Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Live Security Platinum auf Notebook (https://www.trojaner-board.de/120429-live-security-platinum-notebook.html)

Anna_Lena 25.07.2012 23:03

Live Security Platinum auf Notebook
 
Liebe Trojanerboard Community,

vorweg: Super Anlaufstelle.

Zum Thema: Mein Notebook ist abgestürzt. Beim Neustarten ist der Virus aufgetreten. Die Symptome waren etwa so wie hier beschrieben: http://www.trojaner-board.de/116774-...entfernen.html

Zunächst habe ich mir versucht durch googlen eine Lösung zu finden. Dabei bin ich auf diesen Forumseintrag von euch gestoßen und habe die Schritte wie dort beschrieben befolgt. Ohne Erfolg. http://www.trojaner-board.de/119769-...num-virus.html

Als nächstes habe ich folgende Seite gefunden und versucht den Schritten zu folgen:
http://www.trojaner-board.de/116774-...entfernen.html

Abgesicherter Modus und Fix Exe habe ich noch hin bekommen. Danach war ich mir unsicher. Muss man die Schritte "Falsche Proxy Einstellungen entfernen" und den "Malewarescanner" auch im abgesicherten Modus machen? Auf die Internetoptionen konnte ich im abgesicherten Modus nicht zugreifen.
Ich bin mir nicht sicher, ob ich die bisher durchgeführten Maßnahmen überhaupt hätte machen sollen. Einerseits stand in den Forumsregeln zwar, dass man nach vergleichbaren Problemen suchen soll. Andererseits habe ich auch gelesen, dass jedes Problem eine individuelle Lösung braucht.

Anyway: Ich habe jetzt versucht die Schritte für einen eigenen Thread zu befolgen. Bevor der Log kommt noch eine Schwierigkeiten, die aufgetreten ist. Bei Gmer kam kurz vor Abschluss des scans die Meldung. "Warning!!! GMER has found system..." In der Anleitung stand, dass man "no" klicken soll. Man konnte aber nur "ok" drücken, weshalb ich das Fenster mit "x" geschlossen habe. War das richtig?

Hier die Otltext direkt in den Threat und die anderen im Anhang.

OTL logfile created on: 25.07.2012 23:35:49 - Run 3
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,42% Memory free
6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 4,21 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012.07.20 08:56:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 11:31:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\kxldapob.sys -- (kxldapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.25 22:35:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl6c41988e.sys -- (MpKsl6c41988e)
DRV - [2012.06.06 09:08:25 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.05.20 16:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009.06.16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.29 10:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.06.12 09:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.22 10:20:48 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]

[2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [036DFF980009EDE70303F3072F3B707C] C:\ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.25 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otl
[2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C
[2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Oppa
[2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Erxu
[2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Acyhz
[2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4
[2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll
[2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll
[2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll
[2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten
[2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll
[2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance
[2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited
[2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
[2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe

========== Files - Modified Within 30 Days ==========

[2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2012.07.25 23:28:16 | 005,649,446 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.25 23:28:16 | 002,169,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.25 23:28:16 | 001,777,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.25 23:28:16 | 001,613,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.25 23:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 23:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 23:00:35 | 000,000,705 | ---- | M] () -- C:\Users\User\Desktop\Gmer.text
[2012.07.25 22:35:47 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\ghgxs2i6.exe
[2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.07.25 22:20:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.25 22:07:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.07.25 22:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 22:07:05 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012.07.25 21:49:05 | 000,000,335 | ---- | M] () -- C:\Users\User\Desktop\FixExe.reg
[2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job
[2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 21:04:00 | 000,001,970 | ---- | M] () -- C:\Users\User\Desktop\Live Security Platinum.lnk
[2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

========== Files Created - No Company Name ==========

[2012.07.25 23:00:34 | 000,000,705 | ---- | C] () -- C:\Users\User\Desktop\Gmer.text
[2012.07.25 22:35:46 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\ghgxs2i6.exe
[2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.07.25 22:20:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.25 22:07:05 | 3217,522,688 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.25 21:49:04 | 000,000,335 | ---- | C] () -- C:\Users\User\Desktop\FixExe.reg
[2012.07.25 21:05:07 | 000,001,712 | ---- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\U\00000001.@
[2012.07.25 21:04:00 | 000,001,970 | ---- | C] () -- C:\Users\User\Desktop\Live Security Platinum.lnk
[2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi
[2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk
[2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk
[2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk
[2012.02.12 15:01:14 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\@
[2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps
[2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk
[2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk
[2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi
[2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acyhz
[2012.07.01 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited
[2012.07.15 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ControlCenter4
[2012.06.06 10:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.04.25 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations
[2012.07.25 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Erxu
[2012.02.13 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer
[2012.05.06 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2012.02.11 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2012.04.25 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2012.07.15 12:31:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance
[2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oppa
[2012.04.17 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.05.15 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\supertuxkart
[2012.02.13 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.03 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone
[2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.07.25 22:00:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job

========== Purity Check ==========



< End of report >

Chris4You 26.07.2012 07:00

Hi,

da läuft nicht nur Live-Security sondern auch ein Rootkit (ZAccess) bei Dir...
Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:


:OTL
O4 - HKCU..\RunOnce: [036DFF980009EDE70303F3072F3B707C] C:\ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe ()
[2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C
[2012.07.25 21:05:07 | 000,001,712 | ---- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\U\00000001.@
[2012.02.12 15:01:14 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\@
[2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acyhz
[2012.07.25 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Erxu
[2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oppa

:Commands
[emptytemp]
[Reboot]

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Versuche jetzt die Interneteinstellungen im normalen Modus wieder hinzubiegen.

Dann installiere MAM, Update und Fullscan!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Erstelle und poste nach dem Reboot ein neues OTL-Log!

chris

Anna_Lena 26.07.2012 09:28

Hallo Chris,

vielen Dank für deine schnelle Hilfe. Eine Frage noch zur Durchführung: Soll ich den Otl fix und das Maleware im abgesicherten Modus machen? Und sollte die Internetverbindung dabei gekappt sein?

lg

Chris4You 26.07.2012 11:10

Hi,

abgesicherter Modus ist OK, vor der Trennung vom Internet MAM updaten, dann Offline gehen...

chris

Anna_Lena 26.07.2012 11:47

Hallo Chris,

nochmal vielen Dank. Also ich habe das mit Otl gemacht. Das hat offensichtlich auch dazu geführt, dass der Virus beim Start nicht mehr erscheint. Super! Jetzt wollte ich noch Malewarebytes und Combofix machen. Du hast ja geschrieben, dass durch Combofix das System möglicherweise irreparabel geschädigt werden kann. Das wäre eine Katastrophe für mich. Im Moment habe ich auch keine Möglichkeit das ganze Zeug zu irgendwie zu sichern. Wie hoch ist die Wahrscheinlichkeit, dass ich mein Notebokk damit zerstöre? Muss ich Combofix unbedingt machen?

