364	KSecDD - ok
20:27:01.0229 5364	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:27:01.0325 5364	KtmRm - ok
20:27:01.0379 5364	L1C             (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys
20:27:01.0421 5364	L1C - ok
20:27:01.0471 5364	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:27:01.0540 5364	LanmanServer - ok
20:27:01.0595 5364	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:27:01.0647 5364	LanmanWorkstation - ok
20:27:01.0678 5364	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:27:01.0733 5364	lltdio - ok
20:27:01.0786 5364	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:27:01.0857 5364	lltdsvc - ok
20:27:01.0884 5364	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:27:01.0961 5364	lmhosts - ok
20:27:02.0007 5364	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:27:02.0026 5364	LSI_FC - ok
20:27:02.0062 5364	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:27:02.0081 5364	LSI_SAS - ok
20:27:02.0116 5364	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:27:02.0148 5364	LSI_SCSI - ok
20:27:02.0169 5364	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:27:02.0223 5364	luafv - ok
20:27:02.0288 5364	massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\DRIVERS\massfilter.sys
20:27:02.0323 5364	massfilter - ok
20:27:02.0364 5364	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:27:02.0397 5364	Mcx2Svc - ok
20:27:02.0436 5364	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:27:02.0453 5364	megasas - ok
20:27:02.0508 5364	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:27:02.0540 5364	MegaSR - ok
20:27:02.0557 5364	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:27:02.0620 5364	MMCSS - ok
20:27:02.0636 5364	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:27:02.0690 5364	Modem - ok
20:27:02.0725 5364	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:27:02.0766 5364	monitor - ok
20:27:02.0783 5364	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:27:02.0801 5364	mouclass - ok
20:27:02.0815 5364	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:27:02.0856 5364	mouhid - ok
20:27:02.0872 5364	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:27:02.0891 5364	MountMgr - ok
20:27:02.0918 5364	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:27:02.0951 5364	mpio - ok
20:27:02.0971 5364	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:27:03.0018 5364	mpsdrv - ok
20:27:03.0078 5364	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:27:03.0151 5364	MpsSvc - ok
20:27:03.0187 5364	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:27:03.0202 5364	Mraid35x - ok
20:27:03.0242 5364	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:27:03.0283 5364	MRxDAV - ok
20:27:03.0316 5364	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:03.0384 5364	mrxsmb - ok
20:27:03.0423 5364	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:03.0465 5364	mrxsmb10 - ok
20:27:03.0486 5364	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:03.0528 5364	mrxsmb20 - ok
20:27:03.0559 5364	msahci          (1544de2b6a41de218a679eb59f3c3f50) C:\Windows\system32\drivers\msahci.sys
20:27:03.0577 5364	msahci - ok
20:27:03.0616 5364	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:27:03.0648 5364	msdsm - ok
20:27:03.0704 5364	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:27:03.0782 5364	MSDTC - ok
20:27:03.0810 5364	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:27:03.0867 5364	Msfs - ok
20:27:03.0901 5364	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:27:03.0918 5364	msisadrv - ok
20:27:03.0959 5364	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:27:04.0006 5364	MSiSCSI - ok
20:27:04.0015 5364	msiserver - ok
20:27:04.0072 5364	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:27:04.0127 5364	MSKSSRV - ok
20:27:04.0159 5364	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:04.0209 5364	MSPCLOCK - ok
20:27:04.0226 5364	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:27:04.0274 5364	MSPQM - ok
20:27:04.0324 5364	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:27:04.0355 5364	MsRPC - ok
20:27:04.0384 5364	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:27:04.0402 5364	mssmbios - ok
20:27:04.0476 5364	MSSQL$MSSMLBIZ - ok
20:27:04.0517 5364	MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:27:04.0533 5364	MSSQLServerADHelper - ok
20:27:04.0550 5364	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:27:04.0609 5364	MSTEE - ok
20:27:04.0647 5364	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:27:04.0668 5364	Mup - ok
