|
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum auf NotebookWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2012, 23:03 | #1 |
| Live Security Platinum auf Notebook Liebe Trojanerboard Community, vorweg: Super Anlaufstelle. Zum Thema: Mein Notebook ist abgestürzt. Beim Neustarten ist der Virus aufgetreten. Die Symptome waren etwa so wie hier beschrieben: http://www.trojaner-board.de/116774-...entfernen.html Zunächst habe ich mir versucht durch googlen eine Lösung zu finden. Dabei bin ich auf diesen Forumseintrag von euch gestoßen und habe die Schritte wie dort beschrieben befolgt. Ohne Erfolg. http://www.trojaner-board.de/119769-...num-virus.html Als nächstes habe ich folgende Seite gefunden und versucht den Schritten zu folgen: http://www.trojaner-board.de/116774-...entfernen.html Abgesicherter Modus und Fix Exe habe ich noch hin bekommen. Danach war ich mir unsicher. Muss man die Schritte "Falsche Proxy Einstellungen entfernen" und den "Malewarescanner" auch im abgesicherten Modus machen? Auf die Internetoptionen konnte ich im abgesicherten Modus nicht zugreifen. Ich bin mir nicht sicher, ob ich die bisher durchgeführten Maßnahmen überhaupt hätte machen sollen. Einerseits stand in den Forumsregeln zwar, dass man nach vergleichbaren Problemen suchen soll. Andererseits habe ich auch gelesen, dass jedes Problem eine individuelle Lösung braucht. Anyway: Ich habe jetzt versucht die Schritte für einen eigenen Thread zu befolgen. Bevor der Log kommt noch eine Schwierigkeiten, die aufgetreten ist. Bei GMER kam kurz vor Abschluss des scans die Meldung. "Warning!!! GMER has found system..." In der Anleitung stand, dass man "no" klicken soll. Man konnte aber nur "ok" drücken, weshalb ich das Fenster mit "x" geschlossen habe. War das richtig? Hier die Otltext direkt in den Threat und die anderen im Anhang. OTL logfile created on: 25.07.2012 23:35:49 - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,42% Memory free 6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 4,21 Gb Free Space | 4,31% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.07.20 08:56:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 11:31:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\kxldapob.sys -- (kxldapob) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.25 22:35:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl6c41988e.sys -- (MpKsl6c41988e) DRV - [2012.06.06 09:08:25 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.05.20 16:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2009.06.16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.29 10:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.06.12 09:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.02.22 10:20:48 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] [2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video> -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [036DFF980009EDE70303F3072F3B707C] C:\ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otl [2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Oppa [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Erxu [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Acyhz [2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll [2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield [2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten [2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll [2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll [2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll [2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP [2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe ========== Files - Modified Within 30 Days ========== [2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk [2012.07.25 23:28:16 | 005,649,446 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.25 23:28:16 | 002,169,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.25 23:28:16 | 001,777,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.25 23:28:16 | 001,613,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.25 23:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 23:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 23:00:35 | 000,000,705 | ---- | M] () -- C:\Users\User\Desktop\Gmer.text [2012.07.25 22:35:47 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 22:07:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.07.25 22:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 22:07:05 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.07.25 21:49:05 | 000,000,335 | ---- | M] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:04:00 | 000,001,970 | ---- | M] () -- C:\Users\User\Desktop\Live Security Platinum.lnk [2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk ========== Files Created - No Company Name ========== [2012.07.25 23:00:34 | 000,000,705 | ---- | C] () -- C:\Users\User\Desktop\Gmer.text [2012.07.25 22:35:46 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 22:07:05 | 3217,522,688 | -HS- | C] () -- C:\hiberfil.sys [2012.07.25 21:49:04 | 000,000,335 | ---- | C] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.25 21:05:07 | 000,001,712 | ---- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\U\00000001.@ [2012.07.25 21:04:00 | 000,001,970 | ---- | C] () -- C:\Users\User\Desktop\Live Security Platinum.lnk [2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi [2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk [2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk [2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk [2012.02.12 15:01:14 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\@ [2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps [2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk [2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk [2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi [2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acyhz [2012.07.01 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.15 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.06.06 10:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2012.04.25 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2012.07.25 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Erxu [2012.02.13 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer [2012.05.06 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft [2012.02.11 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice [2012.04.25 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF [2012.07.15 12:31:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oppa [2012.04.17 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2012.05.15 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\supertuxkart [2012.02.13 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.03 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone [2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job [2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.07.25 22:00:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job ========== Purity Check ========== < End of report > |
26.07.2012, 07:00 | #2 |
| Live Security Platinum auf Notebook Hi,
__________________da läuft nicht nur Live-Security sondern auch ein Rootkit (ZAccess) bei Dir... Fix für OTL:
Code:
ATTFilter :OTL O4 - HKCU..\RunOnce: [036DFF980009EDE70303F3072F3B707C] C:\ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe () [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.25 21:05:07 | 000,001,712 | ---- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\U\00000001.@ [2012.02.12 15:01:14 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\@ [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acyhz [2012.07.25 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Erxu [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oppa :Commands [emptytemp] [Reboot]
Versuche jetzt die Interneteinstellungen im normalen Modus wieder hinzubiegen. Dann installiere MAM, Update und Fullscan! Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... Erstelle und poste nach dem Reboot ein neues OTL-Log! chris
__________________ |
26.07.2012, 09:28 | #3 |
| Live Security Platinum auf Notebook Hallo Chris,
__________________vielen Dank für deine schnelle Hilfe. Eine Frage noch zur Durchführung: Soll ich den Otl fix und das Maleware im abgesicherten Modus machen? Und sollte die Internetverbindung dabei gekappt sein? lg |
26.07.2012, 11:10 | #4 |
| Live Security Platinum auf Notebook Hi, abgesicherter Modus ist OK, vor der Trennung vom Internet MAM updaten, dann Offline gehen... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.07.2012, 11:47 | #5 |