Lg

Chris4You 26.07.2012 12:38

Hi,

normalerweise passiert nichts, dieses Jahr noch garnicht. Etwa so alle 1.000-2.000 Einsätze verhaken sich Malware und CF, das der Rechner über Reperaturkonsole wiederhergestellt werden kann. Ein einzigstes mal in ca. 4 Jahren musste Windows komplett neu installiert werden (das System war allerdings auch hochgradig verseucht).

Lass MAM laufen und den Killer:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris

Anna_Lena 26.07.2012 12:45

Hey,

TDSS statt Combofix oder beide?

lg

Chris4You 26.07.2012 12:49

Hi,

wir verzichten erstmal auf CF, wie geschrieben MAM und den Killer...

chris

Anna_Lena 26.07.2012 14:47

Hey Chris,

also bis jetzt habe ich den Otl-fix gemacht und den Maleware. Nach subjektiver Einschätzung mit Erfolg.:dankeschoen: Hat aber auch einiges gefunden. Ein Log hier und einer im Anhang. Jetzt instaliere ich noch den tdss und mache das auch noch.

Hier der Log von Maleware aus dem abgesicherten Modus, offline und als Administrator ausgeführt:


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.11

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
User :: USER-PC [Administrator]

Schutz: Deaktiviert

26.07.2012 14:26:24
mbam-log-2012-07-26 (14-26-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306201
Laufzeit: 39 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\n (RootKit.0Access) -> Löschen bei Neustart.
C:\_OTL\MovedFiles\07262012_122313\C_ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07262012_122313\C_Users\User\AppData\Roaming\Acyhz\ebup.exe (Spyware.Zbot.RR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Lg

Chris4You 26.07.2012 14:59

Hi,

erstelle und poste dann auch noch ein neues OTL-Log...