20:27:04.0731 5364	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:27:04.0829 5364	napagent - ok
20:27:04.0877 5364	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:27:04.0935 5364	NativeWifiP - ok
20:27:04.0999 5364	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:27:05.0040 5364	NDIS - ok
20:27:05.0075 5364	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:05.0134 5364	NdisTapi - ok
20:27:05.0171 5364	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:05.0242 5364	Ndisuio - ok
20:27:05.0276 5364	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:05.0336 5364	NdisWan - ok
20:27:05.0368 5364	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:27:05.0409 5364	NDProxy - ok
20:27:05.0429 5364	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:27:05.0478 5364	NetBIOS - ok
20:27:05.0523 5364	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:27:05.0583 5364	netbt - ok
20:27:05.0617 5364	Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:27:05.0641 5364	Netlogon - ok
20:27:05.0684 5364	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:27:05.0775 5364	Netman - ok
20:27:05.0906 5364	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:05.0935 5364	NetMsmqActivator - ok
20:27:05.0941 5364	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:05.0963 5364	NetPipeActivator - ok
20:27:06.0004 5364	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:27:06.0066 5364	netprofm - ok
20:27:06.0073 5364	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:06.0095 5364	NetTcpActivator - ok
20:27:06.0106 5364	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:06.0127 5364	NetTcpPortSharing - ok
20:27:06.0533 5364	NETw5v32        (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
20:27:06.0836 5364	NETw5v32 - ok
20:27:06.0983 5364	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:27:07.0002 5364	nfrd960 - ok
20:27:07.0051 5364	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:27:07.0118 5364	NlaSvc - ok
20:27:07.0153 5364	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:27:07.0202 5364	Npfs - ok
20:27:07.0219 5364	npggsvc - ok
20:27:07.0244 5364	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:27:07.0298 5364	nsi - ok
20:27:07.0316 5364	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:27:07.0387 5364	nsiproxy - ok
20:27:07.0525 5364	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:27:07.0624 5364	Ntfs - ok
20:27:07.0729 5364	NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:27:07.0745 5364	NTIBackupSvc - ok
20:27:07.0786 5364	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:27:07.0799 5364	NTIDrvr - ok
20:27:07.0823 5364	NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:27:07.0838 5364	NTISchedulerSvc - ok
20:27:07.0868 5364	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:27:07.0954 5364	ntrigdigi - ok
20:27:07.0982 5364	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:27:08.0052 5364	Null - ok
20:27:08.0946 5364	nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:09.0559 5364	nvlddmkm - ok
20:27:09.0764 5364	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:27:09.0785 5364	nvraid - ok
20:27:09.0815 5364	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:27:09.0831 5364	nvstor - ok
20:27:09.0969 5364	nvsvc           (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
20:27:10.0045 5364	nvsvc - ok
20:27:10.0297 5364	nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:27:10.0450 5364	nvUpdatusService - ok
20:27:10.0592 5364	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:27:10.0613 5364	nv_agp - ok
20:27:10.0619 5364	NwlnkFlt - ok
20:27:10.0627 5364	NwlnkFwd - ok
20:27:10.0777 5364	odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:27:10.0836 5364	odserv - ok
20:27:10.0870 5364	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:27:10.0950 5364	ohci1394 - ok
20:27:10.0994 5364	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:11.0026 5364	ose - ok
20:27:11.0114 5364	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:27:11.0202 5364	p2pimsvc - ok
20:27:11.0222 5364	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:27:11.0261 5364	p2psvc - ok
20:27:11.0305 5364	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:27:11.0391 5364	Parport - ok
20:27:11.0422 5364	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:27:11.0441 5364	partmgr - ok
20:27:11.0462 5364	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:27:11.0551 5364	Parvdm - ok
20:27:11.0580 5364	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:27:11.0646 5364	PcaSvc - ok
20:27:11.0717 5364	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:27:11.0748 5364	pci - ok