| Live Security Platinum auf Notebook Hallo Chris, nochmal vielen Dank. Also ich habe das mit Otl gemacht. Das hat offensichtlich auch dazu geführt, dass der Virus beim Start nicht mehr erscheint. Super! Jetzt wollte ich noch Malewarebytes und Combofix machen. Du hast ja geschrieben, dass durch Combofix das System möglicherweise irreparabel geschädigt werden kann. Das wäre eine Katastrophe für mich. Im Moment habe ich auch keine Möglichkeit das ganze Zeug zu irgendwie zu sichern. Wie hoch ist die Wahrscheinlichkeit, dass ich mein Notebokk damit zerstöre? Muss ich Combofix unbedingt machen? Lg |
26.07.2012, 12:38 | #6 |
| Live Security Platinum auf Notebook Hi, normalerweise passiert nichts, dieses Jahr noch garnicht. Etwa so alle 1.000-2.000 Einsätze verhaken sich Malware und CF, das der Rechner über Reperaturkonsole wiederhergestellt werden kann. Ein einzigstes mal in ca. 4 Jahren musste Windows komplett neu installiert werden (das System war allerdings auch hochgradig verseucht). Lass MAM laufen und den Killer: TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein: Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris
__________________ --> Live Security Platinum auf Notebook |
26.07.2012, 12:45 | #7 |
| Live Security Platinum auf Notebook Hey, TDSS statt Combofix oder beide? lg |
26.07.2012, 12:49 | #8 |
| Live Security Platinum auf Notebook Hi, wir verzichten erstmal auf CF, wie geschrieben MAM und den Killer... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.07.2012, 14:47 | #9 |
| Live Security Platinum auf Notebook Hey Chris, also bis jetzt habe ich den Otl-fix gemacht und den Maleware. Nach subjektiver Einschätzung mit Erfolg. Hat aber auch einiges gefunden. Ein Log hier und einer im Anhang. Jetzt instaliere ich noch den tdss und mache das auch noch. Hier der Log von Maleware aus dem abgesicherten Modus, offline und als Administrator ausgeführt: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.11 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6002.18005 User :: USER-PC [Administrator] Schutz: Deaktiviert 26.07.2012 14:26:24 mbam-log-2012-07-26 (14-26-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 306201 Laufzeit: 39 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\n (RootKit.0Access) -> Löschen bei Neustart. C:\_OTL\MovedFiles\07262012_122313\C_ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07262012_122313\C_Users\User\AppData\Roaming\Acyhz\ebup.exe (Spyware.Zbot.RR) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Lg |
26.07.2012, 14:59 | #10 |
| Live Security Platinum auf Notebook Hi, erstelle und poste dann auch noch ein neues OTL-Log... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.07.2012, 15:17 | #11 |
| Live Security Platinum auf Notebook 15:55:36.0536 2308 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 15:55:36.0783 2308 ============================================================ 15:55:36.0783 2308 Current date / time: 2012/07/26 15:55:36.0783 15:55:36.0783 2308 SystemInfo: 15:55:36.0783 2308 15:55:36.0783 2308 OS Version: 6.0.6002 ServicePack: 2.0 15:55:36.0783 2308 Product type: Workstation 15:55:36.0783 2308 ComputerName: USER-PC 15:55:36.0783 2308 UserName: User 15:55:36.0783 2308 Windows directory: C:\Windows 15:55:36.0784 2308 System windows directory: C:\Windows 15:55:36.0784 2308 Processor architecture: Intel x86 15:55:36.0784 2308 Number of processors: 2 15:55:36.0784 2308 Page size: 0x1000 15:55:36.0784 2308 Boot type: Normal boot 15:55:36.0784 2308 ============================================================ 15:55:38.0047 2308 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:55:38.0049 2308 ============================================================ 15:55:38.0049 2308 \Device\Harddisk0\DR0: 15:55:38.0050 2308 MBR partitions: 15:55:38.0050 2308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0xC350000 15:55:38.0050 2308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC387000, BlocksNum 0x10E3E000 15:55:38.0050 2308 ============================================================ 15:55:38.0078 2308 C: <-> \Device\Harddisk0\DR0\Partition0 15:55:38.0125 2308 D: <-> \Device\Harddisk0\DR0\Partition1 15:55:38.0126 2308 ============================================================ 15:55:38.0126 2308 Initialize success 15:55:38.0126 2308 ============================================================ 15:56:35.0651 2480 ============================================================ 15:56:35.0651 2480 Scan started 15:56:35.0651 2480 Mode: Manual; SigCheck; TDLFS; 15:56:35.0651 2480 ============================================================ 15:56:36.0368 2480 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 15:56:36.0477 2480 ACPI - ok 15:56:36.0555 2480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:56:36.0571 2480 AdobeARMservice - ok 15:56:36.0696 2480 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:56:36.0711 2480 AdobeFlashPlayerUpdateSvc - ok 15:56:36.0805 2480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 15:56:36.0821 2480 adp94xx - ok 15:56:36.0867 2480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 15:56:36.0883 2480 adpahci - ok 15:56:36.0914 2480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 15:56:36.0930 2480 adpu160m - ok 15:56:36.0961 2480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 15:56:36.0977 2480 adpu320 - ok 15:56:37.0023 2480 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 15:56:37.0101 2480 AeLookupSvc - ok 15:56:37.0195 2480 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 15:56:37.0242 2480 AFD - ok 15:56:37.0289 2480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 15:56:37.0304 2480 agp440 - ok 15:56:37.0320 2480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 15:56:37.0335 2480 aic78xx - ok 15:56:37.0351 2480 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 15:56:37.0460 2480 ALG - ok 15:56:37.0491 2480 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 15:56:37.0507 2480 aliide - ok 15:56:37.0554 2480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 15:56:37.0569 2480 amdagp - ok 15:56:37.0585 2480 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 15:56:37.0601 2480 amdide - ok 15:56:37.0616 2480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 15:56:37.0647 2480 AmdK7 - ok 15:56:37.0663 2480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 15:56:37.0694 2480 AmdK8 - ok 15:56:37.0741 2480 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 15:56:37.0772 2480 Appinfo - ok 15:56:37.0835 2480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 15:56:37.0835 2480 arc - ok 15:56:37.0866 2480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 15:56:37.0881 2480 arcsas - ok 15:56:37.0897 2480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 15:56:37.0928 2480 AsyncMac - ok 15:56:37.0944 2480 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 15:56:37.0959 2480 atapi - ok 15:56:38.0053 2480 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:56:38.0100 2480 AudioEndpointBuilder - ok 15:56:38.0115 2480 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:56:38.0131 2480 Audiosrv - ok 15:56:38.0303 2480 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys 15:56:38.0396 2480 BCM43XX - ok 15:56:38.0474 2480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 15:56:38.0537 2480 Beep - ok 15:56:38.0615 2480 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 15:56:38.0646 2480 BFE - ok 15:56:38.0677 2480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 15:56:38.0708 2480 blbdrive - ok 15:56:38.0755 2480 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 15:56:38.0802 2480 bowser - ok 15:56:38.0833 2480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 15:56:38.0864 2480 BrFiltLo - ok 15:56:38.0880 2480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 15:56:38.0911 2480 BrFiltUp - ok 15:56:38.0942 2480 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 15:56:38.0973 2480 Browser - ok 15:56:38.0989 2480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 15:56:39.0176 2480 Brserid - ok 15:56:39.0223 2480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 15:56:39.0285 2480 BrSerWdm - ok 15:56:39.0301 2480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 15:56:39.0363 2480 BrUsbMdm - ok 15:56:39.0379 2480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 15:56:39.0410 2480 BrUsbSer - ok 15:56:39.0519 2480 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe 15:56:39.0535 2480 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 15:56:39.0535 2480 