chris

Anna_Lena 26.07.2012 15:17

15:55:36.0536 2308 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:55:36.0783 2308 ============================================================
15:55:36.0783 2308 Current date / time: 2012/07/26 15:55:36.0783
15:55:36.0783 2308 SystemInfo:
15:55:36.0783 2308
15:55:36.0783 2308 OS Version: 6.0.6002 ServicePack: 2.0
15:55:36.0783 2308 Product type: Workstation
15:55:36.0783 2308 ComputerName: USER-PC
15:55:36.0783 2308 UserName: User
15:55:36.0783 2308 Windows directory: C:\Windows
15:55:36.0784 2308 System windows directory: C:\Windows
15:55:36.0784 2308 Processor architecture: Intel x86
15:55:36.0784 2308 Number of processors: 2
15:55:36.0784 2308 Page size: 0x1000
15:55:36.0784 2308 Boot type: Normal boot
15:55:36.0784 2308 ============================================================
15:55:38.0047 2308 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:38.0049 2308 ============================================================
15:55:38.0049 2308 \Device\Harddisk0\DR0:
15:55:38.0050 2308 MBR partitions:
15:55:38.0050 2308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0xC350000
15:55:38.0050 2308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC387000, BlocksNum 0x10E3E000
15:55:38.0050 2308 ============================================================
15:55:38.0078 2308 C: <-> \Device\Harddisk0\DR0\Partition0
15:55:38.0125 2308 D: <-> \Device\Harddisk0\DR0\Partition1
15:55:38.0126 2308 ============================================================
15:55:38.0126 2308 Initialize success
15:55:38.0126 2308 ============================================================
15:56:35.0651 2480 ============================================================
15:56:35.0651 2480 Scan started
15:56:35.0651 2480 Mode: Manual; SigCheck; TDLFS;
15:56:35.0651 2480 ============================================================
15:56:36.0368 2480 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:56:36.0477 2480 ACPI - ok
15:56:36.0555 2480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:36.0571 2480 AdobeARMservice - ok
15:56:36.0696 2480 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:36.0711 2480 AdobeFlashPlayerUpdateSvc - ok
15:56:36.0805 2480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:56:36.0821 2480 adp94xx - ok
15:56:36.0867 2480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:56:36.0883 2480 adpahci - ok
15:56:36.0914 2480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:56:36.0930 2480 adpu160m - ok
15:56:36.0961 2480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:56:36.0977 2480 adpu320 - ok
15:56:37.0023 2480 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:56:37.0101 2480 AeLookupSvc - ok
15:56:37.0195 2480 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:56:37.0242 2480 AFD - ok
15:56:37.0289 2480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:56:37.0304 2480 agp440 - ok
15:56:37.0320 2480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:56:37.0335 2480 aic78xx - ok
15:56:37.0351 2480 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:56:37.0460 2480 ALG - ok
15:56:37.0491 2480 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:56:37.0507 2480 aliide - ok
15:56:37.0554 2480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:56:37.0569 2480 amdagp - ok
15:56:37.0585 2480 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:56:37.0601 2480 amdide - ok
15:56:37.0616 2480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:56:37.0647 2480 AmdK7 - ok
15:56:37.0663 2480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:56:37.0694 2480 AmdK8 - ok
15:56:37.0741 2480 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:56:37.0772 2480 Appinfo - ok
15:56:37.0835 2480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:56:37.0835 2480 arc - ok
15:56:37.0866 2480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:56:37.0881 2480 arcsas - ok
15:56:37.0897 2480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:37.0928 2480 AsyncMac - ok
15:56:37.0944 2480 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:56:37.0959 2480 atapi - ok
15:56:38.0053 2480 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:56:38.0100 2480 AudioEndpointBuilder - ok
15:56:38.0115 2480 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:56:38.0131 2480 Audiosrv - ok
15:56:38.0303 2480 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:56:38.0396 2480 BCM43XX - ok
15:56:38.0474 2480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:56:38.0537 2480 Beep - ok
15:56:38.0615 2480 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:56:38.0646 2480 BFE - ok
15:56:38.0677 2480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:56:38.0708 2480 blbdrive - ok
15:56:38.0755 2480 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:56:38.0802 2480 bowser - ok
15:56:38.0833 2480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:56:38.0864 2480 BrFiltLo - ok
15:56:38.0880 2480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:56:38.0911 2480 BrFiltUp - ok
15:56:38.0942 2480 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:56:38.0973 2480 Browser - ok
15:56:38.0989 2480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:56:39.0176 2480 Brserid - ok
15:56:39.0223 2480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:56:39.0285 2480 BrSerWdm - ok
15:56:39.0301 2480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:56:39.0363 2480 BrUsbMdm - ok
15:56:39.0379 2480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:56:39.0410 2480 BrUsbSer - ok
15:56:39.0519 2480 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
15:56:39.0535 2480 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
15:56:39.0535 2480 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
15:56:39.0566 2480 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:56:39.0613 2480 BTHMODEM - ok
15:56:39.0660 2480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:56:39.0707 2480 cdfs - ok
15:56:39.0722 2480 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:56:39.0753 2480 cdrom - ok
15:56:39.0769 2480 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:56:39.0800 2480 CertPropSvc - ok
15:56:39.0831 2480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:56:39.0878 2480 circlass - ok
15:56:39.0987 2480 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:56:40.0003 2480 CLFS - ok
15:56:40.0097 2480 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:40.0097 2480 clr_optimization_v2.0.50727_32 - ok
15:56:40.0299 2480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:40.0315 2480 clr_optimization_v4.0.30319_32 - ok
15:56:40.0362 2480 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:40.0393 2480 CmBatt - ok
15:56:40.0424 2480 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:56:40.0440 2480 cmdide - ok
15:56:40.0455 2480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:56:40.0471 2480 Compbatt - ok
15:56:40.0471 2480 COMSysApp - ok
15:56:40.0487 2480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:56:40.0487 2480 crcdisk - ok
15:56:40.0518 2480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:56:40.0549 2480 Crusoe - ok
15:56:40.0611 2480 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:56:40.0658 2480 CryptSvc - ok
15:56:40.0767 2480 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:56:40.0799 2480 DcomLaunch - ok
15:56:40.0861 2480 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:56:40.0892 2480 DfsC - ok
15:56:41.0189 2480 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:56:41.0313 2480 DFSR - ok
15:56:41.0485 2480 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:56:41.0532 2480 Dhcp - ok
15:56:41.0594 2480 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:56:41.0610 2480 disk - ok
15:56:41.0672 2480 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:56:41.0703 2480 Dnscache - ok
15:56:41.0750 2480 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:56:41.0781 2480 dot3svc - ok
15:56:41.0797 2480 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:56:41.0844 2480 DPS - ok
15:56:41.0875 2480 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:56:41.0906 2480 drmkaud - ok
15:56:41.0984 2480 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:56:42.0000 2480 dtsoftbus01 - ok
15:56:42.0109 2480 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:56:42.0140 2480 DXGKrnl - ok
15:56:42.0218 2480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:56:42.0265 2480 E1G60 - ok
15:56:42.0296 2480 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:56:42.0327 2480 EapHost - ok
15:56:42.0374 2480 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:56:42.0390 2480 Ecache - ok
15:56:42.0483 2480 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:56:42.0483 2480 ehRecvr - ok
15:56:42.0515 2480 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:56:42.0546 2480 ehSched - ok
15:56:42.0561 2480 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:56:42.0593 2480 ehstart - ok
15:56:42.0671 2480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:56:42.0686 2480 elxstor - ok
15:56:42.0795 2480 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:56:42.0873 2480 EMDMgmt - ok
15:56:42.0905 2480 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
15:56:42.0936 2480 ErrDev - ok
15:56:42.0983 2480 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:56:43.0014 2480 EventSystem - ok
15:56:43.0061 2480 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:56:43.0107 2480 exfat - ok
15:56:43.0154 2480 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:56:43.0170 2480 fastfat - ok
15:56:43.0201 2480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:56:43.0232 2480 fdc - ok
15:56:43.0248 2480 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:56:43.0279 2480 fdPHost - ok
15:56:43.0279 2480 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:56:43.0326 2480 FDResPub - ok
15:56:43.0357 2480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:56:43.0357 2480 FileInfo - ok
15:56:43.0388 2480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:56:43.0404 2480 Filetrace - ok
15:56:43.0435 2480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:43.0466 2480 flpydisk - ok