20:27:11.0785 5364	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:27:11.0803 5364	pciide - ok
20:27:11.0870 5364	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:27:11.0899 5364	pcmcia - ok
20:27:12.0018 5364	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:27:12.0155 5364	PEAUTH - ok
20:27:12.0310 5364	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:27:12.0434 5364	pla - ok
20:27:12.0559 5364	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:27:12.0614 5364	PlugPlay - ok
20:27:12.0680 5364	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:27:12.0719 5364	PNRPAutoReg - ok
20:27:12.0730 5364	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:27:12.0767 5364	PNRPsvc - ok
20:27:12.0827 5364	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:27:12.0896 5364	PolicyAgent - ok
20:27:12.0967 5364	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:27:13.0020 5364	PptpMiniport - ok
20:27:13.0047 5364	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:27:13.0110 5364	Processor - ok
20:27:13.0149 5364	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:27:13.0209 5364	ProfSvc - ok
20:27:13.0232 5364	ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:27:13.0256 5364	ProtectedStorage - ok
20:27:13.0286 5364	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:27:13.0335 5364	PSched - ok
20:27:13.0449 5364	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:27:13.0615 5364	ql2300 - ok
20:27:13.0647 5364	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:27:13.0678 5364	ql40xx - ok
20:27:13.0740 5364	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:27:13.0838 5364	QWAVE - ok
20:27:13.0864 5364	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:27:13.0887 5364	QWAVEdrv - ok
20:27:13.0910 5364	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:27:13.0966 5364	RasAcd - ok
20:27:13.0988 5364	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:27:14.0088 5364	RasAuto - ok
20:27:14.0103 5364	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:14.0160 5364	Rasl2tp - ok
20:27:14.0207 5364	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:27:14.0272 5364	RasMan - ok
20:27:14.0310 5364	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:14.0347 5364	RasPppoe - ok
20:27:14.0420 5364	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:27:14.0442 5364	RasSstp - ok
20:27:14.0491 5364	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:27:14.0562 5364	rdbss - ok
20:27:14.0596 5364	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:14.0653 5364	RDPCDD - ok
20:27:14.0697 5364	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:27:14.0752 5364	rdpdr - ok
20:27:14.0760 5364	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:27:14.0816 5364	RDPENCDD - ok
20:27:14.0854 5364	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:27:14.0921 5364	RDPWD - ok
20:27:14.0979 5364	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:27:15.0045 5364	RemoteAccess - ok
20:27:15.0089 5364	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:27:15.0126 5364	RemoteRegistry - ok
20:27:15.0157 5364	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:27:15.0195 5364	RpcLocator - ok
20:27:15.0265 5364	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:27:15.0313 5364	RpcSs - ok
20:27:15.0352 5364	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:27:15.0435 5364	rspndr - ok
20:27:15.0534 5364	RS_Service      (8e250687e5f020cd337cc9d8252c0b56) C:\Program Files\Acer\Acer VCM\RS_Service.exe
20:27:15.0569 5364	RS_Service ( UnsignedFile.Multi.Generic ) - warning
20:27:15.0569 5364	RS_Service - detected UnsignedFile.Multi.Generic (1)
20:27:15.0600 5364	RTSTOR          (05ff3c3100f163558e37d0a975bef05c) C:\Windows\system32\drivers\RTSTOR.SYS
20:27:15.0698 5364	RTSTOR - ok
20:27:15.0778 5364	SamSs           (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:27:15.0802 5364	SamSs - ok
20:27:15.0852 5364	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:27:15.0869 5364	sbp2port - ok
20:27:15.0907 5364	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:27:15.0957 5364	SCardSvr - ok
20:27:16.0024 5364	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:27:16.0128 5364	Schedule - ok
20:27:16.0166 5364	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:27:16.0201 5364	SCPolicySvc - ok
20:27:16.0236 5364	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:27:16.0303 5364	SDRSVC - ok
20:27:16.0410 5364	SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:27:16.0418 5364	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:27:16.0419 5364	SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:27:16.0452 5364	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:27:16.0544 5364	secdrv - ok
