Trojaner-Board - Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ (https://www.trojaner-board.de/113484-windows-sicherheitsgruenden-gesperrt-zahlungaufforderung-50-a.html)

Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€

Hallo,

eben ist es passiert. Der Bildschirm wird dunkel und es erscheint ein Fenster welches darauf verweist das mein Bertiebssystem aus sicherheitsgründen gespert ist und ich 50 euro zum entsperren zahlen soll.

Da ich mich schon ein wenig auf diesem Forum informiert habe, habe ich beireits einen OTL scan gemach,die Daten sind hier:

OTL.Txt

Zitat:

OTL logfile created on: 11.04.2012 20:11:55 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sven Bruns\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,62% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 181,72 Gb Free Space | 63,52% Space Free | Partition Type: NTFS

Computer Name: SVENBRUNS-PC | User Name: Sven Bruns | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.11 20:10:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sven Bruns\Downloads\OTL.exe
PRC - [2012.03.27 10:52:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

========== Modules (No Company Name) ==========

MOD - [2012.03.30 11:05:16 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012.03.27 10:52:58 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.03.30 11:53:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.16 19:28:34 | 000,782,744 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.02 17:04:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.24 16:51:23 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012.02.15 19:06:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.23 01:50:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.08 06:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011.12.08 06:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2003.10.01 16:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F7572 63653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D2671 3D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = hxxp://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263 685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKCU\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F75726365 3D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3 310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 10:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:59:25 | 000,000,000 | ---D | M]

[2011.07.04 14:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Extensions
[2012.04.09 14:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions
[2012.03.01 23:32:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sven Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.09 14:49:29 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.27 10:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.29 21:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll
[2012.03.27 10:52:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 10:52:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.27 10:52:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 10:52:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 10:52:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 10:52:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Sven Bruns\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Sven Bruns\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [SkypePM] C:\Users\Sven Bruns\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sven Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB44992-72B9-4A4E-981C-7DC7054017FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ED7889-A2CF-4353-B564-5C4D19614B5D}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E26DC6-E663-4194-9968-55AE29797971}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.09 13:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.04.09 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.04.09 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2012.04.09 13:55:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.30 11:05:17 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Sven Bruns\AppData\Roaming\MinecraftSP.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.11 19:50:02 | 000,755,576 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.11 19:50:02 | 000,701,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.11 19:50:02 | 000,179,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.11 19:50:02 | 000,145,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.11 19:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.11 19:43:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.11 19:43:44 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012.04.11 19:43:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 19:43:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 19:14:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.11 18:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.08 23:09:51 | 003,428,106 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:06:30 | 001,827,981 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:45 | 000,113,029 | ---- | M] () -- C:\Users\Sven Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:59:43 | 001,453,975 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:59:32 | 001,654,842 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:48:36 | 000,340,720 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 083.jpg
[2012.04.08 22:47:00 | 000,374,754 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:59 | 000,284,968 | ---- | M] () -- C:\Users\Sven Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:54 | 001,846,819 | ---- | M] () -- C:\Users\Sven Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:41:09 | 001,303,838 | ---- | M] () -- C:\Users\Sven Bruns\Documents\DSC00177.JPG
[2012.04.08 22:37:02 | 000,513,318 | ---- | M] () -- C:\Users\Sven Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:32:15 | 001,523,339 | ---- | M] () -- C:\Users\Sven Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:31:24 | 001,471,248 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:56 | 000,914,610 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:36 | 000,336,904 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:33 | 000,424,028 | ---- | M] () -- C:\Users\Sven Bruns\Documents\SDC19225.JPG
[2012.04.08 22:24:16 | 001,480,648 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:01:17 | 002,127,153 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:22:08 | 002,095,974 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:45:38 | 000,877,259 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:54 | 000,920,432 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:54 | 000,455,343 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9520_1.jpg
[2012.03.30 11:53:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.03.30 11:53:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.29 02:12:16 | 000,161,534 | ---- | M] () -- C:\Users\Sven Bruns\Documents\ultraschall22_3_12.jpg
[2012.03.18 22:28:38 | 001,831,556 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9678.JPG
[2012.03.18 22:26:19 | 002,215,457 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9679.JPG
[2012.03.18 21:13:25 | 000,128,903 | ---- | M] () -- C:\Users\Sven Bruns\Documents\2012-03-18 20-12-27.960.jpg
[2012.03.18 00:59:15 | 000,043,884 | ---- | M] () -- C:\Users\Sven Bruns\Documents\307148_230128800366385_100001078002048_622536_1426374_n.jpg
[2012.03.17 20:25:30 | 000,187,732 | ---- | M] () -- C:\Users\Sven Bruns\Documents\2012-03-17 19-21-36.904.jpg
[2012.03.16 22:37:27 | 000,765,600 | ---- | M] () -- C:\Users\Sven Bruns\Documents\IMG_9629.JPG
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.08 23:04:56 | 003,428,106 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_0005.JPG
[2012.04.08 23:03:24 | 001,827,981 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_6282.JPG
[2012.04.08 23:03:12 | 000,113,029 | ---- | C] () -- C:\Users\Sven Bruns\Documents\nocmalbestest.jpg
[2012.04.08 22:55:15 | 001,453,975 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_2477.JPG
[2012.04.08 22:54:24 | 001,654,842 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_2356.JPG
[2012.04.08 22:47:57 | 000,340,720 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 083.jpg
[2012.04.08 22:46:40 | 000,374,754 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 169.jpg
[2012.04.08 22:45:42 | 000,284,968 | ---- | C] () -- C:\Users\Sven Bruns\Documents\Bild 000.jpg
[2012.04.08 22:43:18 | 001,846,819 | ---- | C] () -- C:\Users\Sven Bruns\Documents\HPIM2254.JPG
[2012.04.08 22:40:35 | 001,303,838 | ---- | C] () -- C:\Users\Sven Bruns\Documents\DSC00177.JPG
[2012.04.08 22:36:43 | 000,513,318 | ---- | C] () -- C:\Users\Sven Bruns\Documents\CIMG0228.JPG
[2012.04.08 22:31:45 | 001,523,339 | ---- | C] () -- C:\Users\Sven Bruns\Documents\diverses sommer 2009 025.JPG
[2012.04.08 22:30:54 | 001,471,248 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC11233.JPG
[2012.04.08 22:27:31 | 000,914,610 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC18981.JPG
[2012.04.08 22:25:28 | 000,336,904 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC19236.JPG
[2012.04.08 22:25:12 | 000,424,028 | ---- | C] () -- C:\Users\Sven Bruns\Documents\SDC19225.JPG
[2012.04.08 22:22:31 | 001,480,648 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_7225.JPG
[2012.04.06 01:00:43 | 002,127,153 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_Farbe1.jpg
[2012.04.06 00:20:47 | 002,095,974 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1Farbe.jpg
[2012.04.05 23:44:27 | 000,877,259 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9538_1.jpg
[2012.04.05 00:32:00 | 000,920,432 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_0220.JPG
[2012.04.04 23:35:22 | 000,455,343 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9520_1.jpg
[2012.03.30 11:05:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 02:12:00 | 000,161,534 | ---- | C] () -- C:\Users\Sven Bruns\Documents\ultraschall22_3_12.jpg
[2012.03.18 22:28:08 | 001,831,556 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9678.JPG
[2012.03.18 22:25:43 | 002,215,457 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9679.JPG
[2012.03.18 21:13:18 | 000,128,903 | ---- | C] () -- C:\Users\Sven Bruns\Documents\2012-03-18 20-12-27.960.jpg
[2012.03.18 00:59:05 | 000,043,884 | ---- | C] () -- C:\Users\Sven Bruns\Documents\307148_230128800366385_100001078002048_622536_1426374_n.jpg
[2012.03.17 20:25:16 | 000,187,732 | ---- | C] () -- C:\Users\Sven Bruns\Documents\2012-03-17 19-21-36.904.jpg
[2012.03.16 22:37:04 | 000,765,600 | ---- | C] () -- C:\Users\Sven Bruns\Documents\IMG_9629.JPG
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.17 20:14:16 | 000,093,675 | ---- | C] () -- C:\Users\Sven Bruns\AppData\Roaming\Uninstal.exe
[2011.01.03 15:38:23 | 000,131,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.27 21:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.10.02 14:48:00 | 000,000,317 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.07.30 19:28:16 | 000,000,099 | ---- | C] () -- C:\Users\Sven Bruns\AppData\Local\fusioncache.dat
[2010.07.11 22:32:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.07 18:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.01 18:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66

< End of report >

Und der Extras.Txt

Zitat:

OTL Extras logfile created on: 11.04.2012 20:11:55 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sven Bruns\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,62% Memory free
6,19 Gb Paging File | 5,77 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 181,72 Gb Free Space | 63,52% Space Free | Partition Type: NTFS