15:56:43.0497 2480 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:56:43.0529 2480 FltMgr - ok
15:56:43.0685 2480 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:56:43.0716 2480 FontCache - ok
15:56:43.0825 2480 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:56:43.0825 2480 FontCache3.0.0.0 - ok
15:56:43.0872 2480 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:56:43.0919 2480 Fs_Rec - ok
15:56:43.0950 2480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:56:43.0965 2480 gagp30kx - ok
15:56:44.0059 2480 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:56:44.0121 2480 gpsvc - ok
15:56:44.0262 2480 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:56:44.0277 2480 gupdate - ok
15:56:44.0277 2480 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:56:44.0293 2480 gupdatem - ok
15:56:44.0355 2480 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:56:44.0402 2480 HdAudAddService - ok
15:56:44.0496 2480 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:56:44.0543 2480 HDAudBus - ok
15:56:44.0589 2480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:56:44.0636 2480 HidBth - ok
15:56:44.0667 2480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:56:44.0714 2480 HidIr - ok
15:56:44.0730 2480 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:56:44.0745 2480 hidserv - ok
15:56:44.0777 2480 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:56:44.0808 2480 HidUsb - ok
15:56:44.0839 2480 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:56:44.0870 2480 hkmsvc - ok
15:56:44.0886 2480 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
15:56:44.0901 2480 HpCISSs - ok
15:56:44.0979 2480 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:56:45.0026 2480 HTTP - ok
15:56:45.0073 2480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:56:45.0089 2480 i2omp - ok
15:56:45.0120 2480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:56:45.0167 2480 i8042prt - ok
15:56:45.0198 2480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:56:45.0213 2480 iaStorV - ok
15:56:45.0354 2480 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:56:45.0416 2480 idsvc - ok
15:56:45.0432 2480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:56:45.0432 2480 iirsp - ok
15:56:45.0588 2480 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:56:45.0713 2480 IKEEXT - ok
15:56:45.0728 2480 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:56:45.0744 2480 intelide - ok
15:56:45.0759 2480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:56:45.0806 2480 intelppm - ok
15:56:45.0853 2480 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:56:45.0915 2480 IPBusEnum - ok
15:56:45.0931 2480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:45.0962 2480 IpFilterDriver - ok
15:56:46.0025 2480 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:56:46.0056 2480 iphlpsvc - ok
15:56:46.0071 2480 IpInIp - ok
15:56:46.0103 2480 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
15:56:46.0134 2480 IPMIDRV - ok
15:56:46.0165 2480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:56:46.0181 2480 IPNAT - ok
15:56:46.0227 2480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:56:46.0259 2480 IRENUM - ok
15:56:46.0274 2480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:56:46.0290 2480 isapnp - ok
15:56:46.0352 2480 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:56:46.0368 2480 iScsiPrt - ok
15:56:46.0383 2480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:56:46.0399 2480 iteatapi - ok
15:56:46.0461 2480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:56:46.0477 2480 iteraid - ok
15:56:46.0555 2480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:46.0555 2480 kbdclass - ok
15:56:46.0586 2480 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:46.0602 2480 kbdhid - ok
15:56:46.0680 2480 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:56:46.0695 2480 KeyIso - ok
15:56:46.0883 2480 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
15:56:46.0914 2480 KSecDD - ok
15:56:46.0992 2480 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:56:47.0101 2480 KtmRm - ok
15:56:47.0179 2480 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:56:47.0195 2480 LanmanServer - ok
15:56:47.0257 2480 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:56:47.0288 2480 LanmanWorkstation - ok
15:56:47.0319 2480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:56:47.0335 2480 lltdio - ok
15:56:47.0382 2480 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:56:47.0413 2480 lltdsvc - ok
15:56:47.0429 2480 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:56:47.0475 2480 lmhosts - ok
15:56:47.0491 2480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:56:47.0507 2480 LSI_FC - ok
15:56:47.0522 2480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:56:47.0538 2480 LSI_SAS - ok
15:56:47.0569 2480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:56:47.0585 2480 LSI_SCSI - ok
15:56:47.0616 2480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:56:47.0647 2480 luafv - ok
15:56:47.0709 2480 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
15:56:47.0725 2480 MBAMProtector - ok
15:56:47.0865 2480 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:56:47.0912 2480 MBAMService - ok
15:56:47.0943 2480 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:56:47.0990 2480 Mcx2Svc - ok
15:56:48.0021 2480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:56:48.0037 2480 megasas - ok
15:56:48.0099 2480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:56:48.0131 2480 MegaSR - ok
15:56:48.0162 2480 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:56:48.0193 2480 MMCSS - ok
15:56:48.0209 2480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:56:48.0240 2480 Modem - ok
15:56:48.0271 2480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:56:48.0318 2480 monitor - ok
15:56:48.0333 2480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:56:48.0333 2480 mouclass - ok
15:56:48.0349 2480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:56:48.0396 2480 mouhid - ok
15:56:48.0411 2480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:56:48.0427 2480 MountMgr - ok
15:56:48.0583 2480 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:56:48.0583 2480 MozillaMaintenance - ok
15:56:48.0692 2480 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:56:48.0723 2480 MpFilter - ok
15:56:48.0770 2480 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
15:56:48.0786 2480 mpio - ok
15:56:48.0895 2480 MpKsl2c3be4c9 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl2c3be4c9.sys
15:56:48.0911 2480 MpKsl2c3be4c9 - ok
15:56:48.0942 2480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:56:48.0973 2480 mpsdrv - ok
15:56:49.0035 2480 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:56:49.0082 2480 MpsSvc - ok
15:56:49.0113 2480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:56:49.0129 2480 Mraid35x - ok
15:56:49.0160 2480 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:56:49.0191 2480 MRxDAV - ok
15:56:49.0254 2480 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:49.0285 2480 mrxsmb - ok
15:56:49.0301 2480 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:49.0347 2480 mrxsmb10 - ok
15:56:49.0363 2480 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:49.0394 2480 mrxsmb20 - ok
15:56:49.0441 2480 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:56:49.0457 2480 msahci - ok
15:56:49.0597 2480 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
15:56:49.0613 2480 MSCamSvc - ok
15:56:49.0628 2480 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
15:56:49.0644 2480 msdsm - ok
15:56:49.0706 2480 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:56:49.0753 2480 MSDTC - ok
15:56:49.0815 2480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:56:49.0847 2480 Msfs - ok
15:56:49.0862 2480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:56:49.0878 2480 msisadrv - ok
15:56:49.0909 2480 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:56:49.0940 2480 MSiSCSI - ok
15:56:49.0940 2480 msiserver - ok
15:56:49.0971 2480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:56:50.0003 2480 MSKSSRV - ok
15:56:50.0018 2480 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:56:50.0034 2480 MsMpSvc - ok
15:56:50.0065 2480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:50.0096 2480 MSPCLOCK - ok
15:56:50.0112 2480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:56:50.0143 2480 MSPQM - ok
15:56:50.0174 2480 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:56:50.0190 2480 MsRPC - ok
15:56:50.0205 2480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:56:50.0221 2480 mssmbios - ok
15:56:50.0237 2480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:56:50.0268 2480 MSTEE - ok
15:56:50.0299 2480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:56:50.0315 2480 Mup - ok
15:56:50.0361 2480 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:56:50.0393 2480 napagent - ok
15:56:50.0455 2480 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:56:50.0471 2480 NativeWifiP - ok
15:56:50.0549 2480 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:56:50.0580 2480 NDIS - ok
15:56:50.0595 2480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:50.0611 2480 NdisTapi - ok
15:56:50.0627 2480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:50.0642 2480 Ndisuio - ok
15:56:50.0673 2480 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:50.0705 2480 NdisWan - ok
15:56:50.0736 2480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:56:50.0767 2480 NDProxy - ok
15:56:50.0798 2480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:56:50.0845 2480 NetBIOS - ok
15:56:50.0876 2480 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:56:50.0907 2480 netbt - ok
15:56:50.0954 2480 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:56:50.0970 2480 Netlogon - ok
15:56:51.0017 2480 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:56:51.0063 2480 Netman - ok
15:56:51.0110 2480 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:56:51.0157 2480 netprofm - ok
15:56:51.0219 2480 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:51.0235 2480 NetTcpPortSharing - ok