20:27:16.0572 5364	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:27:16.0620 5364	seclogon - ok
20:27:16.0641 5364	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:27:16.0700 5364	SENS - ok
20:27:16.0728 5364	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:27:16.0801 5364	Serenum - ok
20:27:16.0836 5364	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:27:16.0917 5364	Serial - ok
20:27:16.0950 5364	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:27:16.0994 5364	sermouse - ok
20:27:17.0041 5364	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:27:17.0097 5364	SessionEnv - ok
20:27:17.0130 5364	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:27:17.0162 5364	sffdisk - ok
20:27:17.0191 5364	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:27:17.0251 5364	sffp_mmc - ok
20:27:17.0268 5364	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:27:17.0319 5364	sffp_sd - ok
20:27:17.0348 5364	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:27:17.0444 5364	sfloppy - ok
20:27:17.0488 5364	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:27:17.0562 5364	SharedAccess - ok
20:27:17.0620 5364	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:27:17.0686 5364	ShellHWDetection - ok
20:27:17.0714 5364	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:27:17.0731 5364	sisagp - ok
20:27:17.0752 5364	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:27:17.0768 5364	SiSRaid2 - ok
20:27:17.0791 5364	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:27:17.0809 5364	SiSRaid4 - ok
20:27:17.0923 5364	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
20:27:17.0941 5364	SkypeUpdate - ok
20:27:18.0227 5364	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:27:18.0488 5364	slsvc - ok
20:27:18.0625 5364	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:27:18.0661 5364	SLUINotify - ok
20:27:18.0713 5364	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:27:18.0749 5364	Smb - ok
20:27:18.0781 5364	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:27:18.0804 5364	SNMPTRAP - ok
20:27:18.0842 5364	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:27:18.0861 5364	spldr - ok
20:27:18.0893 5364	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:27:18.0933 5364	Spooler - ok
20:27:19.0009 5364	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
20:27:19.0009 5364	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:27:19.0025 5364	sptd ( LockedFile.Multi.Generic ) - warning
20:27:19.0025 5364	sptd - detected LockedFile.Multi.Generic (1)
20:27:19.0135 5364	SQLBrowser      (5673e79bbb62a4c35b10d821ff1b4aca) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:27:19.0164 5364	SQLBrowser - ok
20:27:19.0218 5364	SQLWriter       (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:27:19.0233 5364	SQLWriter - ok
20:27:19.0284 5364	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:27:19.0330 5364	srv - ok
20:27:19.0373 5364	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:27:19.0454 5364	srv2 - ok
20:27:19.0491 5364	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:27:19.0514 5364	srvnet - ok
20:27:19.0566 5364	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
20:27:19.0592 5364	ssadbus - ok
20:27:19.0631 5364	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:27:19.0652 5364	ssadmdfl - ok
20:27:19.0685 5364	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:27:19.0720 5364	ssadmdm - ok
20:27:19.0760 5364	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
20:27:19.0775 5364	sscdbus - ok
20:27:19.0813 5364	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:27:19.0824 5364	sscdmdfl - ok
20:27:19.0868 5364	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:27:19.0895 5364	sscdmdm - ok
20:27:19.0933 5364	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:27:20.0009 5364	SSDPSRV - ok
20:27:20.0047 5364	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:27:20.0060 5364	ssmdrv - ok
20:27:20.0088 5364	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:27:20.0124 5364	SstpSvc - ok
20:27:20.0216 5364	Steam Client Service - ok
20:27:20.0303 5364	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:27:20.0374 5364	stisvc - ok
20:27:20.0405 5364	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:27:20.0422 5364	swenum - ok
20:27:20.0478 5364	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:27:20.0558 5364	swprv - ok
20:27:20.0582 5364	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:27:20.0598 5364	Symc8xx - ok