Computer Name: SVENBRUNS-PC | User Name: Sven Bruns | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FE855C-49F7-4321-9018-E99D2911BF74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A5EC315-BD8D-4DE7-834C-B81584352EA3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31587F4E-0104-44DE-9ACE-481F9B5F6876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37731CA7-924B-4C2F-BA83-C0AD103DC263}" = rport=138 | protocol=17 | dir=out | app=system |
"{397AD80C-58B7-45F7-A0E6-2561DA60847E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F01B11E-EBB4-44AA-B86F-35032AE80884}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EEF9F08-E1AD-4210-B535-345D548166EC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5887F2E8-EEBD-4B8B-ACD4-9FE3A58B878A}" = rport=445 | protocol=6 | dir=out | app=system |
"{68B6B7EB-111F-4F8A-9D85-3B966523DD15}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FEE1401-3489-4DAA-9D6D-D058EE7B3534}" = lport=139 | protocol=6 | dir=in | app=system |
"{726543D5-FAB1-4B3C-BC24-4602B2FB8BC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76336373-76D3-4DDF-894D-4ABA685C6A64}" = rport=139 | protocol=6 | dir=out | app=system |
"{880AF3BE-D86B-402A-8ABE-1004061693AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{90864EDA-C1FB-45CF-83D4-F8E3F8694C1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{975A30BD-730A-4DB6-9449-24DFDB342A8D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A07A428-AFC1-41C3-9D3A-95C51752417A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9B62E070-05E8-4BE1-AEE8-6F0EB05A0CEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8BAC809-D972-4348-A0E3-7FBA92C3E1EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{E673FD2A-666F-4FDC-AA7F-3637F1C0A0B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{E813D9B0-36E4-4BAA-9081-6A8DF6D9D6D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F43885FE-9E67-4C99-AE9E-7DEA8F7B3621}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E2786-D70F-42C2-BC1F-7BEC6532F82E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{040AC6FD-3F6F-4FE8-9C2C-80CF5C673344}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{052F5F46-C69D-41E9-B495-1A66671257EA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{07951826-83F7-4F4F-8C0C-EF9307F4BA14}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{090EEF73-8C10-4983-88BC-747B14CC08D2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0A43F416-7341-492E-A864-6ADF67CB0407}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{13252E86-40BE-4561-A447-931FDA2584B8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{17230C58-6E76-4F9E-89D2-F43C4DB9FFC8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{1B2D38EF-98C3-41FC-826A-5269ACED6DAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D9455D0-E7B2-49CA-A4E8-80B7607F0F52}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{1E1E92B4-1205-4A01-A3B6-EFEDE8656CA3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1F20EAEA-C475-40F9-B9AD-3582DFAC0292}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2364F9BC-6D3E-4614-BEC8-0AACCEBD6670}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2419BFE0-D490-4A1D-8251-F6A6E8D788FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{263E06CB-7C1D-47E8-BF54-CD01F986946D}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{2FEB73DF-B192-4219-9D3A-EF7F00D70851}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{31BD00FD-E22B-468D-8ED8-00FEA44FB403}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{349923A8-3E77-454A-98A3-E3009ED37409}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{34D95A5D-786A-46E8-ADDC-C9E9D3EEE051}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B7DCAF3-2D8D-48CB-B7D7-98295FA6FA11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4063F404-F4AC-4A41-9A50-CE7A9384AE79}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{42ECDD52-6A2F-4F42-9BDE-68CAEA3F9787}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4E953062-C043-42B0-8D9A-D3392CB58126}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{50C88C0B-E181-4AB9-95ED-0096EE7C711C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{51C99631-8034-4DA3-B36A-BDFD7CCF5BDA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{55E76D07-3AD3-41D7-8887-2419749DE8F5}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5C2A7B3E-D5B2-42CC-BC26-3D18958E61D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E0D774A-88BD-4505-AE95-50C89E6D00E9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{63343252-0E01-4E90-AF71-F62AD7A5FB76}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6816091F-1B0C-48FA-BD42-F4E090CD2522}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{697FE200-23BD-4834-B23D-49F57A48633A}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{6A6F3CC2-C12B-4E0A-A35F-44BACF90BA67}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{6CE7BB9B-02D8-4207-B251-7822DBB469E5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{728986F6-E75E-4F08-AA72-C2AFAF2E7C55}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B790699-A844-4434-8562-9BFB0CEDFA1C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{86D4181E-E957-42A4-957F-DD88F9D9CA92}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8BD773B1-8CE9-42F6-AACB-48646E22D0C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{92BD4ADA-C001-4727-B148-834050D99BEB}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{94A48538-A729-46C9-8E9B-B7DED674B721}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9565A9AC-D7C7-4B3B-BECD-2276B4E37696}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{968001CE-8AAE-44B4-98CD-E0FC546E5EFA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{968F929F-3B4A-4EBE-9DEF-9AB304AD2968}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{9AC5B61E-E937-4376-8F5A-4510E8184AA4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9BBCCB8F-7758-4B60-9068-CBB6B744240F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C83B037-057B-4680-9B63-09DFBD531D78}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{9D2AD973-D2AE-4C22-8716-C96F995DD8B8}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{A016B58D-602C-44E4-B027-9ADBD1D437D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A06D9415-C45D-4E73-A393-8F49194588F7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A2A48BA5-D9F4-4F1B-9E78-BF74B920C429}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A467D61E-8325-40B6-9E8B-FD81E2D7A087}" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"{B21CCDFA-579D-4A01-A5F7-1A5637F4F593}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{B6F89355-668C-42A8-A210-CE549DC0628B}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{C2564A1D-5607-4933-8260-D2D173EDA93D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C53A8478-74AF-4447-A58C-222A2061B18D}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{CBF6AF06-B065-4AC8-9A70-438D440FA897}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{CD71B661-0A6B-4893-8538-5A8FC07E5ED4}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D414B8D9-9FB4-45C2-AA96-163DBEC62FF1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D8BD469B-9C8A-4475-9D04-2466B8945A8B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DDA30025-88BA-4907-9488-221BB551BC7F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E3F31649-0629-43FA-9F5D-D1B2EB12BD67}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7DBDE06-81EA-42A0-8275-BB3841861E6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA842413-33E1-4292-B790-48052C5D1CE4}" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"{EFD652FB-74C1-4AED-ADDB-AF3D42547B19}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{FFBD26DB-2736-42B4-9DCF-DC6B9B8EA31A}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{033563FE-AAFF-4A89-828F-4432081EB919}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{0F99EC1F-8947-445A-9B1C-3839C9916A1D}C:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{109E00C9-A268-44CC-AF09-0BA5F80639AD}C:\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{17B07D08-3867-49A0-9DE2-61C88AD38179}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{1AF8B40A-862A-4000-A4A3-211F0EC548FA}C:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe |
"TCP Query User{1B0E52DF-EC91-4578-851B-FFE8E4984445}C:\program files\icq7.013_58_25\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"TCP Query User{369679C6-1D84-4D95-BD8F-E402C801C755}C:\users\sven bruns\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{3A0D9053-4D9B-44B9-9AB2-7E386685312D}C:\users\sven bruns\downloads\maestia-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader(2).exe |
"TCP Query User{4B3E27CC-8C22-4EA2-B38D-B1E0DC52A346}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{4C13F984-8591-4CE6-AAD0-664492B85C6E}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{632D1759-28C8-4028-BF98-59DBD2153196}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{6988E270-9E70-4C56-89A3-28B448D15847}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{6F015FD0-5D3E-472D-9ECC-3AEAB36639B4}C:\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\metin2\metin2.bin |
"TCP Query User{7BB45777-7D7E-4DC9-A4D6-F6B1BFDCA2A2}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8391AECD-BBEA-491C-A9A1-5A3D17BE7DF9}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{8CF84167-562F-488A-B08F-F05928C7A960}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{93B66497-BCAA-4386-889B-16F06ACE399F}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{ADABDB29-5822-4B9B-90A3-D21536905A03}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{BACD5A20-7BAF-40B7-B5D3-DC1D62382D8C}C:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe |
"TCP Query User{BBA0FF9A-DB54-45C0-86EE-D6D87D2E887F}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{C69ABFD5-1C1E-4139-A212-C95E1D95D628}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{CB66F115-ADD0-4764-938F-EB503DA7F36F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3568211-70A9-40A6-A872-117E8C0E6CC0}C:\users\sven bruns\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader.exe |
"TCP Query User{F13F40AF-1555-4E56-AE7B-946EBF7756CD}C:\users\sven bruns\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F2F63EEC-EC62-41ED-B6E8-2EE3DA6C22DC}C:\program files\icq7.013_58_25\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"TCP Query User{FEC41743-1039-4049-A5AB-11B5EF5C0E2B}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
"UDP Query User{09020D36-228C-4838-8A53-0F521B5904BA}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{0E8FD9F3-7674-46F0-8422-9861E3ECD66C}C:\users\sven bruns\downloads\maestia-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader(2).exe |
"UDP Query User{13BB40F1-5CD7-44EA-96ED-3F71653EA281}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{141CE644-2C54-4BF6-A264-6DEAEFACCC99}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{14BA1B52-059C-41D0-9D0B-84AB5A1F2495}C:\program files\icq7.013_58_25\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"UDP Query User{1F217F20-B746-42B0-ACE8-EC8106D4254B}C:\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\metin2\metin2.bin |
"UDP Query User{1FC71B10-5AC5-449A-B5F6-91F4B59D80DA}C:\program files\icq7.013_58_25\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.013_58_25\icq.exe |
"UDP Query User{2CED225B-6DF6-4022-BA58-E0339FDA0DBF}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{3EE5CA3A-8C11-4F36-878A-5F535FAFB732}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{42D1B247-BAC0-496A-B2CF-6A87FB434F7B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{440263AB-1C5C-47DD-920E-CF425DA7C523}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{47C99A0E-7E88-4B38-8220-94FB6ACC2929}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
"UDP Query User{7A5D1BD6-C043-4175-AA31-C4F69954E0BB}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{82229CC6-E4A4-483A-A60A-2AA7E65B6ED9}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{8E768C10-14A0-4FFB-AA35-EFC042C54814}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{9FD5420B-4F32-4921-B265-6BD346FDB126}C:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\desktop\battlefield 2\bf2_w32ded.exe |
"UDP Query User{A3AA958B-0C1D-45B2-BE03-A0F203E390D1}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"UDP Query User{AAA24C0D-70DE-4769-959C-59DC48251E31}C:\users\sven bruns\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B09F60C8-85AD-4214-BD40-404A816D22E2}C:\users\sven bruns\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\maestia-downloader.exe |
"UDP Query User{B564AD2B-0112-496C-95B8-9108E82BAB05}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{C4F6FA83-5C69-4DB7-B97A-1400476C17AC}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{C9B91EF9-168A-4FD4-A056-5EF9E071CD46}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{CF3B8A68-5756-48FD-A5DD-3ADD8F673C58}C:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{D2E74216-4CA4-444F-A87C-BC9C9D5A834A}C:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\temp\2e0d641d1b3d42cba6b9c9503db41ef0\relicdownloader.exe |
"UDP Query User{D32BDB7B-3479-4498-AE1D-818727DF448D}C:\users\sven bruns\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\sven bruns\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{EA1434F3-8173-4C9C-A5C8-B262A64D4A1F}C:\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF163C0-7019-4d01-ADCF-0E1D386C7141}" = IObit Toolbar v5.2
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE39C8A5-C98D-4702-807F-265FCF9F54FD}" = TubeBox!
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D53073B2-2504-4D58-BC66-4DE4E19F54B3}_is1" = Yaric version 3.4.2.0
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABM" = ABM 1.1
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602
"Game Booster_is1" = Game Booster 3
"GridVista" = Acer GridVista
"iLivid" = iLivid
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"Neffy" = Neffy 1,3,29,0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"SearchAnonymizer" = SearchAnonymizer
"Steam App 105600" = Terraria
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Two Worlds Pinball" = Two Worlds Pinball
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.01.2011 17:39:40 | Computer Name = SvenBruns-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.01.2011 17:39:40 | Computer Name = SvenBruns-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15.01.2011 10:51:36 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2011 12:20:00 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2011 12:34:46 | Computer Name = SvenBruns-PC | Source = VSS | ID = 8194
Description =

Error - 15.01.2011 12:43:20 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000006, Fehleroffset 0x00003596, Prozess-ID 0x1780, Anwendungsstartzeit 01cbb4d2b45d3410.

Error - 15.01.2011 12:43:31 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit
der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern;
oder der Datenträger fehlt. Das Programm 1602 wurde wegen dieses Fehlers geschlossen.