15:56:51.0266 2480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:56:51.0282 2480 nfrd960 - ok
15:56:51.0344 2480 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:56:51.0344 2480 NisDrv - ok
15:56:51.0500 2480 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
15:56:51.0516 2480 NisSrv - ok
15:56:51.0672 2480 NitroReaderDriverReadSpool2 (a027e499f6a62134d31018b1f77af2ae) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
15:56:51.0672 2480 NitroReaderDriverReadSpool2 - ok
15:56:51.0719 2480 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:56:51.0781 2480 NlaSvc - ok
15:56:51.0828 2480 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
15:56:51.0843 2480 NMSAccessU - ok
15:56:51.0875 2480 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:56:51.0890 2480 Npfs - ok
15:56:51.0906 2480 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:56:51.0921 2480 nsi - ok
15:56:51.0937 2480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:56:51.0968 2480 nsiproxy - ok
15:56:52.0109 2480 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:56:52.0155 2480 Ntfs - ok
15:56:52.0187 2480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:56:52.0218 2480 ntrigdigi - ok
15:56:52.0233 2480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:56:52.0265 2480 Null - ok
15:56:53.0357 2480 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:56:53.0871 2480 nvlddmkm - ok
15:56:54.0059 2480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:56:54.0090 2480 nvraid - ok
15:56:54.0105 2480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:56:54.0137 2480 nvstor - ok
15:56:54.0168 2480 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) C:\Windows\system32\nvvsvc.exe
15:56:54.0199 2480 nvsvc - ok
15:56:54.0230 2480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:56:54.0261 2480 nv_agp - ok
15:56:54.0261 2480 NwlnkFlt - ok
15:56:54.0261 2480 NwlnkFwd - ok
15:56:54.0371 2480 o2flash (bbd5503999f331278db39046888d559c) C:\Windows\system32\DRIVERS\o2flash.exe
15:56:54.0386 2480 o2flash - ok
15:56:54.0402 2480 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\Windows\system32\DRIVERS\o2media.sys
15:56:54.0417 2480 O2MDRDR - ok
15:56:54.0464 2480 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
15:56:54.0495 2480 O2SDRDR - ok
15:56:54.0527 2480 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:56:54.0573 2480 ohci1394 - ok
15:56:54.0683 2480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:54.0698 2480 ose - ok
15:56:55.0213 2480 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:55.0400 2480 osppsvc - ok
15:56:55.0650 2480 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:56:55.0728 2480 p2pimsvc - ok
15:56:55.0728 2480 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:56:55.0759 2480 p2psvc - ok
15:56:55.0837 2480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:56:55.0884 2480 Parport - ok
15:56:55.0931 2480 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:56:55.0946 2480 partmgr - ok
15:56:55.0962 2480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:56:56.0009 2480 Parvdm - ok
15:56:56.0040 2480 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:56:56.0071 2480 PcaSvc - ok
15:56:56.0102 2480 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:56:56.0118 2480 pci - ok
15:56:56.0149 2480 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:56:56.0165 2480 pciide - ok
15:56:56.0196 2480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:56:56.0211 2480 pcmcia - ok
15:56:56.0321 2480 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
15:56:56.0336 2480 PDFProFiltSrvPP - ok
15:56:56.0461 2480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:56:56.0570 2480 PEAUTH - ok
15:56:56.0757 2480 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:56:56.0820 2480 pla - ok
15:56:57.0007 2480 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:56:57.0054 2480 PlugPlay - ok
15:56:57.0225 2480 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:56:57.0272 2480 PNRPAutoReg - ok
15:56:57.0288 2480 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:56:57.0303 2480 PNRPsvc - ok
15:56:57.0397 2480 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:56:57.0428 2480 PolicyAgent - ok
15:56:57.0491 2480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:56:57.0522 2480 PptpMiniport - ok
15:56:57.0537 2480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:56:57.0569 2480 Processor - ok
15:56:57.0615 2480 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:56:57.0631 2480 ProfSvc - ok
15:56:57.0693 2480 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:56:57.0709 2480 ProtectedStorage - ok
15:56:57.0725 2480 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:56:57.0756 2480 PSched - ok
15:56:57.0912 2480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:56:57.0974 2480 ql2300 - ok
15:56:58.0037 2480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:56:58.0037 2480 ql40xx - ok
15:56:58.0083 2480 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:56:58.0115 2480 QWAVE - ok
15:56:58.0130 2480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:56:58.0146 2480 QWAVEdrv - ok
15:56:58.0177 2480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:56:58.0208 2480 RasAcd - ok
15:56:58.0239 2480 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:56:58.0286 2480 RasAuto - ok
15:56:58.0317 2480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:58.0349 2480 Rasl2tp - ok
15:56:58.0380 2480 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:56:58.0411 2480 RasMan - ok
15:56:58.0411 2480 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:58.0442 2480 RasPppoe - ok
15:56:58.0473 2480 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:56:58.0489 2480 RasSstp - ok
15:56:58.0520 2480 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:56:58.0551 2480 rdbss - ok
15:56:58.0567 2480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:58.0598 2480 RDPCDD - ok
15:56:58.0645 2480 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
15:56:58.0661 2480 rdpdr - ok
15:56:58.0661 2480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:56:58.0692 2480 RDPENCDD - ok
15:56:58.0739 2480 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:56:58.0754 2480 RDPWD - ok
15:56:58.0801 2480 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:56:58.0832 2480 RemoteAccess - ok
15:56:58.0879 2480 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:56:58.0895 2480 RemoteRegistry - ok
15:56:58.0910 2480 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:56:58.0926 2480 RpcLocator - ok
15:56:59.0051 2480 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:56:59.0082 2480 RpcSs - ok
15:56:59.0144 2480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:56:59.0207 2480 rspndr - ok
15:56:59.0253 2480 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:56:59.0316 2480 RTL8169 - ok
15:56:59.0347 2480 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:56:59.0363 2480 SamSs - ok
15:56:59.0394 2480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:56:59.0409 2480 sbp2port - ok
15:56:59.0441 2480 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:56:59.0456 2480 SCardSvr - ok
15:56:59.0565 2480 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:56:59.0597 2480 Schedule - ok
15:56:59.0628 2480 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:56:59.0643 2480 SCPolicySvc - ok
15:56:59.0690 2480 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:56:59.0706 2480 sdbus - ok
15:56:59.0737 2480 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:56:59.0753 2480 SDRSVC - ok
15:56:59.0768 2480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:56:59.0831 2480 secdrv - ok
15:56:59.0846 2480 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:56:59.0877 2480 seclogon - ok
15:56:59.0893 2480 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:56:59.0924 2480 SENS - ok
15:56:59.0955 2480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:57:00.0002 2480 Serenum - ok
15:57:00.0096 2480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:57:00.0143 2480 Serial - ok
15:57:00.0174 2480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:57:00.0189 2480 sermouse - ok
15:57:00.0236 2480 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:57:00.0267 2480 SessionEnv - ok
15:57:00.0283 2480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:57:00.0299 2480 sffdisk - ok
15:57:00.0314 2480 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
15:57:00.0330 2480 sffp_mmc - ok
15:57:00.0361 2480 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:57:00.0377 2480 sffp_sd - ok
15:57:00.0392 2480 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:57:00.0455 2480 sfloppy - ok
15:57:00.0501 2480 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:57:00.0533 2480 SharedAccess - ok
15:57:00.0611 2480 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:57:00.0626 2480 ShellHWDetection - ok
15:57:00.0657 2480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:57:00.0673 2480 sisagp - ok
15:57:00.0689 2480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:57:00.0704 2480 SiSRaid2 - ok
15:57:00.0720 2480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:57:00.0735 2480 SiSRaid4 - ok
15:57:00.0829 2480 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
15:57:00.0845 2480 SkypeUpdate - ok
15:57:01.0313 2480 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:57:01.0547 2480 slsvc - ok
15:57:01.0687 2480 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:57:01.0749 2480 SLUINotify - ok
15:57:01.0812 2480 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:57:01.0843 2480 Smb - ok
15:57:01.0890 2480 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:57:01.0905 2480 SNMPTRAP - ok
15:57:01.0999 2480 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
15:57:02.0015 2480 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
15:57:02.0015 2480 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
15:57:02.0030 2480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:57:02.0046 2480 spldr - ok
15:57:02.0108 2480 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:57:02.0124 2480 Spooler - ok
15:57:02.0202 2480 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:57:02.0233 2480 srv - ok