20:27:20.0621 5364	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:27:20.0637 5364	Sym_hi - ok
20:27:20.0671 5364	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:27:20.0689 5364	Sym_u3 - ok
20:27:20.0763 5364	SynTP           (60cd166ae4261920b4008a1a114ae97c) C:\Windows\system32\DRIVERS\SynTP.sys
20:27:20.0801 5364	SynTP - ok
20:27:20.0870 5364	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:27:20.0945 5364	SysMain - ok
20:27:20.0976 5364	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:27:21.0020 5364	TabletInputService - ok
20:27:21.0066 5364	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:27:21.0133 5364	TapiSrv - ok
20:27:21.0152 5364	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:27:21.0210 5364	TBS - ok
20:27:21.0305 5364	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
20:27:21.0392 5364	Tcpip - ok
20:27:21.0411 5364	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:21.0462 5364	Tcpip6 - ok
20:27:21.0523 5364	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:27:21.0564 5364	tcpipreg - ok
20:27:21.0599 5364	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:27:21.0645 5364	TDPIPE - ok
20:27:21.0675 5364	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:27:21.0721 5364	TDTCP - ok
20:27:21.0761 5364	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:27:21.0796 5364	tdx - ok
20:27:21.0882 5364	TeamViewer5     (f252f1cda97cf43db25c5d0b19228755) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
20:27:21.0899 5364	TeamViewer5 - ok
20:27:21.0929 5364	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:27:21.0949 5364	TermDD - ok
20:27:22.0009 5364	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:27:22.0088 5364	TermService - ok
20:27:22.0141 5364	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:27:22.0170 5364	Themes - ok
20:27:22.0202 5364	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:27:22.0250 5364	THREADORDER - ok
20:27:22.0288 5364	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:27:22.0334 5364	TrkWks - ok
20:27:22.0371 5364	TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
20:27:22.0387 5364	TrojanKillerDriver - ok
20:27:22.0453 5364	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:27:22.0502 5364	TrustedInstaller - ok
20:27:22.0552 5364	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:22.0633 5364	tssecsrv - ok
20:27:22.0670 5364	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:27:22.0708 5364	tunmp - ok
20:27:22.0737 5364	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:22.0761 5364	tunnel - ok
20:27:22.0788 5364	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:27:22.0805 5364	uagp35 - ok
20:27:22.0834 5364	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:27:22.0847 5364	UBHelper - ok
20:27:22.0887 5364	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:27:22.0934 5364	udfs - ok
20:27:22.0986 5364	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:27:23.0031 5364	UI0Detect - ok
20:27:23.0056 5364	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:27:23.0073 5364	uliagpkx - ok
20:27:23.0128 5364	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:27:23.0164 5364	uliahci - ok
20:27:23.0200 5364	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:27:23.0221 5364	UlSata - ok
20:27:23.0258 5364	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:27:23.0277 5364	ulsata2 - ok
20:27:23.0305 5364	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:27:23.0349 5364	umbus - ok
20:27:23.0389 5364	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:27:23.0468 5364	upnphost - ok
20:27:23.0533 5364	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:27:23.0560 5364	USBAAPL - ok
20:27:23.0624 5364	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:27:23.0684 5364	usbaudio - ok
20:27:23.0722 5364	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:23.0775 5364	usbccgp - ok
20:27:23.0818 5364	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:27:23.0905 5364	usbcir - ok
20:27:23.0935 5364	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:23.0989 5364	usbehci - ok
20:27:24.0037 5364	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:24.0083 5364	usbhub - ok
20:27:24.0115 5364	USBIO           (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
20:27:24.0122 5364	USBIO ( UnsignedFile.Multi.Generic ) - warning
20:27:24.0122 5364	USBIO - detected UnsignedFile.Multi.Generic (1)
20:27:24.0142 5364	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:27:24.0220 5364	usbohci - ok
20:27:24.0263 5364	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:24.0324 5364	usbprint - ok