Programm:
1602 Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000013 Datenträgertyp: 0

Error - 15.01.2011 17:15:27 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000005, Fehleroffset 0x00003596, Prozess-ID 0x290, Anwendungsstartzeit 01cbb4d651cc9c60.

Error - 15.01.2011 21:25:28 | Computer Name = SvenBruns-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 1602.exe, Version 0.2.5.2, Zeitstempel 0x37c2b625,
fehlerhaftes Modul Maxsound.dll, Version 2.3.0.0, Zeitstempel 0x3700dc85, Ausnahmecode
0xc0000005, Fehleroffset 0x00003596, Prozess-ID 0xf4c, Anwendungsstartzeit 01cbb4f95ea04810.

Error - 16.01.2011 05:14:33 | Computer Name = SvenBruns-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.04.2012 13:41:15 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11.04.2012 13:44:50 | Computer Name = SvenBruns-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.

Error - 11.04.2012 13:45:40 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:50 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:51 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:54 | Computer Name = SvenBruns-PC | Source = DCOM | ID = 10005
Description =

Error - 11.04.2012 13:45:55 | Computer Name = SvenBruns-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11.04.2012 13:46:44 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11.04.2012 13:46:44 | Computer Name = SvenBruns-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.04.2012 14:17:50 | Computer Name = SvenBruns-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

< End of report >

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

okay also ich war die letzten tage leider verhindert und konnte deshalb die scans erst heute beenden
hier ist der malware log

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.12.08
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Sven  Bruns :: SVENBRUNS-PC [Administrator]
 

12.04.2012 21:42:45

mbam-log-2012-04-13 (14-09-28).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 440017

Laufzeit: 1 Stunde(n), 39 Minute(n), 46 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
 

(Ende)

und der ESET log

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f339e44a02989843937111a2ce7bdb45

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-13 03:03:20

# local_time=2012-04-13 05:03:20 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 15552598 15552598 0 0

# compatibility_mode=5892 16776574 100 100 6111378 171852065 0 0

# compatibility_mode=8192 67108863 100 0 233 233 0 0

# scanned=239592

# found=10

# cleaned=0

# scan_time=10063

C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMVLYZC3\iobitToolbar[1].msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2bd26fa9-14a14f5f        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\empire_earth__ultimate_edition.exe        a variant of Win32/MediaGet application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gb3-setup(1).exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gb3-setup.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gtk2120-setup.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f339e44a02989843937111a2ce7bdb45

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-15 12:16:53

# local_time=2012-04-15 02:16:53 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 15672177 15672177 0 0

# compatibility_mode=5892 16776573 100 100 6230957 171971644 0 0

# compatibility_mode=8192 67108863 100 0 119812 119812 0 0

# scanned=241562

# found=10

# cleaned=0

# scan_time=10097

C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMVLYZC3\iobitToolbar[1].msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Skype\SkypePM.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\Local\Temp\ms0cfg32.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2bd26fa9-14a14f5f        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\empire_earth__ultimate_edition.exe        a variant of Win32/MediaGet application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gb3-setup(1).exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gb3-setup.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\gtk2120-setup.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sven  Bruns\Downloads\SoftonicDownloader_fuer_windows-media-player.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Vielen Vielen Dank
Nachdem ich den malwarescan wiederholt habe und dir ergebnisse gelöscht habe läuft mein pc nun wieder einwandfrei :))
Ein herzlichen dank an das Team

Ja wir sind hier aber noch nicht fertig

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Also1. ja alles läuft wieder uneingeschränkt
und2. ich habe eben durchgeguckt ich vermisse keine Daten oder ähnliches

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Tut mir leid das ich mich so lange nicht gemeldet habe bei uns ist ein blitz eingeschlagen und es gab probleme mit dem neuen router
aber hier der OTL log

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Ich will ein Log sehen und nicht das was ich selbst gepostet hab

jaa okay tut mir leid ich habe vergessen beim log auf kopieren zu gehen :D
jetzt aber meiner

OTL Logfile:

Code:

OTL logfile created on: 24.04.2012 16:08:12 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sven  Bruns\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 71,81% Memory free

6,23 Gb Paging File | 5,59 Gb Available in Paging File | 89,66% Paging File free

Paging file location(s): ?:\pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 286,09 Gb Total Space | 180,33 Gb Free Space | 63,03% Space Free | Partition Type: NTFS

 

Computer Name: SVENBRUNS-PC | User Name: Sven  Bruns | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.11 20:10:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sven  Bruns\Downloads\OTL.exe

PRC - [2012.02.21 15:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Programme\IObit\Game Booster\gbtray.exe

PRC - [2011.10.27 10:36:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe

PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe

PRC - [2009.03.05 09:43:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe

PRC - [2008.11.05 13:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.22 13:14:15 | 020,297,512 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll

MOD - [2012.04.22 13:14:14 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll

MOD - [2012.04.22 13:14:14 | 000,907,048 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll

MOD - [2012.04.22 13:14:14 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll

MOD - [2012.04.22 13:14:14 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll

MOD - [2011.12.15 16:16:32 | 000,516,440 | ---- | M] () -- C:\Programme\IObit\Game Booster\sqlite3.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.15 23:53:19 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.03.02 17:04:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.02.24 16:51:23 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)

SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2006.04.14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2006.04.14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2012.02.15 19:06:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.01.04 16:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)

DRV - [2011.12.23 01:50:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011.12.08 06:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2011.12.08 06:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2011.12.08 06:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.08.18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009.08.18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.08.18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2009.04.07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)

DRV - [2009.03.23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.03.17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008.12.29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2003.10.01 16:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)

DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = hxxp://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 10:52:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:59:25 | 000,000,000 | ---D | M]

 

[2011.07.04 14:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Extensions

[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions

[2012.03.01 23:32:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sven  Bruns\AppData\Roaming\mozilla\Firefox\Profiles\0nx00ne6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF

[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012.03.27 10:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.29 21:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll

[2012.03.27 10:52:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.27 10:52:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.27 10:52:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.27 10:52:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.27 10:52:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.27 10:52:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [Akamai NetSession Interface] "C:\Users\Sven  Bruns\AppData\Local\Akamai\netsession_win.exe" File not found

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [MediaGet2] C:\Users\Sven  Bruns\AppData\Local\MediaGet2\mediaget.exe --minimized File not found

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O7 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sven  Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB44992-72B9-4A4E-981C-7DC7054017FF}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ED7889-A2CF-4353-B564-5C4D19614B5D}: DhcpNameServer = 139.7.30.125 139.7.30.126

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E26DC6-E663-4194-9968-55AE29797971}: DhcpNameServer = 192.168.42.129

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe

O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: 4StoryPrePatch - hkey= - key= - C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)

MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

MsConfig - State: "bootini" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.17 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.04.17 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012.04.16 20:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2012.04.16 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot

[2012.04.16 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar

[2012.04.13 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.12 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Sven  Bruns\AppData\Roaming\Malwarebytes

[2012.04.12 21:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.12 21:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.12 21:16:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.12 21:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.11 21:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012.04.11 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2012.03.30 11:05:17 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Sven  Bruns\AppData\Roaming\MinecraftSP.exe

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.24 14:48:59 | 000,001,356 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Local\d3d9caps.dat

[2012.04.24 14:12:52 | 000,755,576 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.24 14:12:52 | 000,701,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.24 14:12:52 | 000,179,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.24 14:12:52 | 000,145,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.24 14:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.24 14:06:06 | 000,000,870 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk

[2012.04.24 13:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.24 13:49:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 13:49:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.24 13:49:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.24 13:49:10 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job

[2012.04.24 00:14:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.23 21:48:53 | 002,116,023 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1833.JPG

[2012.04.23 21:48:44 | 001,942,801 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1722.JPG

[2012.04.21 00:16:34 | 000,002,529 | ---- | M] () -- C:\Users\Sven  Bruns\Desktop\TubeBox! starten.lnk

[2012.04.17 22:17:33 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.17 01:31:17 | 001,718,986 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_5966_Prismen.jpg

[2012.04.17 01:23:55 | 001,595,751 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1571.JPG

[2012.04.15 23:53:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.04.15 23:53:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.04.15 23:33:34 | 000,083,860 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_1565_1-tile.jpg

[2012.04.12 21:16:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.11 21:03:07 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.08 23:09:51 | 003,428,106 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_0005.JPG

[2012.04.08 23:06:30 | 001,827,981 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_6282.JPG

[2012.04.08 23:03:45 | 000,113,029 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\nocmalbestest.jpg

[2012.04.08 22:59:43 | 001,453,975 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_2477.JPG

[2012.04.08 22:59:32 | 001,654,842 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_2356.JPG

[2012.04.08 22:48:36 | 000,340,720 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 083.jpg

[2012.04.08 22:47:00 | 000,374,754 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 169.jpg

[2012.04.08 22:45:59 | 000,284,968 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\Bild 000.jpg

[2012.04.08 22:43:54 | 001,846,819 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\HPIM2254.JPG

[2012.04.08 22:41:09 | 001,303,838 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\DSC00177.JPG

[2012.04.08 22:37:02 | 000,513,318 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\CIMG0228.JPG

[2012.04.08 22:32:15 | 001,523,339 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\diverses sommer 2009 025.JPG

[2012.04.08 22:31:24 | 001,471,248 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC11233.JPG

[2012.04.08 22:27:56 | 000,914,610 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC18981.JPG

[2012.04.08 22:25:36 | 000,336,904 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC19236.JPG

[2012.04.08 22:25:33 | 000,424,028 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\SDC19225.JPG

[2012.04.08 22:24:16 | 001,480,648 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_7225.JPG

[2012.04.06 01:01:17 | 002,127,153 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_Farbe1.jpg

[2012.04.06 00:22:08 | 002,095,974 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1Farbe.jpg

[2012.04.05 23:45:38 | 000,877,259 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1.jpg

[2012.04.05 00:32:54 | 000,920,432 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_0220.JPG

[2012.04.04 23:35:54 | 000,455,343 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\IMG_9520_1.jpg

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.29 02:12:16 | 000,161,534 | ---- | M] () -- C:\Users\Sven  Bruns\Documents\ultraschall22_3_12.jpg

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.24 14:06:06 | 000,000,870 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk

[2012.04.23 21:48:15 | 002,116,023 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1833.JPG

[2012.04.23 21:47:49 | 001,942,801 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1722.JPG

[2012.04.17 01:30:45 | 001,718,986 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_5966_Prismen.jpg

[2012.04.17 01:23:24 | 001,595,751 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1571.JPG

[2012.04.15 23:33:19 | 000,083,860 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_1565_1-tile.jpg

[2012.04.12 21:16:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.11 21:03:07 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012.04.08 23:04:56 | 003,428,106 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_0005.JPG