15:57:02.0280 2480 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:57:02.0311 2480 srv2 - ok
15:57:02.0342 2480 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:02.0358 2480 srvnet - ok
15:57:02.0405 2480 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:57:02.0451 2480 SSDPSRV - ok
15:57:02.0483 2480 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:57:02.0498 2480 SstpSvc - ok
15:57:02.0545 2480 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:57:02.0592 2480 StillCam - ok
15:57:02.0888 2480 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:57:02.0997 2480 stisvc - ok
15:57:03.0107 2480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:57:03.0138 2480 swenum - ok
15:57:03.0231 2480 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:57:03.0263 2480 swprv - ok
15:57:03.0294 2480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:57:03.0309 2480 Symc8xx - ok
15:57:03.0309 2480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:57:03.0325 2480 Sym_hi - ok
15:57:03.0341 2480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:57:03.0356 2480 Sym_u3 - ok
15:57:03.0434 2480 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:57:03.0512 2480 SysMain - ok
15:57:03.0575 2480 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:57:03.0606 2480 TabletInputService - ok
15:57:03.0637 2480 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:57:03.0684 2480 TapiSrv - ok
15:57:03.0809 2480 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:57:03.0855 2480 TBS - ok
15:57:04.0011 2480 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
15:57:04.0058 2480 Tcpip - ok
15:57:04.0074 2480 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:04.0105 2480 Tcpip6 - ok
15:57:04.0136 2480 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
15:57:04.0167 2480 tcpipreg - ok
15:57:04.0199 2480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:57:04.0230 2480 TDPIPE - ok
15:57:04.0245 2480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:57:04.0277 2480 TDTCP - ok
15:57:04.0277 2480 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:57:04.0323 2480 tdx - ok
15:57:04.0339 2480 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:57:04.0355 2480 TermDD - ok
15:57:04.0433 2480 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:57:04.0464 2480 TermService - ok
15:57:04.0557 2480 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:57:04.0573 2480 Themes - ok
15:57:04.0604 2480 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:57:04.0635 2480 THREADORDER - ok
15:57:04.0667 2480 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:57:04.0698 2480 TrkWks - ok
15:57:04.0745 2480 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:57:04.0760 2480 TrustedInstaller - ok
15:57:04.0776 2480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:04.0823 2480 tssecsrv - ok
15:57:04.0854 2480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:57:04.0854 2480 tunmp - ok
15:57:04.0885 2480 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:04.0916 2480 tunnel - ok
15:57:04.0963 2480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:57:04.0963 2480 uagp35 - ok
15:57:05.0010 2480 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:57:05.0041 2480 udfs - ok
15:57:05.0072 2480 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:57:05.0103 2480 UI0Detect - ok
15:57:05.0119 2480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:57:05.0135 2480 uliagpkx - ok
15:57:05.0166 2480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:57:05.0181 2480 uliahci - ok
15:57:05.0213 2480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:57:05.0228 2480 UlSata - ok
15:57:05.0259 2480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:57:05.0259 2480 ulsata2 - ok
15:57:05.0291 2480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:57:05.0353 2480 umbus - ok
15:57:05.0400 2480 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:57:05.0447 2480 upnphost - ok
15:57:05.0556 2480 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:57:05.0571 2480 usbaudio - ok
15:57:05.0618 2480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:05.0649 2480 usbccgp - ok
15:57:05.0681 2480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:57:05.0712 2480 usbcir - ok
15:57:05.0743 2480 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:57:05.0774 2480 usbehci - ok
15:57:05.0821 2480 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:05.0837 2480 usbhub - ok
15:57:05.0852 2480 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:57:05.0899 2480 usbohci - ok
15:57:05.0930 2480 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:57:05.0977 2480 usbprint - ok
15:57:06.0008 2480 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:06.0055 2480 USBSTOR - ok
15:57:06.0071 2480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:06.0102 2480 usbuhci - ok
15:57:06.0133 2480 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:57:06.0164 2480 UxSms - ok
15:57:06.0227 2480 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:57:06.0273 2480 vds - ok
15:57:06.0336 2480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:06.0367 2480 vga - ok
15:57:06.0398 2480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:57:06.0429 2480 VgaSave - ok
15:57:06.0445 2480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:57:06.0461 2480 viaagp - ok
15:57:06.0476 2480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:57:06.0507 2480 ViaC7 - ok
15:57:06.0523 2480 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:57:06.0523 2480 viaide - ok
15:57:06.0554 2480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:57:06.0554 2480 volmgr - ok
15:57:06.0601 2480 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:57:06.0617 2480 volmgrx - ok
15:57:06.0663 2480 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:57:06.0679 2480 volsnap - ok
15:57:06.0710 2480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:57:06.0726 2480 vsmraid - ok
15:57:06.0851 2480 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:57:06.0897 2480 VSS - ok
15:57:07.0365 2480 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys
15:57:07.0475 2480 VX3000 - ok
15:57:07.0677 2480 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:57:07.0709 2480 W32Time - ok
15:57:07.0771 2480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:57:07.0802 2480 WacomPen - ok
15:57:07.0818 2480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:07.0849 2480 Wanarp - ok
15:57:07.0849 2480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:07.0865 2480 Wanarpv6 - ok
15:57:07.0927 2480 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:57:07.0958 2480 wcncsvc - ok
15:57:08.0005 2480 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:57:08.0036 2480 WcsPlugInService - ok
15:57:08.0052 2480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:57:08.0067 2480 Wd - ok
15:57:08.0223 2480 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:57:08.0239 2480 Wdf01000 - ok
15:57:08.0270 2480 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:57:08.0317 2480 WdiServiceHost - ok
15:57:08.0317 2480 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:57:08.0348 2480 WdiSystemHost - ok
15:57:08.0395 2480 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:57:08.0426 2480 WebClient - ok
15:57:08.0489 2480 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:57:08.0520 2480 Wecsvc - ok
15:57:08.0551 2480 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:57:08.0582 2480 wercplsupport - ok
15:57:08.0613 2480 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:57:08.0629 2480 WerSvc - ok
15:57:08.0723 2480 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:57:08.0738 2480 WinDefend - ok
15:57:08.0738 2480 WinHttpAutoProxySvc - ok
15:57:08.0816 2480 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:57:08.0847 2480 Winmgmt - ok
15:57:09.0035 2480 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:57:09.0097 2480 WinRM - ok
15:57:09.0222 2480 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:57:09.0269 2480 Wlansvc - ok
15:57:09.0315 2480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:09.0331 2480 WmiAcpi - ok
15:57:09.0409 2480 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:57:09.0440 2480 wmiApSrv - ok
15:57:09.0596 2480 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:57:09.0690 2480 WMPNetworkSvc - ok
15:57:09.0768 2480 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:57:09.0799 2480 WPCSvc - ok
15:57:09.0924 2480 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:57:09.0939 2480 WPDBusEnum - ok
15:57:10.0033 2480 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:57:10.0049 2480 WpdUsb - ok
15:57:10.0267 2480 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:57:10.0314 2480 WPFFontCache_v0400 - ok
15:57:10.0329 2480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:10.0361 2480 ws2ifsl - ok
15:57:10.0407 2480 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:57:10.0439 2480 wscsvc - ok
15:57:10.0439 2480 WSearch - ok
15:57:10.0517 2480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:10.0548 2480 WUDFRd - ok
15:57:10.0579 2480 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:57:10.0610 2480 wudfsvc - ok
15:57:10.0641 2480 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:57:11.0265 2480 \Device\Harddisk0\DR0 - ok
15:57:11.0265 2480 Boot (0x1200) (9db7e27d407b086af9e4e5e52d0b945b) \Device\Harddisk0\DR0\Partition0
15:57:11.0265 2480 \Device\Harddisk0\DR0\Partition0 - ok
15:57:11.0297 2480 Boot (0x1200) (d5ddba66795d961ca5eb9ab26d14da69) \Device\Harddisk0\DR0\Partition1
15:57:11.0297 2480 \Device\Harddisk0\DR0\Partition1 - ok
15:57:11.0297 2480 ============================================================
15:57:11.0297 2480 Scan finished
15:57:11.0297 2480 ============================================================
15:57:11.0297 3372 Detected object count: 2
15:57:11.0297 3372 Actual detected object count: 2
15:57:47.0161 3372 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:47.0177 3372 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:47.0177 3372 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:47.0177 3372 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