20:27:24.0383 5364	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:27:24.0437 5364	usbscan - ok
20:27:24.0459 5364	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:24.0496 5364	USBSTOR - ok
20:27:24.0529 5364	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:24.0563 5364	usbuhci - ok
20:27:24.0593 5364	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:27:24.0661 5364	usbvideo - ok
20:27:24.0714 5364	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
20:27:24.0748 5364	usb_rndisx - ok
20:27:24.0780 5364	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:27:24.0816 5364	UxSms - ok
20:27:24.0874 5364	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:27:24.0925 5364	vds - ok
20:27:24.0953 5364	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:25.0024 5364	vga - ok
20:27:25.0084 5364	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:27:25.0144 5364	VgaSave - ok
20:27:25.0168 5364	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:27:25.0186 5364	viaagp - ok
20:27:25.0212 5364	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:27:25.0255 5364	ViaC7 - ok
20:27:25.0285 5364	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:27:25.0301 5364	viaide - ok
20:27:25.0327 5364	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:27:25.0345 5364	volmgr - ok
20:27:25.0391 5364	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:27:25.0432 5364	volmgrx - ok
20:27:25.0496 5364	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:27:25.0551 5364	volsnap - ok
20:27:25.0598 5364	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:27:25.0630 5364	vsmraid - ok
20:27:25.0756 5364	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:27:25.0876 5364	VSS - ok
20:27:25.0946 5364	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:27:26.0004 5364	W32Time - ok
20:27:26.0107 5364	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:27:26.0186 5364	WacomPen - ok
20:27:26.0229 5364	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:26.0263 5364	Wanarp - ok
20:27:26.0268 5364	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:26.0303 5364	Wanarpv6 - ok
20:27:26.0353 5364	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:27:26.0413 5364	wcncsvc - ok
20:27:26.0452 5364	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:27:26.0506 5364	WcsPlugInService - ok
20:27:26.0542 5364	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:27:26.0559 5364	Wd - ok
20:27:26.0616 5364	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:27:26.0651 5364	Wdf01000 - ok
20:27:26.0679 5364	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:26.0753 5364	WdiServiceHost - ok
20:27:26.0758 5364	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:26.0805 5364	WdiSystemHost - ok
20:27:26.0842 5364	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:27:26.0889 5364	WebClient - ok
20:27:26.0933 5364	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:27:26.0983 5364	Wecsvc - ok
20:27:27.0012 5364	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:27:27.0089 5364	wercplsupport - ok
20:27:27.0131 5364	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:27:27.0219 5364	WerSvc - ok
20:27:27.0332 5364	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:27:27.0383 5364	WinDefend - ok
20:27:27.0398 5364	WinHttpAutoProxySvc - ok
20:27:27.0467 5364	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:27:27.0517 5364	Winmgmt - ok
20:27:27.0638 5364	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:27:27.0737 5364	WinRM - ok
20:27:27.0818 5364	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:27:27.0941 5364	Wlansvc - ok
20:27:28.0034 5364	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:27:28.0078 5364	WmiAcpi - ok
20:27:28.0152 5364	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:27:28.0199 5364	wmiApSrv - ok
20:27:28.0371 5364	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:27:28.0471 5364	WMPNetworkSvc - ok
20:27:28.0518 5364	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:27:28.0584 5364	WPCSvc - ok
20:27:28.0633 5364	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:27:28.0681 5364	WPDBusEnum - ok
20:27:28.0748 5364	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:27:28.0770 5364	WpdUsb - ok
20:27:28.0956 5364	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:27:28.0993 5364	WPFFontCache_v0400 - ok
20:27:29.0020 5364	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:29.0065 5364	ws2ifsl - ok
20:27:29.0101 5364	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:27:29.0138 5364	wscsvc - ok
20:27:29.0149 5364	WSearch - ok
20:27:29.0326 5364	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:27:29.0449 5364	wuauserv - ok
20:27:29.0606 5364	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:29.0674 5364	WUDFRd - ok
20:27:29.0720 5364	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:27:29.0789 5364	wudfsvc - ok
20:27:29.0799 5364	XDva375 - ok
20:27:29.0889 5364	ZTEusbmdm6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:27:29.0942 5364	ZTEusbmdm6k - ok
20:27:29.0978 5364	ZTEusbnet       (b7836ca4a95e12135e7e49fec9c29f2a) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
20:27:30.0032 5364	ZTEusbnet - ok
20:27:30.0096 5364	ZTEusbnmea      (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:27:30.0121 5364	ZTEusbnmea - ok
20:27:30.0196 5364	ZTEusbser6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:27:30.0219 5364	ZTEusbser6k - ok
20:27:30.0261 5364	ZTEusbvoice     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
20:27:30.0298 5364	ZTEusbvoice - ok
20:27:30.0349 5364	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:27:30.0563 5364	\Device\Harddisk0\DR0 - ok
20:27:30.0569 5364	Boot (0x1200)   (eab22d29d3c5db4dacedf6554dbfbff6) \Device\Harddisk0\DR0\Partition0
20:27:30.0572 5364	\Device\Harddisk0\DR0\Partition0 - ok
20:27:30.0573 5364	============================================================
20:27:30.0573 5364	Scan finished
20:27:30.0573 5364	============================================================
20:27:30.0597 5360	Detected object count: 6
20:27:30.0597 5360	Actual detected object count: 6
20:27:34.0626 5360	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:34.0626 5360	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:34.0627 5360	int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:34.0627 5360	int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:34.0627 5360	RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:34.0627 5360	RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:34.0628 5360	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:34.0628 5360	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:34.0628 5360	sptd ( LockedFile.Multi.Generic ) - skipped by user
20:27:34.0628 5360	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
20:27:34.0631 5360	USBIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:34.0632 5360	USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€
0xc0000006, 7-zip, akamai, alternate, antivir, audacity, avgnt, avira, bildschirm, black, bonjour, converter, dateisystem, desktop, device driver, error, festplatte, firefox, flash player, google, home, install.exe, iobit, launch, logfile, metin2, microsoft office 2003, microsoft office word, mp3, nicht möglich, nvidia update, office 2007, popup, problem, realtek, scan, searchscopes, security, server, software, spyware, svchost.exe, system blockiert, trojaner, tubebox, usb 2.0, version=1.0, viren, vista, windows



Ähnliche Themen: Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€


  1. Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (14)
  2. Windows wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (12)
  3. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 19.03.2012 (21)
  4. Aus sicherheitsgründen ist ihr windows gesperrt
    Log-Analyse und Auswertung - 06.03.2012 (4)
  5. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (13)
  6. aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (9)
  7. Aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (1)
  8. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 29.02.2012 (16)
  9. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (50)
  10. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 27.02.2012 (9)
  11. windows aus sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (26)
  12. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  13. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (27)
  14. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 12.02.2012 (9)
  15. Windows wurde aus Sicherheitsgründen gesperrt.....
    Plagegeister aller Art und deren Bekämpfung - 27.01.2012 (27)
  16. Windows aus Sicherheitsgründen gesperrt.. Sorry
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (11)
  17. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 10.12.2011 (1)

Zum Thema Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ - Hallo, eben ist es passiert. Der Bildschirm wird dunkel und es erscheint ein Fenster welches darauf verweist das mein Bertiebssystem aus sicherheitsgründen gespert ist und ich 50 euro zum entsperren - Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€...
Archiv
Du betrachtest: Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.