[2012.04.08 23:03:24 | 001,827,981 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_6282.JPG

[2012.04.08 23:03:12 | 000,113,029 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\nocmalbestest.jpg

[2012.04.08 22:55:15 | 001,453,975 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_2477.JPG

[2012.04.08 22:54:24 | 001,654,842 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_2356.JPG

[2012.04.08 22:47:57 | 000,340,720 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 083.jpg

[2012.04.08 22:46:40 | 000,374,754 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 169.jpg

[2012.04.08 22:45:42 | 000,284,968 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\Bild 000.jpg

[2012.04.08 22:43:18 | 001,846,819 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\HPIM2254.JPG

[2012.04.08 22:40:35 | 001,303,838 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\DSC00177.JPG

[2012.04.08 22:36:43 | 000,513,318 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\CIMG0228.JPG

[2012.04.08 22:31:45 | 001,523,339 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\diverses sommer 2009 025.JPG

[2012.04.08 22:30:54 | 001,471,248 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC11233.JPG

[2012.04.08 22:27:31 | 000,914,610 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC18981.JPG

[2012.04.08 22:25:28 | 000,336,904 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC19236.JPG

[2012.04.08 22:25:12 | 000,424,028 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\SDC19225.JPG

[2012.04.08 22:22:31 | 001,480,648 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_7225.JPG

[2012.04.06 01:00:43 | 002,127,153 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_Farbe1.jpg

[2012.04.06 00:20:47 | 002,095,974 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1Farbe.jpg

[2012.04.05 23:44:27 | 000,877,259 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9538_1.jpg

[2012.04.05 00:32:00 | 000,920,432 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_0220.JPG

[2012.04.04 23:35:22 | 000,455,343 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\IMG_9520_1.jpg

[2012.03.30 11:05:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.03.29 02:12:00 | 000,161,534 | ---- | C] () -- C:\Users\Sven  Bruns\Documents\ultraschall22_3_12.jpg

[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.05.17 20:14:16 | 000,093,675 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Uninstal.exe

[2011.01.03 15:38:23 | 000,131,532 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.12.27 21:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2010.10.02 14:48:00 | 000,000,317 | ---- | C] () -- C:\Windows\WININIT.INI

[2010.07.30 19:28:16 | 000,000,099 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Local\fusioncache.dat

[2010.07.11 22:32:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.06.07 18:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.01 18:25:35 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.01.29 16:00:01 | 000,000,000 | -HSD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.#

[2012.01.04 00:11:28 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.minecraft

[2010.01.19 15:22:43 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Acer

[2009.04.26 11:08:56 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Acer GameZone Console

[2010.01.01 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Adobe

[2012.01.18 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Apple Computer

[2010.03.09 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Audacity

[2011.10.16 14:06:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Avira

[2011.04.20 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\BitZipper

[2010.01.01 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Corel

[2012.04.15 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DAEMON Tools Lite

[2011.02.05 21:10:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DivX

[2010.08.17 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.04.25 23:56:22 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Firefly Studios

[2011.06.10 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\FLEXnet

[2010.07.25 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\FOG Downloader

[2012.02.13 20:20:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\GetRightToGo

[2011.12.30 16:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\GHISLER

[2011.05.24 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Google

[2011.02.03 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\gtk-2.0

[2012.04.23 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\icq

[2009.12.30 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Identities

[2011.10.16 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\InstallShield

[2010.01.01 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\InterVideo

[2011.08.13 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Jens Lorek

[2009.12.30 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Leadertech

[2011.06.05 22:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\LolClient

[2009.12.30 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Macromedia

[2012.04.12 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Media Center Programs

[2012.02.25 17:33:57 | 000,000,000 | --SD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft

[2011.07.04 14:27:27 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Mozilla

[2012.02.15 22:06:48 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\MyPhoneExplorer

[2012.01.20 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\NVIDIA

[2010.03.01 16:31:41 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\OCS

[2010.10.06 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\OpenOffice.org

[2011.12.30 16:32:03 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Opera

[2010.12.27 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\PhotoScape

[2010.06.01 18:25:52 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\PlayFirst

[2012.02.13 16:24:07 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung

[2009.12.31 16:37:47 | 000,000,000 | RH-D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\SecuROM

[2011.05.25 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Sierra

[2010.04.28 19:54:40 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Sierra Entertainment

[2012.04.24 00:49:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Skype

[2010.12.11 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\skypePM

[2012.02.01 16:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Softpark

[2011.12.17 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Spore

[2010.05.13 10:45:53 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Teeworlds

[2010.09.01 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\TubeBox

[2011.06.10 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\Vodafone

[2010.01.01 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sven  Bruns\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.10.20 16:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Sven  Bruns\AppData\Roaming\MinecraftSP.exe

[2011.05.17 20:14:20 | 000,093,675 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Uninstal.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_2213260d.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_3b251e1f.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_45091238.exe

[2010.08.16 20:06:36 | 000,003,262 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_4e45323b.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_63cb6bfc.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_6b8930a.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_6e5d1ad4.exe

[2010.08.16 20:06:36 | 000,003,262 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_701f5d03.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_7a5a767d.exe

[2010.08.16 20:06:36 | 000,001,078 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}\_7f967ff5.exe

[2010.09.01 17:37:37 | 000,009,662 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe

[2011.08.13 00:27:53 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe

[2012.02.06 21:39:04 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe

[2011.06.26 17:05:38 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe

[2010.09.01 17:39:23 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe

[2010.12.20 21:07:14 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe

[2012.04.21 00:16:34 | 000,010,134 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_7F7458BFD582C00FF78826.exe

[2012.04.21 00:16:34 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_853F67D554F05449430E7E.exe

[2012.04.21 00:16:34 | 000,355,574 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_E460DD8AE65E9AE8A7F8F8.exe

[2012.04.21 00:16:34 | 000,355,574 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_EF47F7F6FC8D853BE6A60C.exe

[2012.04.21 00:16:34 | 000,080,992 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_FEB897155D11C908CCA7A9.exe

[2011.06.05 14:07:10 | 000,034,494 | R--- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe

[2011.02.24 16:51:23 | 000,040,960 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[2012.03.01 23:37:12 | 000,106,408 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.03.01 23:37:12 | 000,101,288 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.03.01 23:37:12 | 000,021,416 | ---- | M] () -- C:\Users\Sven  Bruns\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\drivers\atapi.sys

[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_90788e4d\atapi.sys

[2009.02.12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22375_none_dd7b1aaf3adbaafe\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.11.06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6be1d3ca\atapi.sys

[2008.11.06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22303_none_ddc4c98f3aa4b4b9\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys

[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes,DefaultScope = {2B5DF01E-94F3-4B82-9700-139A992F3241}

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4456535635266F3D3135303132267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}: "URL" = http://www.winload.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E77696E6C6F61642E64652F6F70656E7365617263682F676F6F676C652F6965382F7365617263682F3F7365617263685465726D733D7B7365617263685465726D737D267374617274506167653D7B7374617274506167653F7D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE360DE360&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&mode=bounce&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432343331323435&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D&st={searchTerms}&clid=3310501a-10a9-4597-a6ec-8f57739bc454&pid=icqt&k=0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="

FF - user.js - File not found

[2012.02.02 21:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.16 20:29:00 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF

[2010.01.01 14:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Ocs_SM] C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\S-1-5-21-1899564752-3391272897-2100108512-1003..\Run: [Akamai NetSession Interface] "C:\Users\Sven  Bruns\AppData\Local\Akamai\netsession_win.exe" File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\umenu.exe

O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell - "" = AutoRun

O33 - MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

[2012.04.16 20:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2012.04.24 14:06:06 | 000,000,870 | ---- | C] () -- C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk

[2010.01.29 16:00:01 | 000,000,000 | -HSD | M] -- C:\Users\Sven  Bruns\AppData\Roaming\.#

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1982A23

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B3A35EC

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4A0829E0

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F6C0CA66

:Files

C:\Program Files\Common Files\Spigot

C:\Programme\IObit Toolbar

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Also ich habe jetzt den Fix durchgeführt und nach dem Neustart des Pc's hat sich ein txt Dokument geöffnet mit folgendem Inhalt

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.

C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll moved successfully.

HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2B5DF01E-94F3-4B82-9700-139A992F3241}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B5DF01E-94F3-4B82-9700-139A992F3241}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{51E04947-AB45-42CE-858E-F6FD1C8D479B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51E04947-AB45-42CE-858E-F6FD1C8D479B}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{5563AAF7-7046-4495-8335-DC629DF6396A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5563AAF7-7046-4495-8335-DC629DF6396A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{68DD83F7-F025-42FC-878B-74D33BF624D6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68DD83F7-F025-42FC-878B-74D33BF624D6}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7618F766-ED79-48CE-9260-513B449259D0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7618F766-ED79-48CE-9260-513B449259D0}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7950C6C4-5213-4420-B7F5-0F5A5F342F6B}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8FE40754-0A3B-4F03-B024-444150929C91}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE40754-0A3B-4F03-B024-444150929C91}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9626998A-4368-4575-B283-513944583C6C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9626998A-4368-4575-B283-513944583C6C}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "Yahoo" removed from browser.search.defaultenginename

Prefs.js: "chr-greentree_ff&type=382950&ilc=12" removed from browser.search.param.yahoo-fr

Prefs.js: "Yahoo" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.facebook.com/" removed from browser.startup.homepage

Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=" removed from keyword.URL

C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Programme\Mozilla Firefox\extensions folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.

File C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.

File C:\Programme\IObit Toolbar\IE\5.4\iobitToolbarIE.dll not found.

Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7983a31e-85cb-11e0-acf2-00238bf6fcb1}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9499fa37-936d-11e0-bf36-00238bf6fcb1}\ not found.

File E:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9dc8afd-0dc7-11df-a6e7-00238bf6fcb1}\ not found.

File E:\umenu.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1ad2ebd-62b2-11df-920d-00238bf6fcb1}\ not found.

File E:\USBAutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee8dc096-97fe-11de-94b5-806e6f6e6963}\ not found.

File D:\arun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\setup_vmc_lite.exe /checkApplicationPresence not found.

C:\Program Files\Application Updater folder moved successfully.

C:\Users\Sven  Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnszs0.exe.lnk moved successfully.

C:\Users\Sven  Bruns\AppData\Roaming\.# folder moved successfully.

ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.

ADS C:\ProgramData\TEMP:E1982A23 deleted successfully.

ADS C:\ProgramData\TEMP:814B9485 deleted successfully.

ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.

ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.

ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.

ADS C:\ProgramData\TEMP:35759C73 deleted successfully.

ADS C:\ProgramData\TEMP:6C5EC3CD deleted successfully.

ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:4A0829E0 deleted successfully.

ADS C:\ProgramData\TEMP:BB24555F deleted successfully.

ADS C:\ProgramData\TEMP:F6C0CA66 deleted successfully.

========== FILES ==========

C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.

C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files\Common Files\Spigot folder moved successfully.

File\Folder C:\Programme\IObit Toolbar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Sven  Bruns

->Temp folder emptied: 292474697 bytes

->Temporary Internet Files folder emptied: 275102502 bytes

->Java cache emptied: 443321 bytes

->FireFox cache emptied: 1129173127 bytes

->Flash cache emptied: 9515 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2258076 bytes

RecycleBin emptied: 6059542 bytes

 

Total Files Cleaned = 1.627,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Sven  Bruns

->Flash cache emptied: 0 bytes

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.41.0 log created on 04242012_200755
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

okay hier das Log vom Kaspersky

Code:

20:26:25.0869 5420        TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34

20:26:26.0531 5420        ============================================================

20:26:26.0532 5420        Current date / time: 2012/04/24 20:26:26.0531

20:26:26.0532 5420        SystemInfo:

20:26:26.0532 5420        

20:26:26.0532 5420        OS Version: 6.0.6002 ServicePack: 2.0

20:26:26.0532 5420        Product type: Workstation

20:26:26.0532 5420        ComputerName: SVENBRUNS-PC

20:26:26.0533 5420        UserName: Sven  Bruns

20:26:26.0533 5420        Windows directory: C:\Windows

20:26:26.0533 5420        System windows directory: C:\Windows

20:26:26.0533 5420        Processor architecture: Intel x86

20:26:26.0533 5420        Number of processors: 2

20:26:26.0533 5420        Page size: 0x1000

20:26:26.0533 5420        Boot type: Normal boot

20:26:26.0533 5420        ============================================================

20:26:27.0289 5420        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:26:27.0296 5420        ============================================================

20:26:27.0297 5420        \Device\Harddisk0\DR0:

20:26:27.0297 5420        MBR partitions:

20:26:27.0297 5420        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x23C2D800

20:26:27.0297 5420        ============================================================

20:26:27.0331 5420        C: <-> \Device\Harddisk0\DR0\Partition0

20:26:27.0331 5420        ============================================================

20:26:27.0331 5420        Initialize success

20:26:27.0331 5420        ============================================================

20:26:29.0721 4756        ============================================================

20:26:29.0721 4756        Scan started

20:26:29.0721 4756        Mode: Manual; 

20:26:29.0721 4756        ============================================================

20:26:30.0238 4756        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:26:30.0247 4756        ACPI - ok

20:26:30.0398 4756        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:26:30.0402 4756        AdobeFlashPlayerUpdateSvc - ok

20:26:30.0496 4756        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:26:30.0508 4756        adp94xx - ok

20:26:30.0560 4756        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:26:30.0594 4756        adpahci - ok

20:26:30.0632 4756        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:26:30.0635 4756        adpu160m - ok

20:26:30.0716 4756        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:26:30.0721 4756        adpu320 - ok

20:26:30.0785 4756        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

20:26:30.0786 4756        AeLookupSvc - ok

20:26:30.0872 4756        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:26:30.0884 4756        AFD - ok

20:26:30.0937 4756        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:26:30.0940 4756        agp440 - ok

20:26:30.0983 4756        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:26:30.0986 4756        aic78xx - ok

20:26:31.0025 4756        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

20:26:31.0030 4756        ALG - ok

20:26:31.0067 4756        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

20:26:31.0069 4756        aliide - ok

20:26:31.0124 4756        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:26:31.0126 4756        amdagp - ok

20:26:31.0167 4756        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

20:26:31.0168 4756        amdide - ok

20:26:31.0204 4756        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:26:31.0206 4756        AmdK7 - ok

20:26:31.0207 4756        Scan interrupted by user!

20:26:31.0208 4756        Scan interrupted by user!

20:26:31.0208 4756        Scan interrupted by user!

20:26:31.0208 4756        ============================================================

20:26:31.0208 4756        Scan finished

20:26:31.0208 4756        ============================================================

20:26:31.0225 5516        Detected object count: 0

20:26:31.0225 5516        Actual detected object count: 0

20:26:46.0245 5364        ============================================================

20:26:46.0245 5364        Scan started

20:26:46.0245 5364        Mode: Manual; SigCheck; TDLFS; 

20:26:46.0245 5364        ============================================================

20:26:46.0463 5364        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:26:46.0655 5364        ACPI - ok

20:26:46.0698 5364        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:26:46.0720 5364        AdobeFlashPlayerUpdateSvc - ok

20:26:46.0778 5364        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:26:46.0809 5364        adp94xx - ok

20:26:46.0862 5364        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:26:46.0886 5364        adpahci - ok

20:26:46.0911 5364        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:26:46.0929 5364        adpu160m - ok

20:26:46.0964 5364        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:26:46.0984 5364        adpu320 - ok

20:26:47.0039 5364        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

20:26:47.0177 5364        AeLookupSvc - ok

20:26:47.0228 5364        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:26:47.0296 5364        AFD - ok

20:26:47.0323 5364        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:26:47.0339 5364        agp440 - ok

20:26:47.0367 5364        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:26:47.0385 5364        aic78xx - ok

20:26:47.0423 5364        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

20:26:47.0601 5364        ALG - ok

20:26:47.0643 5364        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

20:26:47.0657 5364        aliide - ok

20:26:47.0687 5364        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:26:47.0703 5364        amdagp - ok

20:26:47.0731 5364        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

20:26:47.0748 5364        amdide - ok

20:26:47.0779 5364        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:26:47.0827 5364        AmdK7 - ok

20:26:47.0844 5364        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

20:26:47.0904 5364        AmdK8 - ok

20:26:47.0958 5364        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys

20:26:48.0035 5364        androidusb - ok

20:26:48.0146 5364        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe

20:26:48.0161 5364        AntiVirSchedulerService - ok

20:26:48.0210 5364        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

20:26:48.0225 5364        AntiVirService - ok

20:26:48.0269 5364        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

20:26:48.0324 5364        Appinfo - ok

20:26:48.0443 5364        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:26:48.0458 5364        Apple Mobile Device - ok

20:26:48.0511 5364        Application Updater - ok

20:26:48.0550 5364        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

20:26:48.0567 5364        arc - ok

20:26:48.0609 5364        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

20:26:48.0629 5364        arcsas - ok

20:26:48.0763 5364        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:26:48.0779 5364        aspnet_state - ok

20:26:48.0821 5364        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:26:48.0879 5364        AsyncMac - ok

20:26:48.0903 5364        atapi           (0fd275041f8b2197ee964361b4192a18) C:\Windows\system32\drivers\atapi.sys

20:26:48.0920 5364        atapi - ok

20:26:49.0038 5364        athr            (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys

20:26:49.0160 5364        athr - ok

20:26:49.0234 5364        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

20:26:49.0302 5364        AudioEndpointBuilder - ok

20:26:49.0310 5364        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

20:26:49.0347 5364        Audiosrv - ok

20:26:49.0384 5364        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

20:26:49.0419 5364        avipbb - ok

20:26:49.0434 5364        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

20:26:49.0448 5364        avkmgr - ok

20:26:49.0549 5364        BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

20:26:49.0577 5364        BcmSqlStartupSvc - ok

20:26:49.0602 5364        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:26:49.0667 5364        Beep - ok

20:26:49.0731 5364        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

20:26:49.0820 5364        BFE - ok

20:26:49.0916 5364        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

20:26:50.0043 5364        BITS - ok

20:26:50.0075 5364        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

20:26:50.0117 5364        blbdrive - ok

20:26:50.0200 5364        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

20:26:50.0222 5364        Bonjour Service - ok

20:26:50.0258 5364        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:26:50.0308 5364        bowser - ok

20:26:50.0344 5364        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:26:50.0396 5364        BrFiltLo - ok

20:26:50.0436 5364        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:26:50.0480 5364        BrFiltUp - ok

20:26:50.0512 5364        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

20:26:50.0574 5364        Browser - ok

20:26:50.0599 5364        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:26:50.0804 5364        Brserid - ok

20:26:50.0829 5364        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:26:50.0912 5364        BrSerWdm - ok

20:26:50.0933 5364        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:26:51.0023 5364        BrUsbMdm - ok

20:26:51.0039 5364        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:26:51.0118 5364        BrUsbSer - ok

20:26:51.0136 5364        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:26:51.0225 5364        BTHMODEM - ok

20:26:51.0269 5364        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:26:51.0331 5364        cdfs - ok

20:26:51.0381 5364        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:26:51.0430 5364        cdrom - ok

20:26:51.0473 5364        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

20:26:51.0522 5364        CertPropSvc - ok

20:26:51.0570 5364        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

20:26:51.0610 5364        circlass - ok

20:26:51.0662 5364        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:26:51.0690 5364        CLFS - ok

20:26:51.0784 5364        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:26:51.0800 5364        clr_optimization_v2.0.50727_32 - ok

20:26:51.0910 5364        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:26:51.0926 5364        clr_optimization_v4.0.30319_32 - ok

20:26:51.0952 5364        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:26:52.0015 5364        CmBatt - ok

20:26:52.0034 5364        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

20:26:52.0050 5364        cmdide - ok

20:26:52.0144 5364        CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys

20:26:52.0255 5364        CnxtHdAudService - ok

20:26:52.0306 5364        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:26:52.0321 5364        Compbatt - ok

20:26:52.0326 5364        COMSysApp - ok

20:26:52.0340 5364        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

20:26:52.0357 5364        crcdisk - ok

20:26:52.0380 5364        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

20:26:52.0440 5364        Crusoe - ok

20:26:52.0496 5364        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

20:26:52.0549 5364        CryptSvc - ok

20:26:52.0628 5364        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

20:26:52.0750 5364        DcomLaunch - ok

20:26:52.0812 5364        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:26:52.0858 5364        DfsC - ok

20:26:53.0050 5364        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

20:26:53.0364 5364        DFSR - ok

20:26:53.0532 5364        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

20:26:53.0591 5364        Dhcp - ok

20:26:53.0656 5364        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:26:53.0675 5364        disk - ok

20:26:53.0711 5364        DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

20:26:53.0723 5364        DKbFltr - ok

20:26:53.0797 5364        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

20:26:53.0851 5364        Dnscache - ok

20:26:53.0889 5364        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

20:26:53.0953 5364        dot3svc - ok

20:26:53.0994 5364        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

20:26:54.0086 5364        DPS - ok

20:26:54.0136 5364        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:26:54.0191 5364        drmkaud - ok

20:26:54.0265 5364        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:26:54.0306 5364        DXGKrnl - ok