und der neue Otl.OTL Logfile:
Code:

OTL logfile created on: 26.07.2012 16:19:02 - Run 4
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,20% Memory free
6,22 Gb Paging File | 5,30 Gb Available in Paging File | 85,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 5,11 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCcUxSys.exe
PRC - [2011.04.20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCtrlCntr.exe
PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe
PRC - [2010.05.20 16:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.03.09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2009.05.05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.20 08:56:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 11:31:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\kxldapob.sys -- (kxldapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.26 15:51:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl2c3be4c9.sys -- (MpKsl2c3be4c9)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.06 09:08:25 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.05.20 16:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009.06.16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.29 10:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.06.12 09:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.22 10:20:48 | 000,106,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]
 
[2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 15:54:43 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.07.26 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.26 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 12:39:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.26 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.26 12:37:54 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.25 23:40:07 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otlvir
[2012.07.25 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otl
[2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C
[2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4
[2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll
[2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll
[2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll
[2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten
[2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll
[2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance
[2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited
[2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
[2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 16:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.26 15:28:22 | 005,803,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.26 15:28:22 | 002,217,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.26 15:28:22 | 001,659,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.26 15:28:21 | 001,827,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.26 15:21:05 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.07.26 15:20:56 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.26 15:20:54 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.26 15:20:53 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.26 15:20:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.26 15:20:52 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.07.26 15:20:50 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 15:20:50 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 15:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 15:20:40 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 12:39:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.26 12:38:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2012.07.25 22:35:47 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\ghgxs2i6.exe
[2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.07.25 22:20:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012.07.25 21:49:05 | 000,000,335 | ---- | M] () -- C:\Users\User\Desktop\FixExe.reg
[2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job
[2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 15:20:40 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 12:39:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.25 22:35:46 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\ghgxs2i6.exe
[2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.07.25 22:20:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.25 21:49:04 | 000,000,335 | ---- | C] () -- C:\Users\User\Desktop\FixExe.reg
[2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi
[2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk
[2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk
[2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk
[2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps
[2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk
[2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk
[2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi
[2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.07.01 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited
[2012.07.15 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ControlCenter4
[2012.06.06 10:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.04.25 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations
[2012.02.13 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer
[2012.05.06 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2012.02.11 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2012.04.25 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2012.07.15 12:31:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance
[2012.04.17 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.05.15 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\supertuxkart
[2012.02.13 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.03 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone
[2012.07.26 15:20:52 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.07.26 15:20:54 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.07.26 14:22:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Chris4You 26.07.2012 15:33

Hi,

sieht gut aus, noch eine Sache:


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:


:OTL
[2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C

:Commands
[emptytemp]
[Reboot]

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

Anna_Lena 26.07.2012 15:53

So, hier das Ergebnis:

All processes killed
========== OTL ==========
Folder C:\ProgramData\036DFF980009EDE70303F3072F3B707C\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 2355163 bytes
->Temporary Internet Files folder emptied: 1100631 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60686926 bytes
->Flash cache emptied: 726 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11720 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07262012_164941

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Chris4You 26.07.2012 16:05

Hi,

bitte noch mal ein neues OTL-Log erstellen und posten ....
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde Logfile posten
  • Poste die Logfiles hier in den Thread

chris

Anna_Lena 26.07.2012 16:18

Hier das Text:OTL Logfile:
Code:

OTL logfile created on: 26.07.2012 17:12:19 - Run 5
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free
6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Sony SCSI Helper Service) -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M]
 
[2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions
[2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun
O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\virenjagd
[2012.07.26 15:54:43 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.07.26 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.26 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 12:39:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.26 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C
[2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4
[2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll
[2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll
[2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll
[2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten
[2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll
[2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance
[2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.07.12 05:26:49 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 09:32:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited
[2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
[2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012.06.28 06:37:10 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.28 06:37:10 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.28 06:36:30 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.28 06:36:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.28 06:36:30 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.28 06:36:17 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.28 06:36:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 17:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.26 16:58:41 | 005,818,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.26 16:58:41 | 002,222,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.26 16:58:41 | 001,832,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.26 16:58:41 | 001,663,976 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.26 16:51:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.07.26 16:51:28 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.26 16:51:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.26 16:51:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.26 16:51:20 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.26 16:51:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 16:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 16:51:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job
[2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.07.12 11:31:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 11:31:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 16:51:08 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3
[2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG
[2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG
[2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG
[2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG
[2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG
[2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG
[2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG
[2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG
[2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG
[2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG
[2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG
[2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG
[2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG
[2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG
[2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG
[2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG
[2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG
[2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG
[2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG
[2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG
[2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG
[2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG
[2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG
[2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG
[2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG
[2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG
[2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG
[2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG
[2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG
[2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG
[2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG
[2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini
[2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi
[2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk
[2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk
[2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk
[2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps
[2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk
[2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk
[2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi
[2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

< End of report >

--- --- ---


Hier das extra. Habe vergessen offline und in den abgesicherten Modus zu gehen. Schlimm?OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 26.07.2012 17:12:19 - Run 5
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free
6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EB11FDB-91BE-4DFC-9951-BABF3574C895}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{57C02CB1-032D-46CC-A9F0-A0873B20135D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED2F557-6D09-4AD0-B2BF-1C146C35CAE4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{11043380-061F-4295-B0D9-193D6943243C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1BE30EA1-FE3D-48B5-8C92-BCB1487979A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2F88B01A-616C-4547-BC7B-3607A5B4D0E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{459C822C-D32B-43C2-AF26-6AEDE34AE231}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{6BE07647-3F33-4C98-A26D-08477008D1B0}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{736A42E4-3406-4AB2-BC16-AB7B1887DECF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{8AE498DC-860C-475C-8CAF-E318F7C40DDD}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{8D0FD68D-1C72-4BA2-85F0-A6B1802896A9}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{ACFF47EB-6608-4471-A290-3846E623EE7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B984B4BB-2274-40B6-A85C-1FD042E72A81}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{BE4EA823-9C8A-4BA4-8564-BDCBB4139F31}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{E53EEDBB-98E4-4EF2-AF41-E9F9749D3D65}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{F8BA4067-147D-4384-8EE8-F3CE0EBCE1DF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{581688A2-B5D6-4588-AC1A-38BA22215E52}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A267DE1C-46A4-4DF9-84B3-8AE5F32522EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C368DA75-0E22-444B-869B-EA38CCC4E4B1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DC7AAE58-9103-43A0-8BE6-CC617380FA88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{EED1472E-EB9D-45CA-A685-96E178237280}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{2FD2F649-B247-4D86-A555-F1DAE0620701}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{512DEE65-1151-4CBD-8A29-5DD65D4B4748}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6A2750C5-C41D-4A18-89C9-E4A3731DEE43}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BFF93823-6A52-4F17-A128-6E24706CBFF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F099BB8D-D4A9-456F-97A4-5957D23BAB44}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"FinalMediaPlayer_is1" = Final Media Player 2011
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 26.07.2012 10:01:02 | Computer Name = User-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/26 16:01:02.364]: [00002132]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.1.19] 
 
Error - 26.07.2012 10:46:40 | Computer Name = User-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ System Events ]
Error - 05.06.2012 02:47:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 05.06.2012 09:13:41 | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 05.06.2012 09:15:17 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.06.2012 18:21:25 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.06.2012 02:06:20 | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.106 für die Netzwerkkarte mit der Netzwerkadresse
 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.06.2012 02:07:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.06.2012 04:57:19 | Computer Name = User-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 06.06.2012 05:40:38 | Computer Name = User-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 06.06.2012 09:27:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 06.06.2012 09:29:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

--- --- ---

Chris4You 26.07.2012 18:35

Hi,

und nochmal ein Eintrag der weg muss:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[Reboot]

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

Anna_Lena 29.07.2012 19:03

Hallo Chris,

ich war zwei Tage nicht zuhause und kommte deshalb nicht weitermachen. Aber jetzt gehts weiter. Hier der log:


lg

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Neacybigr deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 39956 bytes
->Temporary Internet Files folder emptied: 301111 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30692747 bytes
->Flash cache emptied: 891 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77753 bytes
RecycleBin emptied: 13355 bytes

Total Files Cleaned = 30,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.1 log created on 07292012_195856

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Chris4You 30.07.2012 06:28

Hi,

wie verhält sich der Rechner?
Bitte noch mal ein neues OTL-Log posten...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132