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 15:56:39.0566 2480 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 15:56:39.0613 2480 BTHMODEM - ok 15:56:39.0660 2480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 15:56:39.0707 2480 cdfs - ok 15:56:39.0722 2480 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 15:56:39.0753 2480 cdrom - ok 15:56:39.0769 2480 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:56:39.0800 2480 CertPropSvc - ok 15:56:39.0831 2480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 15:56:39.0878 2480 circlass - ok 15:56:39.0987 2480 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 15:56:40.0003 2480 CLFS - ok 15:56:40.0097 2480 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:56:40.0097 2480 clr_optimization_v2.0.50727_32 - ok 15:56:40.0299 2480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:56:40.0315 2480 clr_optimization_v4.0.30319_32 - ok 15:56:40.0362 2480 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 15:56:40.0393 2480 CmBatt - ok 15:56:40.0424 2480 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 15:56:40.0440 2480 cmdide - ok 15:56:40.0455 2480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 15:56:40.0471 2480 Compbatt - ok 15:56:40.0471 2480 COMSysApp - ok 15:56:40.0487 2480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 15:56:40.0487 2480 crcdisk - ok 15:56:40.0518 2480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 15:56:40.0549 2480 Crusoe - ok 15:56:40.0611 2480 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 15:56:40.0658 2480 CryptSvc - ok 15:56:40.0767 2480 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:56:40.0799 2480 DcomLaunch - ok 15:56:40.0861 2480 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 15:56:40.0892 2480 DfsC - ok 15:56:41.0189 2480 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 15:56:41.0313 2480 DFSR - ok 15:56:41.0485 2480 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 15:56:41.0532 2480 Dhcp - ok 15:56:41.0594 2480 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 15:56:41.0610 2480 disk - ok 15:56:41.0672 2480 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 15:56:41.0703 2480 Dnscache - ok 15:56:41.0750 2480 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 15:56:41.0781 2480 dot3svc - ok 15:56:41.0797 2480 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 15:56:41.0844 2480 DPS - ok 15:56:41.0875 2480 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 15:56:41.0906 2480 drmkaud - ok 15:56:41.0984 2480 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 15:56:42.0000 2480 dtsoftbus01 - ok 15:56:42.0109 2480 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 15:56:42.0140 2480 DXGKrnl - ok 15:56:42.0218 2480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:56:42.0265 2480 E1G60 - ok 15:56:42.0296 2480 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 15:56:42.0327 2480 EapHost - ok 15:56:42.0374 2480 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 15:56:42.0390 2480 Ecache - ok 15:56:42.0483 2480 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 15:56:42.0483 2480 ehRecvr - ok 15:56:42.0515 2480 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 15:56:42.0546 2480 ehSched - ok 15:56:42.0561 2480 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 15:56:42.0593 2480 ehstart - ok 15:56:42.0671 2480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 15:56:42.0686 2480 elxstor - ok 15:56:42.0795 2480 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 15:56:42.0873 2480 EMDMgmt - ok 15:56:42.0905 2480 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys 15:56:42.0936 2480 ErrDev - ok 15:56:42.0983 2480 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 15:56:43.0014 2480 EventSystem - ok 15:56:43.0061 2480 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 15:56:43.0107 2480 exfat - ok 15:56:43.0154 2480 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 15:56:43.0170 2480 fastfat - ok 15:56:43.0201 2480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 15:56:43.0232 2480 fdc - ok 15:56:43.0248 2480 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 15:56:43.0279 2480 fdPHost - ok 15:56:43.0279 2480 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 15:56:43.0326 2480 FDResPub - ok 15:56:43.0357 2480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 15:56:43.0357 2480 FileInfo - ok 15:56:43.0388 2480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 15:56:43.0404 2480 Filetrace - ok 15:56:43.0435 2480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 15:56:43.0466 2480 flpydisk - ok 15:56:43.0497 2480 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 15:56:43.0529 2480 FltMgr - ok 15:56:43.0685 2480 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 15:56:43.0716 2480 FontCache - ok 15:56:43.0825 2480 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:56:43.0825 2480 FontCache3.0.0.0 - ok 15:56:43.0872 2480 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 15:56:43.0919 2480 Fs_Rec - ok 15:56:43.0950 2480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 15:56:43.0965 2480 gagp30kx - ok 15:56:44.0059 2480 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 15:56:44.0121 2480 gpsvc - ok 15:56:44.0262 2480 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:56:44.0277 2480 gupdate - ok 15:56:44.0277 2480 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 15:56:44.0293 2480 gupdatem - ok 15:56:44.0355 2480 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 15:56:44.0402 2480 HdAudAddService - ok 15:56:44.0496 2480 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:56:44.0543 2480 HDAudBus - ok 15:56:44.0589 2480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 15:56:44.0636 2480 HidBth - ok 15:56:44.0667 2480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 15:56:44.0714 2480 HidIr - ok 15:56:44.0730 2480 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 15:56:44.0745 2480 hidserv - ok 15:56:44.0777 2480 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 15:56:44.0808 2480 HidUsb - ok 15:56:44.0839 2480 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 15:56:44.0870 2480 hkmsvc - ok 15:56:44.0886 2480 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys 15:56:44.0901 2480 HpCISSs - ok 15:56:44.0979 2480 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 15:56:45.0026 2480 HTTP - ok 15:56:45.0073 2480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 15:56:45.0089 2480 i2omp - ok 15:56:45.0120 2480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 15:56:45.0167 2480 i8042prt - ok 15:56:45.0198 2480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 15:56:45.0213 2480 iaStorV - ok 15:56:45.0354 2480 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:56:45.0416 2480 idsvc - ok 15:56:45.0432 2480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 15:56:45.0432 2480 iirsp - ok 15:56:45.0588 2480 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 15:56:45.0713 2480 IKEEXT - ok 15:56:45.0728 2480 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 15:56:45.0744 2480 intelide - ok 15:56:45.0759 2480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 15:56:45.0806 2480 intelppm - ok 15:56:45.0853 2480 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 15:56:45.0915 2480 IPBusEnum - ok 15:56:45.0931 2480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:56:45.0962 2480 IpFilterDriver - ok 15:56:46.0025 2480 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 15:56:46.0056 2480 iphlpsvc - ok 15:56:46.0071 2480 IpInIp - ok 15:56:46.0103 2480 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys 15:56:46.0134 2480 IPMIDRV - ok 15:56:46.0165 2480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 15:56:46.0181 2480 IPNAT - ok 15:56:46.0227 2480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 15:56:46.0259 2480 IRENUM - ok 15:56:46.0274 2480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 15:56:46.0290 2480 isapnp - ok 15:56:46.0352 2480 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 15:56:46.0368 2480 iScsiPrt - ok 15:56:46.0383 2480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 15:56:46.0399 2480 iteatapi - ok 15:56:46.0461 2480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 15:56:46.0477 2480 iteraid - ok 15:56:46.0555 2480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:56:46.0555 2480 kbdclass - ok 15:56:46.0586 2480 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 15:56:46.0602 2480 kbdhid - ok 15:56:46.0680 2480 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:56:46.0695 2480 KeyIso - ok 15:56:46.0883 2480 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys 15:56:46.0914 2480 KSecDD - ok 15:56:46.0992 2480 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 15:56:47.0101 2480 KtmRm - ok 15:56:47.0179 2480 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 15:56:47.0195 2480 LanmanServer - ok 15:56:47.0257 2480 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 15:56:47.0288 2480 LanmanWorkstation - ok 15:56:47.0319 2480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 15:56:47.0335 2480 lltdio - ok 15:56:47.0382 2480 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 15:56:47.0413 2480 lltdsvc - ok 15:56:47.0429 2480 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 15:56:47.0475 2480 lmhosts - ok 15:56:47.0491 2480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 15:56:47.0507 2480 LSI_FC - ok 15:56:47.0522 2480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 15:56:47.0538 2480 LSI_SAS - ok 15:56:47.0569 2480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 15:56:47.0585 2480 LSI_SCSI - ok 15:56:47.0616 2480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 15:56:47.0647 2480 luafv - ok 15:56:47.0709 2480 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 15:56:47.0725 2480 MBAMProtector - ok 15:56:47.0865 2480 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:56:47.0912 2480 MBAMService - ok 15:56:47.0943 2480 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 15:56:47.0990 2480 Mcx2Svc - ok 15:56:48.0021 2480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 15:56:48.0037 2480 megasas - ok 15:56:48.0099 2480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 15:56:48.0131 2480 MegaSR - ok 15:56:48.0162 2480 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:56:48.0193 2480 MMCSS - ok 15:56:48.0209 2480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 15:56:48.0240 2480 Modem - ok 15:56:48.0271 2480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 15:56:48.0318 2480 monitor - ok 15:56:48.0333 2480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 15:56:48.0333 2480 mouclass - ok 15:56:48.0349 2480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 15:56:48.0396 2480 mouhid - ok 15:56:48.0411 2480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 15:56:48.0427 2480 MountMgr - ok 15:56:48.0583 2480 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:56:48.0583 2480 MozillaMaintenance - ok 15:56:48.0692 2480 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 15:56:48.0723 2480 MpFilter - ok 15:56:48.0770 2480 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys 15:56:48.0786 2480 mpio - ok 15:56:48.0895 2480 MpKsl2c3be4c9 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl2c3be4c9.sys 15:56:48.0911 2480 MpKsl2c3be4c9 - ok 15:56:48.0942 2480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 15:56:48.0973 2480 mpsdrv - ok 15:56:49.0035 2480 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 15:56:49.0082 2480 MpsSvc - ok 15:56:49.0113 2480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 15:56:49.0129 2480 Mraid35x - ok 15:56:49.0160 2480 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 15:56:49.0191 2480 MRxDAV - ok 15:56:49.0254 2480 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:56:49.0285 2480 mrxsmb - ok 15:56:49.0301 2480 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:56:49.0347 2480 mrxsmb10 - ok 15:56:49.0363 2480 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:56:49.0394 2480 mrxsmb20 - ok 15:56:49.0441 2480 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 15:56:49.0457 2480 msahci - ok 15:56:49.0597 2480 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe 15:56:49.0613 2480 MSCamSvc - ok 15:56:49.0628 2480 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys 15:56:49.0644 2480 msdsm - ok 15:56:49.0706 2480 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 15:56:49.0753 2480 MSDTC - ok 15:56:49.0815 2480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 15:56:49.0847 2480 Msfs - ok 15:56:49.0862 2480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 15:56:49.0878 2480 msisadrv - ok 15:56:49.0909 2480 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 15:56:49.0940 2480 MSiSCSI - ok 15:56:49.0940 2480 msiserver - ok 15:56:49.0971 2480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 15:56:50.0003 2480 MSKSSRV - ok 15:56:50.0018 2480 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 15:56:50.0034 2480 MsMpSvc - ok 15:56:50.0065 2480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 15:56:50.0096 2480 MSPCLOCK - ok 15:56:50.0112 2480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 15:56:50.0143 2480 MSPQM - ok 15:56:50.0174 2480 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 15:56:50.0190 2480 MsRPC - ok 15:56:50.0205 2480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 15:56:50.0221 2480 mssmbios - ok 15:56:50.0237 2480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 15:56:50.0268 2480 MSTEE - ok 15:56:50.0299 2480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 15:56:50.0315 2480 Mup - ok 15:56:50.0361 2480 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 15:56:50.0393 2480 napagent - ok 15:56:50.0455 2480 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 15:56:50.0471 2480 NativeWifiP - ok 15:56:50.0549 2480 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 15:56:50.0580 2480 NDIS - ok 15:56:50.0595 2480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 15:56:50.0611 2480 NdisTapi - ok 15:56:50.0627 2480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 15:56:50.0642 2480 Ndisuio - ok 15:56:50.0673 2480 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:56:50.0705 2480 NdisWan - ok 15:56:50.0736 2480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 15:56:50.0767 2480 NDProxy - ok 15:56:50.0798 2480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 15:56:50.0845 2480 NetBIOS - ok 15:56:50.0876 2480 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 15:56:50.0907 2480 netbt - ok 15:56:50.0954 2480 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:56:50.0970 2480 Netlogon - ok 15:56:51.0017 2480 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 15:56:51.0063 2480 Netman - ok 15:56:51.0110 2480 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 15:56:51.0157 2480 netprofm - ok 15:56:51.0219 2480 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:56:51.0235 2480 NetTcpPortSharing - ok 15:56:51.0266 2480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 15:56:51.0282 2480 nfrd960 - ok 15:56:51.0344 2480 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:56:51.0344 2480 NisDrv - ok 15:56:51.0500 2480 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe 15:56:51.0516 2480 NisSrv - ok 15:56:51.0672 2480 NitroReaderDriverReadSpool2 (a027e499f6a62134d31018b1f77af2ae) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe 15:56:51.0672 2480 NitroReaderDriverReadSpool2 - ok 15:56:51.0719 2480 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 15:56:51.0781 2480 NlaSvc - ok 15:56:51.0828 2480 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe 15:56:51.0843 2480 NMSAccessU - ok 15:56:51.0875 2480 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 15:56:51.0890 2480 Npfs - ok 15:56:51.0906 2480 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 15:56:51.0921 2480 nsi - ok 15:56:51.0937 2480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 15:56:51.0968 2480 nsiproxy - ok 15:56:52.0109 2480 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 15:56:52.0155 2480 Ntfs - ok 15:56:52.0187 2480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 15:56:52.0218 2480 ntrigdigi - ok 15:56:52.0233 2480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 15:56:52.0265 2480 Null - ok 15:56:53.0357 2480 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:56:53.0871 2480 nvlddmkm - ok 15:56:54.0059 2480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 15:56:54.0090 2480 nvraid - ok 15:56:54.0105 2480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 15:56:54.0137 2480 nvstor - ok 15:56:54.0168 2480 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) C:\Windows\system32\nvvsvc.exe 15:56:54.0199 2480 nvsvc - ok 15:56:54.0230 2480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 15:56:54.0261 2480 nv_agp - ok 15:56:54.0261 2480 NwlnkFlt - ok 15:56:54.0261 2480 NwlnkFwd - ok 15:56:54.0371 2480 o2flash (bbd5503999f331278db39046888d559c) C:\Windows\system32\DRIVERS\o2flash.exe 15:56:54.0386 2480 o2flash - ok 15:56:54.0402 2480 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\Windows\system32\DRIVERS\o2media.sys 15:56:54.0417 2480 O2MDRDR - ok 15:56:54.0464 2480 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys 15:56:54.0495 2480 O2SDRDR - ok 15:56:54.0527 2480 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 15:56:54.0573 2480 ohci1394 - ok 15:56:54.0683 2480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:56:54.0698 2480 ose - ok 15:56:55.0213 2480 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:56:55.0400 2480 osppsvc - ok 15:56:55.0650 2480 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:56:55.0728 2480 p2pimsvc - ok 15:56:55.0728 2480 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:56:55.0759 2480 p2psvc - ok 15:56:55.0837 2480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 15:56:55.0884 2480 Parport - ok 15:56:55.0931 2480 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 15:56:55.0946 2480 partmgr - ok 15:56:55.0962 2480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 15:56:56.0009 2480 Parvdm - ok 15:56:56.0040 2480 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 15:56:56.0071 2480 PcaSvc - ok 15:56:56.0102 2480 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 15:56:56.0118 2480 pci - ok 15:56:56.0149 2480 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 15:56:56.0165 2480 pciide - ok 15:56:56.0196 2480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 15:56:56.0211 2480 pcmcia - ok 15:56:56.0321 2480 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe 15:56:56.0336 2480 PDFProFiltSrvPP - ok 15:56:56.0461 2480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 15:56:56.0570 2480 PEAUTH - ok 15:56:56.0757 2480 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 15:56:56.0820 2480 pla - ok 15:56:57.0007 2480 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 15:56:57.0054 2480 PlugPlay - ok 15:56:57.0225 2480 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:56:57.0272 2480 PNRPAutoReg - ok 15:56:57.0288 2480 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:56:57.0303 2480 PNRPsvc - ok 15:56:57.0397 2480 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 15:56:57.0428 2480 PolicyAgent - ok 15:56:57.0491 2480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 15:56:57.0522 2480 PptpMiniport - ok 15:56:57.0537 2480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 15:56:57.0569 2480 Processor - ok 15:56:57.0615 2480 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 15:56:57.0631 2480 ProfSvc - ok 15:56:57.0693 2480 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:56:57.0709 2480 ProtectedStorage - ok 15:56:57.0725 2480 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 15:56:57.0756 2480 PSched - ok 15:56:57.0912 2480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 15:56:57.0974 2480 ql2300 - ok 15:56:58.0037 2480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 15:56:58.0037 2480 ql40xx - ok 15:56:58.0083 2480 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 15:56:58.0115 2480 QWAVE - ok 15:56:58.0130 2480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 15:56:58.0146 2480 QWAVEdrv - ok 15:56:58.0177 2480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 15:56:58.0208 2480 RasAcd - ok 15:56:58.0239 2480 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 15:56:58.0286 2480 RasAuto - ok 15:56:58.0317 2480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:56:58.0349 2480 Rasl2tp - ok 15:56:58.0380 2480 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 15:56:58.0411 2480 RasMan - ok 15:56:58.0411 2480 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 15:56:58.0442 2480 RasPppoe - ok 15:56:58.0473 2480 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 15:56:58.0489 2480 RasSstp - ok 15:56:58.0520 2480 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 15:56:58.0551 2480 rdbss - ok 15:56:58.0567 2480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:56:58.0598 2480 RDPCDD - ok 15:56:58.0645 2480 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys 15:56:58.0661 2480 rdpdr - ok 15:56:58.0661 2480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 15:56:58.0692 2480 RDPENCDD - ok 15:56:58.0739 2480 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 15:56:58.0754 2480 RDPWD - ok 15:56:58.0801 2480 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 15:56:58.0832 2480 RemoteAccess - ok 15:56:58.0879 2480 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 15:56:58.0895 2480 RemoteRegistry - ok 15:56:58.0910 2480 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 15:56:58.0926 2480 RpcLocator - ok 15:56:59.0051 2480 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:56:59.0082 2480 RpcSs - ok 15:56:59.0144 2480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 15:56:59.0207 2480 rspndr - ok 15:56:59.0253 2480 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys 15:56:59.0316 2480 RTL8169 - ok 15:56:59.0347 2480 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:56:59.0363 2480 SamSs - ok 15:56:59.0394 2480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 15:56:59.0409 2480 sbp2port - ok 15:56:59.0441 2480 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 15:56:59.0456 2480 SCardSvr - ok 15:56:59.0565 2480 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 15:56:59.0597 2480 Schedule - ok 15:56:59.0628 2480 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:56:59.0643 2480 SCPolicySvc - ok 15:56:59.0690 2480 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 15:56:59.0706 2480 sdbus - ok 15:56:59.0737 2480 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 15:56:59.0753 2480 SDRSVC - ok 15:56:59.0768 2480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:56:59.0831 2480 secdrv - ok 15:56:59.0846 2480 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 15:56:59.0877 2480 seclogon - ok 15:56:59.0893 2480 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 15:56:59.0924 2480 SENS - ok 15:56:59.0955 2480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 15:57:00.0002 2480 Serenum - ok 15:57:00.0096 2480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 15:57:00.0143 2480 Serial - ok 15:57:00.0174 2480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 15:57:00.0189 2480 sermouse - ok 15:57:00.0236 2480 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 15:57:00.0267 2480 SessionEnv - ok 15:57:00.0283 2480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 15:57:00.0299 2480 sffdisk - ok 15:57:00.0314 2480 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys 15:57:00.0330 2480 sffp_mmc - ok 15:57:00.0361 2480 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:57:00.0377 2480 sffp_sd - ok 15:57:00.0392 2480 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 15:57:00.0455 2480 sfloppy - ok 15:57:00.0501 2480 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 15:57:00.0533 2480 SharedAccess - ok 15:57:00.0611 2480 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 15:57:00.0626 2480 ShellHWDetection - ok 15:57:00.0657 2480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 15:57:00.0673 2480 sisagp - ok 15:57:00.0689 2480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 15:57:00.0704 2480 SiSRaid2 - ok 15:57:00.0720 2480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 15:57:00.0735 2480 SiSRaid4 - ok 15:57:00.0829 2480 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe 15:57:00.0845 2480 SkypeUpdate - ok 15:57:01.0313 2480 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 15:57:01.0547 2480 slsvc - ok 15:57:01.0687 2480 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 15:57:01.0749 2480 SLUINotify - ok 15:57:01.0812 2480 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 15:57:01.0843 2480 Smb - ok 15:57:01.0890 2480 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 15:57:01.0905 2480 SNMPTRAP - ok 15:57:01.0999 2480 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 15:57:02.0015 2480 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning 15:57:02.0015 2480 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1) 15:57:02.0030 2480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 15:57:02.0046 2480 spldr - ok 15:57:02.0108 2480 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 15:57:02.0124 2480 Spooler - ok 15:57:02.0202 2480 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 15:57:02.0233 2480 srv - ok 15:57:02.0280 2480 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 15:57:02.0311 2480 srv2 - ok 15:57:02.0342 2480 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 15:57:02.0358 2480 srvnet - ok 15:57:02.0405 2480 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 15:57:02.0451 2480 SSDPSRV - ok 15:57:02.0483 2480 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 15:57:02.0498 2480 SstpSvc - ok 15:57:02.0545 2480 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 15:57:02.0592 2480 StillCam - ok 15:57:02.0888 2480 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 15:57:02.0997 2480 stisvc - ok 15:57:03.0107 2480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 15:57:03.0138 2480 swenum - ok 15:57:03.0231 2480 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 15:57:03.0263 2480 swprv - ok 15:57:03.0294 2480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 15:57:03.0309 2480 Symc8xx - ok 15:57:03.0309 2480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 15:57:03.0325 2480 Sym_hi - ok 15:57:03.0341 2480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 15:57:03.0356 2480 Sym_u3 - ok 15:57:03.0434 2480 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 15:57:03.0512 2480 SysMain - ok 15:57:03.0575 2480 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 15:57:03.0606 2480 TabletInputService - ok 15:57:03.0637 2480 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 15:57:03.0684 2480 TapiSrv - ok 15:57:03.0809 2480 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 15:57:03.0855 2480 TBS - ok 15:57:04.0011 2480 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys 15:57:04.0058 2480 Tcpip - ok 15:57:04.0074 2480 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys 15:57:04.0105 2480 Tcpip6 - ok 15:57:04.0136 2480 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys 15:57:04.0167 2480 tcpipreg - ok 15:57:04.0199 2480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 15:57:04.0230 2480 TDPIPE - ok 15:57:04.0245 2480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 15:57:04.0277 2480 TDTCP - ok 15:57:04.0277 2480 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 15:57:04.0323 2480 tdx - ok 15:57:04.0339 2480 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 15:57:04.0355 2480 TermDD - ok 15:57:04.0433 2480 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 15:57:04.0464 2480 TermService - ok 15:57:04.0557 2480 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 15:57:04.0573 2480 Themes - ok 15:57:04.0604 2480 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:57:04.0635 2480 THREADORDER - ok 15:57:04.0667 2480 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 15:57:04.0698 2480 TrkWks - ok 15:57:04.0745 2480 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 15:57:04.0760 2480 TrustedInstaller - ok 15:57:04.0776 2480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:57:04.0823 2480 tssecsrv - ok 15:57:04.0854 2480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 15:57:04.0854 2480 tunmp - ok 15:57:04.0885 2480 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 15:57:04.0916 2480 tunnel - ok 15:57:04.0963 2480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 15:57:04.0963 2480 uagp35 - ok 15:57:05.0010 2480 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 15:57:05.0041 2480 udfs - ok 15:57:05.0072 2480 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 15:57:05.0103 2480 UI0Detect - ok 15:57:05.0119 2480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 15:57:05.0135 2480 uliagpkx - ok 15:57:05.0166 2480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 15:57:05.0181 2480 uliahci - ok 15:57:05.0213 2480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 15:57:05.0228 2480 UlSata - ok 15:57:05.0259 2480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 15:57:05.0259 2480 ulsata2 - ok 15:57:05.0291 2480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 15:57:05.0353 2480 umbus - ok 15:57:05.0400 2480 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 15:57:05.0447 2480 upnphost - ok 15:57:05.0556 2480 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 15:57:05.0571 2480 usbaudio - ok 15:57:05.0618 2480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 15:57:05.0649 2480 usbccgp - ok 15:57:05.0681 2480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 15:57:05.0712 2480 usbcir - ok 15:57:05.0743 2480 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 15:57:05.0774 2480 usbehci - ok 15:57:05.0821 2480 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 15:57:05.0837 2480 usbhub - ok 15:57:05.0852 2480 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 15:57:05.0899 2480 usbohci - ok 15:57:05.0930 2480 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 15:57:05.0977 2480 usbprint - ok 15:57:06.0008 2480 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:57:06.0055 2480 USBSTOR - ok 15:57:06.0071 2480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 15:57:06.0102 2480 usbuhci - ok 15:57:06.0133 2480 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 15:57:06.0164 2480 UxSms - ok 15:57:06.0227 2480 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 15:57:06.0273 2480 vds - ok 15:57:06.0336 2480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 15:57:06.0367 2480 vga - ok 15:57:06.0398 2480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 15:57:06.0429 2480 VgaSave - ok 15:57:06.0445 2480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 15:57:06.0461 2480 viaagp - ok 15:57:06.0476 2480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 15:57:06.0507 2480 ViaC7 - ok 15:57:06.0523 2480 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 15:57:06.0523 2480 viaide - ok 15:57:06.0554 2480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 15:57:06.0554 2480 volmgr - ok 15:57:06.0601 2480 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 15:57:06.0617 2480 volmgrx - ok 15:57:06.0663 2480 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 15:57:06.0679 2480 volsnap - ok 15:57:06.0710 2480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 15:57:06.0726 2480 vsmraid - ok 15:57:06.0851 2480 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 15:57:06.0897 2480 VSS - ok 15:57:07.0365 2480 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys 15:57:07.0475 2480 VX3000 - ok 15:57:07.0677 2480 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 15:57:07.0709 2480 W32Time - ok 15:57:07.0771 2480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 15:57:07.0802 2480 WacomPen - ok 15:57:07.0818 2480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:57:07.0849 2480 Wanarp - ok 15:57:07.0849 2480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:57:07.0865 2480 Wanarpv6 - ok 15:57:07.0927 2480 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 15:57:07.0958 2480 wcncsvc - ok 15:57:08.0005 2480 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 15:57:08.0036 2480 WcsPlugInService - ok 15:57:08.0052 2480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 15:57:08.0067 2480 Wd - ok 15:57:08.0223 2480 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:57:08.0239 2480 Wdf01000 - ok 15:57:08.0270 2480 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:57:08.0317 2480 WdiServiceHost - ok 15:57:08.0317 2480 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:57:08.0348 2480 WdiSystemHost - ok 15:57:08.0395 2480 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 15:57:08.0426 2480 WebClient - ok 15:57:08.0489 2480 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 15:57:08.0520 2480 Wecsvc - ok 15:57:08.0551 2480 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 15:57:08.0582 2480 wercplsupport - ok 15:57:08.0613 2480 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 15:57:08.0629 2480 WerSvc - ok 15:57:08.0723 2480 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 15:57:08.0738 2480 WinDefend - ok 15:57:08.0738 2480 WinHttpAutoProxySvc - ok 15:57:08.0816 2480 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 15:57:08.0847 2480 Winmgmt - ok 15:57:09.0035 2480 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 15:57:09.0097 2480 WinRM - ok 15:57:09.0222 2480 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 15:57:09.0269 2480 Wlansvc - ok 15:57:09.0315 2480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:57:09.0331 2480 WmiAcpi - ok 15:57:09.0409 2480 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 15:57:09.0440 2480 wmiApSrv - ok 15:57:09.0596 2480 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 15:57:09.0690 2480 WMPNetworkSvc - ok 15:57:09.0768 2480 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 15:57:09.0799 2480 WPCSvc - ok 15:57:09.0924 2480 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 15:57:09.0939 2480 WPDBusEnum - ok 15:57:10.0033 2480 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 15:57:10.0049 2480 WpdUsb - ok 15:57:10.0267 2480 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:57:10.0314 2480 WPFFontCache_v0400 - ok 15:57:10.0329 2480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 15:57:10.0361 2480 ws2ifsl - ok 15:57:10.0407 2480 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 15:57:10.0439 2480 wscsvc - ok 15:57:10.0439 2480 WSearch - ok 15:57:10.0517 2480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:57:10.0548 2480 WUDFRd - ok 15:57:10.0579 2480 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 15:57:10.0610 2480 wudfsvc - ok 15:57:10.0641 2480 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 15:57:11.0265 2480 \Device\Harddisk0\DR0 - ok 15:57:11.0265 2480 Boot (0x1200) (9db7e27d407b086af9e4e5e52d0b945b) \Device\Harddisk0\DR0\Partition0 15:57:11.0265 2480 \Device\Harddisk0\DR0\Partition0 - ok 15:57:11.0297 2480 Boot (0x1200) (d5ddba66795d961ca5eb9ab26d14da69) \Device\Harddisk0\DR0\Partition1 15:57:11.0297 2480 \Device\Harddisk0\DR0\Partition1 - ok 15:57:11.0297 2480 ============================================================ 15:57:11.0297 2480 Scan finished 15:57:11.0297 2480 ============================================================ 15:57:11.0297 3372 Detected object count: 2 15:57:11.0297 3372 Actual detected object count: 2 15:57:47.0161 3372 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:57:47.0177 3372 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:57:47.0177 3372 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:57:47.0177 3372 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip und der neue Otl.OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 16:19:02 - Run 4 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,20% Memory free 6,22 Gb Paging File | 5,30 Gb Available in Paging File | 85,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 5,11 Gb Free Space | 5,23% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCcUxSys.exe PRC - [2011.04.20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCtrlCntr.exe PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe PRC - [2010.05.20 16:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2010.03.09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.03.05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe PRC - [2009.05.05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.20 08:56:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 11:31:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\kxldapob.sys -- (kxldapob) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.26 15:51:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl2c3be4c9.sys -- (MpKsl2c3be4c9) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.06 09:08:25 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.05.20 16:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2009.06.16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.29 10:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.06.12 09:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.02.22 10:20:48 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] [2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 15:54:43 | 000,000,000 | ---D | C] -- C:\TDSS [2012.07.26 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.07.26 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.26 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.26 12:39:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.26 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.26 12:37:54 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.25 23:40:07 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otlvir [2012.07.25 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otl [2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll [2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield [2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten [2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll [2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll [2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll [2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP [2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe ========== Files - Modified Within 30 Days ========== [2012.07.26 16:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.26 15:28:22 | 005,803,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.26 15:28:22 | 002,217,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.26 15:28:22 | 001,659,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.26 15:28:21 | 001,827,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.26 15:21:05 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.07.26 15:20:56 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.26 15:20:54 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.07.26 15:20:53 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.26 15:20:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.26 15:20:52 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.07.26 15:20:50 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 15:20:50 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 15:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 15:20:40 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 12:39:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 12:38:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk [2012.07.25 22:35:47 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.07.25 21:49:05 | 000,000,335 | ---- | M] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk ========== Files Created - No Company Name ========== [2012.07.26 15:20:40 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012.07.26 12:39:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 22:35:46 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 21:49:04 | 000,000,335 | ---- | C] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi [2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk [2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk [2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk [2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps [2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk [2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk [2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi [2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.07.01 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.15 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.06.06 10:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2012.04.25 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2012.02.13 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer [2012.05.06 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft [2012.02.11 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice [2012.04.25 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF [2012.07.15 12:31:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance [2012.04.17 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2012.05.15 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\supertuxkart [2012.02.13 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.03 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone [2012.07.26 15:20:52 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job [2012.07.26 15:20:54 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.07.26 14:22:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job ========== Purity Check ========== < End of report > |
26.07.2012, 15:33 | #12 |
| Live Security Platinum auf Notebook Hi, sieht gut aus, noch eine Sache: Fix für OTL:
Code:
ATTFilter :OTL [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C :Commands [emptytemp] [Reboot]
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.07.2012, 15:53 | #13 |
| Live Security Platinum auf Notebook So, hier das Ergebnis: All processes killed ========== OTL ========== Folder C:\ProgramData\036DFF980009EDE70303F3072F3B707C\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: User ->Temp folder emptied: 2355163 bytes ->Temporary Internet Files folder emptied: 1100631 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 60686926 bytes ->Flash cache emptied: 726 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11720 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 61,00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07262012_164941 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
26.07.2012, 16:05 | #14 |
| Live Security Platinum auf Notebook Hi, bitte noch mal ein neues OTL-Log erstellen und posten ....
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.07.2012, 16:18 | #15 |
| Live Security Platinum auf Notebook Hier das Text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 17:12:19 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free 6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Windows\vVX3000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Sony SCSI Helper Service) -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] [2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\virenjagd [2012.07.26 15:54:43 | 000,000,000 | ---D | C] -- C:\TDSS [2012.07.26 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.07.26 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.26 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.26 12:39:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.26 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll [2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield [2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten [2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll [2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll [2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll [2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.07.12 05:26:49 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 09:32:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP [2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.06.28 06:37:10 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.28 06:37:10 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.28 06:36:30 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.28 06:36:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.28 06:36:30 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.28 06:36:17 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.28 06:36:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe ========== Files - Modified Within 30 Days ========== [2012.07.26 17:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.26 16:58:41 | 005,818,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.26 16:58:41 | 002,222,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.26 16:58:41 | 001,832,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.26 16:58:41 | 001,663,976 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.26 16:51:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.07.26 16:51:28 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.26 16:51:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.26 16:51:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.07.26 16:51:20 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.26 16:51:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 16:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 16:51:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk [2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2012.07.12 11:31:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 11:31:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk ========== Files Created - No Company Name ========== [2012.07.26 16:51:08 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi [2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk [2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk [2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk [2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps [2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk [2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk [2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi [2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat < End of report > Hier das extra. Habe vergessen offline und in den abgesicherten Modus zu gehen. Schlimm?OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.07.2012 17:12:19 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free 6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2EB11FDB-91BE-4DFC-9951-BABF3574C895}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{57C02CB1-032D-46CC-A9F0-A0873B20135D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED2F557-6D09-4AD0-B2BF-1C146C35CAE4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{11043380-061F-4295-B0D9-193D6943243C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{1BE30EA1-FE3D-48B5-8C92-BCB1487979A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2F88B01A-616C-4547-BC7B-3607A5B4D0E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{459C822C-D32B-43C2-AF26-6AEDE34AE231}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{6BE07647-3F33-4C98-A26D-08477008D1B0}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe | "{736A42E4-3406-4AB2-BC16-AB7B1887DECF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{8AE498DC-860C-475C-8CAF-E318F7C40DDD}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe | "{8D0FD68D-1C72-4BA2-85F0-A6B1802896A9}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe | "{ACFF47EB-6608-4471-A290-3846E623EE7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B984B4BB-2274-40B6-A85C-1FD042E72A81}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{BE4EA823-9C8A-4BA4-8564-BDCBB4139F31}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{E53EEDBB-98E4-4EF2-AF41-E9F9749D3D65}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{F8BA4067-147D-4384-8EE8-F3CE0EBCE1DF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "TCP Query User{581688A2-B5D6-4588-AC1A-38BA22215E52}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A267DE1C-46A4-4DF9-84B3-8AE5F32522EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{C368DA75-0E22-444B-869B-EA38CCC4E4B1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{DC7AAE58-9103-43A0-8BE6-CC617380FA88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{EED1472E-EB9D-45CA-A685-96E178237280}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{2FD2F649-B247-4D86-A555-F1DAE0620701}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{512DEE65-1151-4CBD-8A29-5DD65D4B4748}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6A2750C5-C41D-4A18-89C9-E4A3731DEE43}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{BFF93823-6A52-4F17-A128-6E24706CBFF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F099BB8D-D4A9-456F-97A4-5957D23BAB44}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3 "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86) "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "FinalMediaPlayer_is1" = Final Media Player 2011 "Glary Utilities_is1" = Glary Utilities 2.43.0.1419 "Goodnight Timer_is1" = Goodnight Timer 1.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Professional 2010 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3011 Description = Error - 26.07.2012 10:01:02 | Computer Name = User-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/07/26 16:01:02.364]: [00002132]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.19] Error - 26.07.2012 10:46:40 | Computer Name = User-PC | Source = EventSystem | ID = 4609 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3011 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 05.06.2012 02:47:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 05.06.2012 09:13:41 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 05.06.2012 09:15:17 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2012 18:21:25 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06.06.2012 02:06:20 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.106 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 06.06.2012 02:07:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06.06.2012 04:57:19 | Computer Name = User-PC | Source = volsnap | ID = 393251 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann. Error - 06.06.2012 05:40:38 | Computer Name = User-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 06.06.2012 09:27:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 06.06.2012 09:29:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
Themen zu Live Security Platinum auf Notebook |
adobe, autorun, bho, browser, cdburnerxp, defender, document, einstellungen, exe, explorer, firefox, format, google, google earth, home, installation, logfile, mozilla, nicht sicher, nvidia, plug-in, proxy, realtek, registry, searchscopes, security, senden, software, super, temp, vcredist, virus, vista |