20:26:54.0345 5364        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:26:54.0417 5364        E1G60 - ok

20:26:54.0442 5364        EagleNT - ok

20:26:54.0469 5364        EagleXNt - ok

20:26:54.0512 5364        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

20:26:54.0560 5364        EapHost - ok

20:26:54.0703 5364        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:26:54.0737 5364        Ecache - ok

20:26:54.0822 5364        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

20:26:54.0877 5364        ehRecvr - ok

20:26:54.0908 5364        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

20:26:54.0960 5364        ehSched - ok

20:26:54.0977 5364        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

20:26:55.0018 5364        ehstart - ok

20:26:55.0092 5364        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

20:26:55.0154 5364        elxstor - ok

20:26:55.0225 5364        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

20:26:55.0302 5364        EMDMgmt - ok

20:26:55.0526 5364        ePowerSvc       (bf5a69708fdd68ea1e20e72e2afe6996) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

20:26:55.0564 5364        ePowerSvc - ok

20:26:55.0639 5364        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

20:26:55.0715 5364        ErrDev - ok

20:26:55.0785 5364        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

20:26:55.0836 5364        EventSystem - ok

20:26:55.0919 5364        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:26:55.0974 5364        exfat - ok

20:26:56.0035 5364        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:26:56.0096 5364        fastfat - ok

20:26:56.0134 5364        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

20:26:56.0214 5364        fdc - ok

20:26:56.0390 5364        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

20:26:56.0431 5364        fdPHost - ok

20:26:56.0439 5364        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

20:26:56.0521 5364        FDResPub - ok

20:26:56.0553 5364        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:26:56.0569 5364        FileInfo - ok

20:26:56.0606 5364        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:26:56.0672 5364        Filetrace - ok

20:26:56.0697 5364        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:26:56.0760 5364        flpydisk - ok

20:26:56.0798 5364        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:26:56.0823 5364        FltMgr - ok

20:26:56.0974 5364        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

20:26:57.0055 5364        FontCache - ok

20:26:57.0115 5364        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:26:57.0130 5364        FontCache3.0.0.0 - ok

20:26:57.0161 5364        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:26:57.0216 5364        Fs_Rec - ok

20:26:57.0243 5364        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

20:26:57.0260 5364        gagp30kx - ok

20:26:57.0287 5364        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:26:57.0299 5364        GEARAspiWDM - ok

20:26:57.0360 5364        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

20:26:57.0422 5364        gpsvc - ok

20:26:57.0551 5364        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

20:26:57.0566 5364        gupdate - ok

20:26:57.0572 5364        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

20:26:57.0587 5364        gupdatem - ok

20:26:57.0640 5364        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:26:57.0666 5364        gusvc - ok

20:26:57.0709 5364        hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

20:26:57.0724 5364        hamachi - ok

20:26:57.0772 5364        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

20:26:57.0877 5364        HdAudAddService - ok

20:26:57.0963 5364        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:26:58.0031 5364        HDAudBus - ok

20:26:58.0048 5364        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:26:58.0139 5364        HidBth - ok

20:26:58.0173 5364        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:26:58.0260 5364        HidIr - ok

20:26:58.0301 5364        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

20:26:58.0363 5364        hidserv - ok

20:26:58.0395 5364        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

20:26:58.0440 5364        HidUsb - ok

20:26:58.0487 5364        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

20:26:58.0550 5364        hkmsvc - ok

20:26:58.0574 5364        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

20:26:58.0592 5364        HpCISSs - ok

20:26:58.0644 5364        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:26:58.0723 5364        HTTP - ok

20:26:58.0756 5364        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

20:26:58.0773 5364        i2omp - ok

20:26:58.0814 5364        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:26:58.0862 5364        i8042prt - ok

20:26:59.0001 5364        IAANTMON        (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

20:26:59.0025 5364        IAANTMON - ok

20:26:59.0083 5364        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

20:26:59.0103 5364        iaStor - ok

20:26:59.0137 5364        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

20:26:59.0167 5364        iaStorV - ok

20:26:59.0232 5364        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:26:59.0240 5364        IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:26:59.0240 5364        IDriverT - detected UnsignedFile.Multi.Generic (1)

20:26:59.0366 5364        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:26:59.0458 5364        idsvc - ok

20:26:59.0495 5364        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:26:59.0510 5364        iirsp - ok

20:26:59.0578 5364        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

20:26:59.0651 5364        IKEEXT - ok

20:26:59.0734 5364        int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\System32\OEM\Factory\int15.sys

20:26:59.0757 5364        int15.sys ( UnsignedFile.Multi.Generic ) - warning

20:26:59.0757 5364        int15.sys - detected UnsignedFile.Multi.Generic (1)

20:26:59.0788 5364        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

20:26:59.0803 5364        intelide - ok

20:26:59.0856 5364        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:26:59.0918 5364        intelppm - ok

20:26:59.0953 5364        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

20:27:00.0018 5364        IPBusEnum - ok

20:27:00.0037 5364        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:27:00.0101 5364        IpFilterDriver - ok

20:27:00.0150 5364        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

20:27:00.0224 5364        iphlpsvc - ok

20:27:00.0232 5364        IpInIp - ok

20:27:00.0265 5364        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

20:27:00.0310 5364        IPMIDRV - ok

20:27:00.0340 5364        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:27:00.0394 5364        IPNAT - ok

20:27:00.0551 5364        iPod Service    (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

20:27:00.0588 5364        iPod Service - ok

20:27:00.0617 5364        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:27:00.0661 5364        IRENUM - ok

20:27:00.0691 5364        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

20:27:00.0708 5364        isapnp - ok

20:27:00.0765 5364        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:27:00.0788 5364        iScsiPrt - ok

20:27:00.0817 5364        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:27:00.0833 5364        iteatapi - ok

20:27:00.0861 5364        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:27:00.0875 5364        iteraid - ok

20:27:00.0899 5364        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:27:00.0917 5364        kbdclass - ok

20:27:00.0953 5364        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

20:27:01.0000 5364        kbdhid - ok

20:27:01.0017 5364        KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

20:27:01.0062 5364        KeyIso - ok

20:27:01.0123 5364        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

20:27:01.0162 5364        KSecDD - ok

20:27:01.0229 5364        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

20:27:01.0325 5364        KtmRm - ok

20:27:01.0379 5364        L1C             (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys

20:27:01.0421 5364        L1C - ok

20:27:01.0471 5364        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

20:27:01.0540 5364        LanmanServer - ok

20:27:01.0595 5364        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

20:27:01.0647 5364        LanmanWorkstation - ok

20:27:01.0678 5364        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:27:01.0733 5364        lltdio - ok

20:27:01.0786 5364        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

20:27:01.0857 5364        lltdsvc - ok

20:27:01.0884 5364        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

20:27:01.0961 5364        lmhosts - ok

20:27:02.0007 5364        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

20:27:02.0026 5364        LSI_FC - ok

20:27:02.0062 5364        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

20:27:02.0081 5364        LSI_SAS - ok

20:27:02.0116 5364        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

20:27:02.0148 5364        LSI_SCSI - ok

20:27:02.0169 5364        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:27:02.0223 5364        luafv - ok

20:27:02.0288 5364        massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\DRIVERS\massfilter.sys

20:27:02.0323 5364        massfilter - ok

20:27:02.0364 5364        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

20:27:02.0397 5364        Mcx2Svc - ok

20:27:02.0436 5364        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

20:27:02.0453 5364        megasas - ok

20:27:02.0508 5364        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

20:27:02.0540 5364        MegaSR - ok

20:27:02.0557 5364        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:27:02.0620 5364        MMCSS - ok

20:27:02.0636 5364        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:27:02.0690 5364        Modem - ok

20:27:02.0725 5364        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:27:02.0766 5364        monitor - ok

20:27:02.0783 5364        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:27:02.0801 5364        mouclass - ok

20:27:02.0815 5364        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:27:02.0856 5364        mouhid - ok

20:27:02.0872 5364        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:27:02.0891 5364        MountMgr - ok

20:27:02.0918 5364        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

20:27:02.0951 5364        mpio - ok

20:27:02.0971 5364        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:27:03.0018 5364        mpsdrv - ok

20:27:03.0078 5364        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

20:27:03.0151 5364        MpsSvc - ok

20:27:03.0187 5364        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:27:03.0202 5364        Mraid35x - ok

20:27:03.0242 5364        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:27:03.0283 5364        MRxDAV - ok

20:27:03.0316 5364        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:27:03.0384 5364        mrxsmb - ok

20:27:03.0423 5364        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:27:03.0465 5364        mrxsmb10 - ok

20:27:03.0486 5364        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:27:03.0528 5364        mrxsmb20 - ok

20:27:03.0559 5364        msahci          (1544de2b6a41de218a679eb59f3c3f50) C:\Windows\system32\drivers\msahci.sys

20:27:03.0577 5364        msahci - ok

20:27:03.0616 5364        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

20:27:03.0648 5364        msdsm - ok

20:27:03.0704 5364        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

20:27:03.0782 5364        MSDTC - ok

20:27:03.0810 5364        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:27:03.0867 5364        Msfs - ok

20:27:03.0901 5364        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:27:03.0918 5364        msisadrv - ok

20:27:03.0959 5364        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

20:27:04.0006 5364        MSiSCSI - ok

20:27:04.0015 5364        msiserver - ok

20:27:04.0072 5364        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:27:04.0127 5364        MSKSSRV - ok

20:27:04.0159 5364        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:27:04.0209 5364        MSPCLOCK - ok

20:27:04.0226 5364        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:27:04.0274 5364        MSPQM - ok

20:27:04.0324 5364        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:27:04.0355 5364        MsRPC - ok

20:27:04.0384 5364        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:27:04.0402 5364        mssmbios - ok

20:27:04.0476 5364        MSSQL$MSSMLBIZ - ok

20:27:04.0517 5364        MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

20:27:04.0533 5364        MSSQLServerADHelper - ok

20:27:04.0550 5364        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:27:04.0609 5364        MSTEE - ok

20:27:04.0647 5364        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:27:04.0668 5364        Mup - ok

20:27:04.0731 5364        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

20:27:04.0829 5364        napagent - ok

20:27:04.0877 5364        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:27:04.0935 5364        NativeWifiP - ok

20:27:04.0999 5364        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:27:05.0040 5364        NDIS - ok

20:27:05.0075 5364        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:27:05.0134 5364        NdisTapi - ok

20:27:05.0171 5364        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:27:05.0242 5364        Ndisuio - ok

20:27:05.0276 5364        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:27:05.0336 5364        NdisWan - ok

20:27:05.0368 5364        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:27:05.0409 5364        NDProxy - ok

20:27:05.0429 5364        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:27:05.0478 5364        NetBIOS - ok

20:27:05.0523 5364        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:27:05.0583 5364        netbt - ok

20:27:05.0617 5364        Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

20:27:05.0641 5364        Netlogon - ok

20:27:05.0684 5364        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

20:27:05.0775 5364        Netman - ok

20:27:05.0906 5364        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:27:05.0935 5364        NetMsmqActivator - ok

20:27:05.0941 5364        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:27:05.0963 5364        NetPipeActivator - ok

20:27:06.0004 5364        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

20:27:06.0066 5364        netprofm - ok

20:27:06.0073 5364        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:27:06.0095 5364        NetTcpActivator - ok

20:27:06.0106 5364        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:27:06.0127 5364        NetTcpPortSharing - ok

20:27:06.0533 5364        NETw5v32        (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys

20:27:06.0836 5364        NETw5v32 - ok

20:27:06.0983 5364        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:27:07.0002 5364        nfrd960 - ok

20:27:07.0051 5364        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

20:27:07.0118 5364        NlaSvc - ok

20:27:07.0153 5364        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

20:27:07.0202 5364        Npfs - ok

20:27:07.0219 5364        npggsvc - ok

20:27:07.0244 5364        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

20:27:07.0298 5364        nsi - ok

20:27:07.0316 5364        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:27:07.0387 5364        nsiproxy - ok

20:27:07.0525 5364        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:27:07.0624 5364        Ntfs - ok

20:27:07.0729 5364        NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

20:27:07.0745 5364        NTIBackupSvc - ok

20:27:07.0786 5364        NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

20:27:07.0799 5364        NTIDrvr - ok

20:27:07.0823 5364        NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

20:27:07.0838 5364        NTISchedulerSvc - ok

20:27:07.0868 5364        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:27:07.0954 5364        ntrigdigi - ok

20:27:07.0982 5364        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:27:08.0052 5364        Null - ok

20:27:08.0946 5364        nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:27:09.0559 5364        nvlddmkm - ok

20:27:09.0764 5364        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

20:27:09.0785 5364        nvraid - ok

20:27:09.0815 5364        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

20:27:09.0831 5364        nvstor - ok

20:27:09.0969 5364        nvsvc           (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe

20:27:10.0045 5364        nvsvc - ok

20:27:10.0297 5364        nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

20:27:10.0450 5364        nvUpdatusService - ok

20:27:10.0592 5364        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

20:27:10.0613 5364        nv_agp - ok

20:27:10.0619 5364        NwlnkFlt - ok

20:27:10.0627 5364        NwlnkFwd - ok

20:27:10.0777 5364        odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:27:10.0836 5364        odserv - ok

20:27:10.0870 5364        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

20:27:10.0950 5364        ohci1394 - ok

20:27:10.0994 5364        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:27:11.0026 5364        ose - ok

20:27:11.0114 5364        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:27:11.0202 5364        p2pimsvc - ok

20:27:11.0222 5364        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:27:11.0261 5364        p2psvc - ok

20:27:11.0305 5364        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:27:11.0391 5364        Parport - ok

20:27:11.0422 5364        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:27:11.0441 5364        partmgr - ok

20:27:11.0462 5364        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:27:11.0551 5364        Parvdm - ok

20:27:11.0580 5364        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

20:27:11.0646 5364        PcaSvc - ok

20:27:11.0717 5364        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:27:11.0748 5364        pci - ok

20:27:11.0785 5364        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

20:27:11.0803 5364        pciide - ok

20:27:11.0870 5364        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:27:11.0899 5364        pcmcia - ok

20:27:12.0018 5364        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:27:12.0155 5364        PEAUTH - ok

20:27:12.0310 5364        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

20:27:12.0434 5364        pla - ok

20:27:12.0559 5364        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

20:27:12.0614 5364        PlugPlay - ok

20:27:12.0680 5364        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:27:12.0719 5364        PNRPAutoReg - ok

20:27:12.0730 5364        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:27:12.0767 5364        PNRPsvc - ok

20:27:12.0827 5364        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

20:27:12.0896 5364        PolicyAgent - ok

20:27:12.0967 5364        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:27:13.0020 5364        PptpMiniport - ok

20:27:13.0047 5364        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

20:27:13.0110 5364        Processor - ok

20:27:13.0149 5364        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

20:27:13.0209 5364        ProfSvc - ok

20:27:13.0232 5364        ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

20:27:13.0256 5364        ProtectedStorage - ok

20:27:13.0286 5364        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:27:13.0335 5364        PSched - ok

20:27:13.0449 5364        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

20:27:13.0615 5364        ql2300 - ok

20:27:13.0647 5364        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:27:13.0678 5364        ql40xx - ok

20:27:13.0740 5364        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

20:27:13.0838 5364        QWAVE - ok

20:27:13.0864 5364        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:27:13.0887 5364        QWAVEdrv - ok

20:27:13.0910 5364        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:27:13.0966 5364        RasAcd - ok

20:27:13.0988 5364        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

20:27:14.0088 5364        RasAuto - ok

20:27:14.0103 5364        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:27:14.0160 5364        Rasl2tp - ok

20:27:14.0207 5364        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

20:27:14.0272 5364        RasMan - ok

20:27:14.0310 5364        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:27:14.0347 5364        RasPppoe - ok

20:27:14.0420 5364        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:27:14.0442 5364        RasSstp - ok

20:27:14.0491 5364        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:27:14.0562 5364        rdbss - ok

20:27:14.0596 5364        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:27:14.0653 5364        RDPCDD - ok

20:27:14.0697 5364        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

20:27:14.0752 5364        rdpdr - ok

20:27:14.0760 5364        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:27:14.0816 5364        RDPENCDD - ok

20:27:14.0854 5364        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:27:14.0921 5364        RDPWD - ok

20:27:14.0979 5364        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

20:27:15.0045 5364        RemoteAccess - ok

20:27:15.0089 5364        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

20:27:15.0126 5364        RemoteRegistry - ok

20:27:15.0157 5364        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

20:27:15.0195 5364        RpcLocator - ok

20:27:15.0265 5364        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

20:27:15.0313 5364        RpcSs - ok

20:27:15.0352 5364        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:27:15.0435 5364        rspndr - ok

20:27:15.0534 5364        RS_Service      (8e250687e5f020cd337cc9d8252c0b56) C:\Program Files\Acer\Acer VCM\RS_Service.exe

20:27:15.0569 5364        RS_Service ( UnsignedFile.Multi.Generic ) - warning

20:27:15.0569 5364        RS_Service - detected UnsignedFile.Multi.Generic (1)

20:27:15.0600 5364        RTSTOR          (05ff3c3100f163558e37d0a975bef05c) C:\Windows\system32\drivers\RTSTOR.SYS

20:27:15.0698 5364        RTSTOR - ok

20:27:15.0778 5364        SamSs           (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

20:27:15.0802 5364        SamSs - ok

20:27:15.0852 5364        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:27:15.0869 5364        sbp2port - ok

20:27:15.0907 5364        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

20:27:15.0957 5364        SCardSvr - ok

20:27:16.0024 5364        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

20:27:16.0128 5364        Schedule - ok

20:27:16.0166 5364        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

20:27:16.0201 5364        SCPolicySvc - ok

20:27:16.0236 5364        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

20:27:16.0303 5364        SDRSVC - ok

20:27:16.0410 5364        SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\Sven  Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

20:27:16.0418 5364        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning

20:27:16.0419 5364        SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)

20:27:16.0452 5364        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:27:16.0544 5364        secdrv - ok

20:27:16.0572 5364        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

20:27:16.0620 5364        seclogon - ok

20:27:16.0641 5364        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

20:27:16.0700 5364        SENS - ok

20:27:16.0728 5364        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:27:16.0801 5364        Serenum - ok

20:27:16.0836 5364        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:27:16.0917 5364        Serial - ok

20:27:16.0950 5364        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:27:16.0994 5364        sermouse - ok

20:27:17.0041 5364        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

20:27:17.0097 5364        SessionEnv - ok

20:27:17.0130 5364        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

20:27:17.0162 5364        sffdisk - ok

20:27:17.0191 5364        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

20:27:17.0251 5364        sffp_mmc - ok

20:27:17.0268 5364        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

20:27:17.0319 5364        sffp_sd - ok

20:27:17.0348 5364        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:27:17.0444 5364        sfloppy - ok

20:27:17.0488 5364        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

20:27:17.0562 5364        SharedAccess - ok

20:27:17.0620 5364        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

20:27:17.0686 5364        ShellHWDetection - ok

20:27:17.0714 5364        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

20:27:17.0731 5364        sisagp - ok

20:27:17.0752 5364        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

20:27:17.0768 5364        SiSRaid2 - ok

20:27:17.0791 5364        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

20:27:17.0809 5364        SiSRaid4 - ok

20:27:17.0923 5364        SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

20:27:17.0941 5364        SkypeUpdate - ok

20:27:18.0227 5364        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

20:27:18.0488 5364        slsvc - ok

20:27:18.0625 5364        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

20:27:18.0661 5364        SLUINotify - ok

20:27:18.0713 5364        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:27:18.0749 5364        Smb - ok

20:27:18.0781 5364        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

20:27:18.0804 5364        SNMPTRAP - ok

20:27:18.0842 5364        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:27:18.0861 5364        spldr - ok

20:27:18.0893 5364        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

20:27:18.0933 5364        Spooler - ok

20:27:19.0009 5364        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

20:27:19.0009 5364        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

20:27:19.0025 5364        sptd ( LockedFile.Multi.Generic ) - warning

20:27:19.0025 5364        sptd - detected LockedFile.Multi.Generic (1)

20:27:19.0135 5364        SQLBrowser      (5673e79bbb62a4c35b10d821ff1b4aca) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

20:27:19.0164 5364        SQLBrowser - ok

20:27:19.0218 5364        SQLWriter       (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

20:27:19.0233 5364        SQLWriter - ok

20:27:19.0284 5364        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:27:19.0330 5364        srv - ok

20:27:19.0373 5364        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:27:19.0454 5364        srv2 - ok

20:27:19.0491 5364        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:27:19.0514 5364        srvnet - ok

20:27:19.0566 5364        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys

20:27:19.0592 5364        ssadbus - ok

20:27:19.0631 5364        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys

20:27:19.0652 5364        ssadmdfl - ok

20:27:19.0685 5364        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys

20:27:19.0720 5364        ssadmdm - ok

20:27:19.0760 5364        sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys

20:27:19.0775 5364        sscdbus - ok

20:27:19.0813 5364        sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys

20:27:19.0824 5364        sscdmdfl - ok

20:27:19.0868 5364        sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys

20:27:19.0895 5364        sscdmdm - ok

20:27:19.0933 5364        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

20:27:20.0009 5364        SSDPSRV - ok

20:27:20.0047 5364        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

20:27:20.0060 5364        ssmdrv - ok

20:27:20.0088 5364        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

20:27:20.0124 5364        SstpSvc - ok

20:27:20.0216 5364        Steam Client Service - ok

20:27:20.0303 5364        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

20:27:20.0374 5364        stisvc - ok

20:27:20.0405 5364        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:27:20.0422 5364        swenum - ok

20:27:20.0478 5364        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

20:27:20.0558 5364        swprv - ok

20:27:20.0582 5364        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:27:20.0598 5364        Symc8xx - ok

20:27:20.0621 5364        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:27:20.0637 5364        Sym_hi - ok

20:27:20.0671 5364        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:27:20.0689 5364        Sym_u3 - ok

20:27:20.0763 5364        SynTP           (60cd166ae4261920b4008a1a114ae97c) C:\Windows\system32\DRIVERS\SynTP.sys

20:27:20.0801 5364        SynTP - ok

20:27:20.0870 5364        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

20:27:20.0945 5364        SysMain - ok

20:27:20.0976 5364        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

20:27:21.0020 5364        TabletInputService - ok

20:27:21.0066 5364        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

20:27:21.0133 5364        TapiSrv - ok

20:27:21.0152 5364        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

20:27:21.0210 5364        TBS - ok

20:27:21.0305 5364        Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

20:27:21.0392 5364        Tcpip - ok

20:27:21.0411 5364        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

20:27:21.0462 5364        Tcpip6 - ok

20:27:21.0523 5364        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

20:27:21.0564 5364        tcpipreg - ok

20:27:21.0599 5364        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:27:21.0645 5364        TDPIPE - ok

20:27:21.0675 5364        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:27:21.0721 5364        TDTCP - ok

20:27:21.0761 5364        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

20:27:21.0796 5364        tdx - ok

20:27:21.0882 5364        TeamViewer5     (f252f1cda97cf43db25c5d0b19228755) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

20:27:21.0899 5364        TeamViewer5 - ok

20:27:21.0929 5364        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:27:21.0949 5364        TermDD - ok

20:27:22.0009 5364        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

20:27:22.0088 5364        TermService - ok

20:27:22.0141 5364        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

20:27:22.0170 5364        Themes - ok

20:27:22.0202 5364        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:27:22.0250 5364        THREADORDER - ok

20:27:22.0288 5364        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

20:27:22.0334 5364        TrkWks - ok

20:27:22.0371 5364        TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys

20:27:22.0387 5364        TrojanKillerDriver - ok

20:27:22.0453 5364        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

20:27:22.0502 5364        TrustedInstaller - ok

20:27:22.0552 5364        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:27:22.0633 5364        tssecsrv - ok

20:27:22.0670 5364        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:27:22.0708 5364        tunmp - ok

20:27:22.0737 5364        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

20:27:22.0761 5364        tunnel - ok

20:27:22.0788 5364        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

20:27:22.0805 5364        uagp35 - ok

20:27:22.0834 5364        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

20:27:22.0847 5364        UBHelper - ok

20:27:22.0887 5364        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:27:22.0934 5364        udfs - ok

20:27:22.0986 5364        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

20:27:23.0031 5364        UI0Detect - ok

20:27:23.0056 5364        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

20:27:23.0073 5364        uliagpkx - ok

20:27:23.0128 5364        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

20:27:23.0164 5364        uliahci - ok

20:27:23.0200 5364        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:27:23.0221 5364        UlSata - ok

20:27:23.0258 5364        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:27:23.0277 5364        ulsata2 - ok

20:27:23.0305 5364        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:27:23.0349 5364        umbus - ok

20:27:23.0389 5364        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

20:27:23.0468 5364        upnphost - ok

20:27:23.0533 5364        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:27:23.0560 5364        USBAAPL - ok

20:27:23.0624 5364        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

20:27:23.0684 5364        usbaudio - ok

20:27:23.0722 5364        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:27:23.0775 5364        usbccgp - ok

20:27:23.0818 5364        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:27:23.0905 5364        usbcir - ok

20:27:23.0935 5364        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:27:23.0989 5364        usbehci - ok

20:27:24.0037 5364        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:27:24.0083 5364        usbhub - ok

20:27:24.0115 5364        USBIO           (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys

20:27:24.0122 5364        USBIO ( UnsignedFile.Multi.Generic ) - warning

20:27:24.0122 5364        USBIO - detected UnsignedFile.Multi.Generic (1)

20:27:24.0142 5364        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:27:24.0220 5364        usbohci - ok

20:27:24.0263 5364        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

20:27:24.0324 5364        usbprint - ok

20:27:24.0383 5364        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

20:27:24.0437 5364        usbscan - ok

20:27:24.0459 5364        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:27:24.0496 5364        USBSTOR - ok

20:27:24.0529 5364        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:27:24.0563 5364        usbuhci - ok

20:27:24.0593 5364        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

20:27:24.0661 5364        usbvideo - ok

20:27:24.0714 5364        usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

20:27:24.0748 5364        usb_rndisx - ok

20:27:24.0780 5364        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

20:27:24.0816 5364        UxSms - ok

20:27:24.0874 5364        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

20:27:24.0925 5364        vds - ok

20:27:24.0953 5364        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

20:27:25.0024 5364        vga - ok

20:27:25.0084 5364        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:27:25.0144 5364        VgaSave - ok

20:27:25.0168 5364        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

20:27:25.0186 5364        viaagp - ok

20:27:25.0212 5364        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

20:27:25.0255 5364        ViaC7 - ok

20:27:25.0285 5364        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

20:27:25.0301 5364        viaide - ok

20:27:25.0327 5364        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:27:25.0345 5364        volmgr - ok

20:27:25.0391 5364        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:27:25.0432 5364        volmgrx - ok

20:27:25.0496 5364        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:27:25.0551 5364        volsnap - ok

20:27:25.0598 5364        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

20:27:25.0630 5364        vsmraid - ok

20:27:25.0756 5364        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

20:27:25.0876 5364        VSS - ok

20:27:25.0946 5364        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

20:27:26.0004 5364        W32Time - ok

20:27:26.0107 5364        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:27:26.0186 5364        WacomPen - ok

20:27:26.0229 5364        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:27:26.0263 5364        Wanarp - ok

20:27:26.0268 5364        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:27:26.0303 5364        Wanarpv6 - ok

20:27:26.0353 5364        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

20:27:26.0413 5364        wcncsvc - ok

20:27:26.0452 5364        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

20:27:26.0506 5364        WcsPlugInService - ok

20:27:26.0542 5364        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

20:27:26.0559 5364        Wd - ok

20:27:26.0616 5364        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:27:26.0651 5364        Wdf01000 - ok

20:27:26.0679 5364        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:27:26.0753 5364        WdiServiceHost - ok

20:27:26.0758 5364        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:27:26.0805 5364        WdiSystemHost - ok

20:27:26.0842 5364        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

20:27:26.0889 5364        WebClient - ok

20:27:26.0933 5364        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

20:27:26.0983 5364        Wecsvc - ok

20:27:27.0012 5364        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

20:27:27.0089 5364        wercplsupport - ok

20:27:27.0131 5364        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

20:27:27.0219 5364        WerSvc - ok

20:27:27.0332 5364        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

20:27:27.0383 5364        WinDefend - ok

20:27:27.0398 5364        WinHttpAutoProxySvc - ok

20:27:27.0467 5364        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

20:27:27.0517 5364        Winmgmt - ok

20:27:27.0638 5364        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

20:27:27.0737 5364        WinRM - ok

20:27:27.0818 5364        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

20:27:27.0941 5364        Wlansvc - ok

20:27:28.0034 5364        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:27:28.0078 5364        WmiAcpi - ok

20:27:28.0152 5364        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

20:27:28.0199 5364        wmiApSrv - ok

20:27:28.0371 5364        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:27:28.0471 5364        WMPNetworkSvc - ok

20:27:28.0518 5364        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

20:27:28.0584 5364        WPCSvc - ok

20:27:28.0633 5364        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

20:27:28.0681 5364        WPDBusEnum - ok

20:27:28.0748 5364        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

20:27:28.0770 5364        WpdUsb - ok

20:27:28.0956 5364        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:27:28.0993 5364        WPFFontCache_v0400 - ok

20:27:29.0020 5364        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:27:29.0065 5364        ws2ifsl - ok

20:27:29.0101 5364        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

20:27:29.0138 5364        wscsvc - ok

20:27:29.0149 5364        WSearch - ok

20:27:29.0326 5364        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

20:27:29.0449 5364        wuauserv - ok

20:27:29.0606 5364        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:27:29.0674 5364        WUDFRd - ok

20:27:29.0720 5364        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

20:27:29.0789 5364        wudfsvc - ok

20:27:29.0799 5364        XDva375 - ok

20:27:29.0889 5364        ZTEusbmdm6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

20:27:29.0942 5364        ZTEusbmdm6k - ok

20:27:29.0978 5364        ZTEusbnet       (b7836ca4a95e12135e7e49fec9c29f2a) C:\Windows\system32\DRIVERS\ZTEusbnet.sys

20:27:30.0032 5364        ZTEusbnet - ok

20:27:30.0096 5364        ZTEusbnmea      (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

20:27:30.0121 5364        ZTEusbnmea - ok

20:27:30.0196 5364        ZTEusbser6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

20:27:30.0219 5364        ZTEusbser6k - ok

20:27:30.0261 5364        ZTEusbvoice     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys

20:27:30.0298 5364        ZTEusbvoice - ok

20:27:30.0349 5364        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:27:30.0563 5364        \Device\Harddisk0\DR0 - ok

20:27:30.0569 5364        Boot (0x1200)   (eab22d29d3c5db4dacedf6554dbfbff6) \Device\Harddisk0\DR0\Partition0

20:27:30.0572 5364        \Device\Harddisk0\DR0\Partition0 - ok

20:27:30.0573 5364        ============================================================

20:27:30.0573 5364        Scan finished

20:27:30.0573 5364        ============================================================

20:27:30.0597 5360        Detected object count: 6

20:27:30.0597 5360        Actual detected object count: 6

20:27:34.0626 5360        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:27:34.0626 5360        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:27:34.0627 5360        int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user

20:27:34.0627 5360        int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:27:34.0627 5360        RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:27:34.0627 5360        RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:27:34.0628 5360        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user

20:27:34.0628 5360        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:27:34.0628 5360        sptd ( LockedFile.Multi.Generic ) - skipped by user

20:27:34.0628 5360        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

20:27:34.0631 5360        USBIO ( UnsignedFile.Multi.Generic ) - skipped by user

20:27:34.0632 5360        USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip