Trojaner-Board - - Rookit und Sirefef -Malwarebytes

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - - Rookit und Sirefef -Malwarebytes (https://www.trojaner-board.de/117563-rookit-sirefef-malwarebytes.html)

- Rookit und Sirefef -Malwarebytes

Nabend,
erstmal sorry, dass ich während des EM-Spiels störe. Vorab, ich habe mich über dieses Problem bereits via google schlau gemacht und wurde immer auf eine Seite verwiesen...eben diese hier!:daumenhoc

Ich habe vor 3 Tagen von Antivir die Nachrichten bekommen, dass dort ein Virus gefunden wurde, meistens sirefef.ag.35

Die habe ich dann meistens gelöscht / in Q. verschoben. Darauf folgend im Abstand von wenigen Minuten kamen immer wieder diese Meldungen.

Ich habe trotzdem keine Auffälligkeiten oder Leistungseinschränkungen feststellen können. Es klappt alles.
Malwarebytes habe ich aktualisieren lassen und mal den kompletten scan gemacht. Er findet vor allem Rootkit0.Access und Trojan.Sirefef.

WICHTIG: Ich betreibe kein Onlinebanking o.Ä.. Bin noch Student. Ich habe gelesen, dass es hier um eine Backddor geht, d.h. es wird die Tür für alle möglichen Trojaner und Würmer aufgemacht. Ist es denn jetzt gefärlich, wenn ich nur zu meiner sicheren Lernseiten in firefox gehe und facebook, also auf keine gefährlichen Seiten, wo es Würmer gibt?
2. Frage: ich habe gelesen, dass sogar der Rootkit Passwörter aufsaugt und speichert, passiert das auch wenn ich mich bei hotmail oder facebook anmelde und ist dies schlimm?

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.18.05
 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

... :: MEINPC [Administrator]
 

Schutz: Aktiviert
 

18.06.2012 18:00:59

mbam-log-2012-06-18 (19-56-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 439418

Laufzeit: 1 Stunde(n), 55 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 4

C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.

C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.

C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.

C:\Users\...\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
 

(Ende)

Vielen Dank schonmal

:confused:

Bitte erstmal routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hat alles geklappt,

Hier Malwarelog:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.21.04
 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

Marcel Klahn :: MEINPC [Administrator]
 

Schutz: Aktiviert
 

21.06.2012 14:10:12

mbam-log-2012-06-21 (16-26-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 439848

Laufzeit: 2 Stunde(n), 15 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n. -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 7

C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

c:\windows\installer\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
 

(Ende)

und hier der ESET log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=8949f9efc4118d43b672d2a957c6d0e0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-22 01:01:39

# local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0

# compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0

# compatibility_mode=8192 67108863 100 0 273 273 0 0

# scanned=244590

# found=19

# cleaned=0

# scan_time=13342

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88        Java/Exploit.CVE-2011-3544.D trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe        a variant of Win32/Adware.CiDHelp application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

PS: ich glaube diese linkury bar ist ein programm welches ich mal runtergeladen habe
LG

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Code:

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe

Warum lädst du Malwarebytes von diesem Schei* Portal! :balla:

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

So lieber Cosinus, ich war eben 2 Sekunden davon entfernt meinen Laptop mit einem Hammer zu zertrümmern, jetzt habe ich mich ein wenig beruhigt und kann wieder denken.

Mein Laptop ist sehr alt (2,5 Jahre) -> kein Akku mehr, eben beim Hochfahren Aufladekabel ausversehen rausgerutscht und Laptop ging fast nicht mehr bzw hat ne Systemwiederherstellung gemacht, dann ging Mozilla nicht mehr, sodass ich den neu installieren musste, und mein persönliches Sahnehäubchen ist, dass die scheiß Malwarebyteskacke nicht mehr lädt, da kommt "Run time error 5 - invalid procedure call or blabla", ich installiere das jetzt alles neu und mache noch mal

MALWAREBYTES VOLLSCAN und ESET und poste dann die logs okay?

Zitat:

Mein Laptop ist sehr alt (2,5 Jahre)

Find ich nicht sehr alt. Das Notebook von meinem Vaddi ist 5 Jahre alt und läuft tadellos. Ist zwar nicht das schnellste, aber Win7 läuft rel. flott und flüssig

So mein Lieber,

Malwarebyteslog ( Habe alle Vögel entfernt, so dass sie in Quarantäne sind ).

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.22.04
 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

Marcel Klahn :: MEINPC [Administrator]
 

Schutz: Aktiviert
 

22.06.2012 14:16:05

mbam-log-2012-06-22 (23-54-12).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 440498

Laufzeit: 1 Stunde(n), 45 Minute(n), 58 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Marcel Klahn\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
 

(Ende)

Und ESETlog:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=8949f9efc4118d43b672d2a957c6d0e0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-22 01:01:39

# local_time=2012-06-22 03:01:39 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1797 16775165 100 100 21041 115828864 22387 0

# compatibility_mode=5892 16776574 66 95 103442810 177846285 0 0

# compatibility_mode=8192 67108863 100 0 273 273 0 0

# scanned=244590

# found=19

# cleaned=0

# scan_time=13342

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88        Java/Exploit.CVE-2011-3544.D trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\f0tx55np.default\extensions\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe        a variant of Win32/Adware.CiDHelp application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\SoftonicDownloader_fuer_teamspeak.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=87fd32826fbcd9498c8d58c38a192daa

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-23 11:44:39

# local_time=2012-06-23 01:44:39 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1797 16775165 100 100 71178 115954075 61598 0

# compatibility_mode=5892 16776574 100 95 103568021 177971496 0 0

# compatibility_mode=8192 67108863 100 0 125484 125484 0 0

# scanned=245852

# found=14

# cleaned=0

# scan_time=13112

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9Y52FLE\hostinger-cs_ru[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_4c5b.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\Update_5210.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Local\Temp\0aaad5bd-8a71-4be4-bbc8-96aed3c2a44f\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\20ed9fda-4dbb8e88        Java/Exploit.CVE-2011-3544.D trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55296943-2bfd091e        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\30169967-1601fca9        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\416f1f70-617ce9c7        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Marcel Klahn\Downloads\MsgPlusLive-482.exe        a variant of Win32/Adware.CiDHelp application (unable to clean)        00000000000000000000000000000000        I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

1.)
Der normale Modus von Windos geht uneingeschränkt und flüssig.

2.)
Es ist alles vorhanden und unverändert.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTLlog:

Code:

OTL Extras logfile created on: 24.06.2012 18:09:01 - Run 1

OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free

6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS

 

Computer Name: MEINPC | User Name: XXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07AEA761-D591-4AFB-ABBC-06048176C386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{0D643B3F-A693-427B-A67C-48CB742D568B}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1F662737-C9B6-4A7A-B765-C6722681FD55}" = rport=139 | protocol=6 | dir=out | app=system | 

"{39CF63C7-7F3B-4070-A63B-535F87E1BE65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{4392B3A6-54A2-43E0-B46D-04692180B2C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{55B050DB-47B2-4EDF-BB45-308871FAA202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{604059AB-A7F2-4F32-BA9F-A8C0C49A8F8A}" = rport=445 | protocol=6 | dir=out | app=system | 

"{6F853BC8-B66E-425C-84D4-3A92BA34A1B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{7F7C7A29-4430-4FF0-9A4C-D74D2D0297F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{81C97AF4-C90B-43EA-8D3B-8FFE076E9138}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{9358AFA7-4567-4B19-9684-52ACBB9B4057}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{9AC552F0-6A73-4356-A85B-795E4C1B79DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9ACCB99B-E069-4DA4-B11C-24F22A1BA7F9}" = rport=137 | protocol=17 | dir=out | app=system | 

"{9AD4124E-3C8C-4D2D-AB2C-40999D5796F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B5F24EFF-8C7A-4711-9A98-F832016A7324}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{BAA5FB4E-347F-432F-B8AB-6E8F78F7FB4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{BE8E2EC8-AC5A-4B24-A9C1-77B54B62E2C6}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C32876C3-F072-4828-80D7-BE2555F4E87D}" = rport=138 | protocol=17 | dir=out | app=system | 

"{DE723057-3ACC-4BC7-AB4A-4667B9B65C72}" = lport=137 | protocol=17 | dir=in | app=system | 

"{DFD1D758-50C3-4D6D-BE81-105F706A96F9}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FFE9358B-64A8-4775-8263-6D9FC68FB75E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0034B4CA-A5B7-4A9B-9E5B-023388B08418}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{011A73C5-B957-42DA-9A3A-6D71ADA44F20}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 

"{01248A5C-1CC9-47E7-A5DA-482787CFD1CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{061BB3F6-4868-41E0-B7A4-490DE0645337}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0F718127-523C-488F-9CC4-DAD47B3B0A25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{15BBEE9F-12AE-410C-817E-979CADE497C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{18199688-6DBC-4332-BBB3-498810E5A503}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{1841BCD1-1775-4719-9843-188376CB1E55}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{1E55D932-337E-4B63-ABBA-26C86E209F95}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{1E897F8E-3298-47F0-97C7-19ADC5D0B640}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{22048019-8675-4445-B55D-9FDF63EBFC98}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | 

"{224736FA-9B8C-426A-9CA1-9455E0595E25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{2350BA0C-4720-4D8A-8F36-FA863064E50F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{2364CF3D-3F74-433F-844D-9DBE24765FAC}" = protocol=17 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | 

"{23AF9CBB-0F29-42A0-86CD-48CED64A316A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{2A31AB8C-32D3-46EE-BEDB-117C7ECD290A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{32A0C091-32D8-437C-A2AB-0ECBEDD740D1}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 

"{40EDF76A-3D1E-4710-B472-67000AF7F63B}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 

"{4223ED3C-87E6-42D2-B3EB-F0F2BC71F3B0}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{452CDF18-82B2-4844-8513-178CA8FE3360}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{49DC0E02-1B15-467D-8198-8466B564116C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{49F62A47-B755-424E-9267-4F406DD40A53}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{4BD3F5CB-CA22-4A88-8B7A-21CF7062CC13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{4CA5F6F1-D5DE-494B-9D26-61EA0F213A7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{4DD826E1-F48E-400E-A3A2-146AEECCD809}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{4E71E235-6DD8-41A9-9C31-481B80A22FBB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | 

"{4EDC18B9-3E32-44C8-9A7B-B268742A9586}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{56443007-DF0A-40AB-8202-A5EB39463465}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 

"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{5C23E97A-5833-4633-B4FE-241FA477B2F7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{5E8A179A-401E-4BE6-BC52-7B3A5304B668}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{601CC48E-3C4D-4AB8-8EC1-E8A7521B630F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{60BCEC71-D567-4DE7-A45C-0A1BA3437B82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{64C0DAE4-7F7E-4D6E-AE20-0EB3F8C595D8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{6663F193-62A0-403B-A82A-86F416581C0E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 

"{682B7FA9-0908-477F-8107-05881AF9487E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{6D86947B-3BDE-4BA7-B745-05BCAA63EC5E}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe | 

"{6E12FEE1-50ED-49D2-A8FD-001E93AF8C79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 

"{6F97E643-0381-4EC4-B015-59AE9A4D1B1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{7456D133-7724-4DE5-990F-1995F2ABB6E5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 

"{7911B65F-F8D4-49AC-9559-FC298D813B4D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 

"{7DC8C5F2-DA97-490A-846E-E45818C73E03}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{7F12975D-5324-4466-9703-2D5D5F9F8047}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | 

"{819240D5-7A55-4E61-B1BD-A3DB91533BB6}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 

"{82B1698F-2559-4E40-88FF-7694D783A31C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe | 

"{847A9F9D-53B5-482C-BEBD-9BD6CFD7AC1D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | 

"{8B964631-6A47-49F4-928A-EEB5ED22FDA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{959129AB-1A37-4600-B6DA-B01833A5D626}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike\hl.exe | 

"{994497A6-8650-405D-BAD1-2029198B0DD5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\day of defeat\hl.exe | 

"{9AAA64FD-4199-4DFF-95D2-92A5CF1CE16A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 

"{9ADB8DFB-C3BC-4AF8-8E5D-ABC56E454E15}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 

"{9F5042B0-D76F-4288-B6F2-B8F4E203CCEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{9F59692A-0A15-4448-9DCB-8D28780ADD1A}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 

"{A0969DB5-7D8B-42E3-AFB3-E730E2B86CB5}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{A0D12D26-A4F3-4363-A7C7-E2377A7C6843}" = dir=in | app=c:\users\marcel klahn\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{A445A008-32C2-400C-8863-411BAA8A4F5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 

"{A9766ECF-7510-4353-B3FE-914C6231FE3E}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 

"{A97AEF74-69F7-4D98-B0E9-AB2E5280C90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{AC2DA7B4-4134-458A-BFD5-D3C3A8F27D69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{B14147BB-5B4D-4D28-A102-7F0E75FC427A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B182805B-2EEF-4832-B2FE-A69E14F5E31E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\counter-strike source\hl2.exe | 

"{BC435D40-F6E2-4B35-8CF3-4DBADE74E54A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{BE169CC6-F67D-43CF-8D6D-DAC5BD3990E2}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 

"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 

"{C20E7EA3-389D-4629-A28D-4B63E88E05EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C210FDBE-3DE2-4FC9-B464-AFF7F763F7E5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{C826C2E0-613E-4A3B-8A97-D549C7267ADF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{CC216FFB-1C51-4745-B465-2E29E6662F90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{CCF94C05-7D03-406F-B8C6-5142559C33FC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{CEFAB09C-3281-4293-B731-236907552C5F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{D21D5511-CA82-46B1-9303-8CFB4BA9E85F}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 

"{D9917DA7-E508-4DCC-BC2B-D24D9883775C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 

"{DEE67258-0384-4F34-9F9C-E32EDEE15A4A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero\hl.exe | 

"{DF2C31C5-1E98-484B-8793-67AA68A937E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{E88CD5C9-604D-4288-8371-A6F18D6B9E31}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 

"{E976FDEE-5A74-42F5-B304-A8B2F23051A5}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 

"{EE569652-E0F3-4E8D-82DC-4BD8963AEA8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{F846C41E-8D05-44EC-8530-339BF955C63B}" = protocol=6 | dir=in | app=c:\program files\sega\vancouver 2010\vancouver.exe | 

"{F8E14428-4B46-4EB2-92BB-AEB6BD6CB99F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{F900BB65-0B84-4A56-8A5B-B2CF41AF8E03}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{FCDFEFD3-6581-4179-8AB1-6003237BB360}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{FF6D65DD-3CD2-4630-B4BF-E0CED9D72BB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 

"{FFBC7F42-7321-4B8B-AFF1-C37EA4C95694}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"TCP Query User{0469FBDB-B53F-4C52-9D56-C5B96E022AEE}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | 

"TCP Query User{2C321FA3-3086-47DA-B61C-D566CDAFCC07}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | 

"TCP Query User{6A8B49C0-9365-4931-8BC9-168FE521F4F0}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 

"TCP Query User{7F8B6A9E-CC53-408A-875B-B5F0D55ABFC0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{80AA73F2-692D-45A7-9B2E-FF1E5336A7A6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{8B63153C-DDD6-4944-A29B-4B2EECCB341A}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | 

"TCP Query User{9601E0F4-B2BB-4DCA-A852-AFD642B1424E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{A4A0133B-8D58-4A4B-98D0-0916DBA5800B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{C972AA6C-D050-438F-B370-8D6339836659}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{DFA68155-7830-4AAD-BD78-85A69289DEAC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{E9085907-EA7A-4732-827F-41A487D129E8}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 

"UDP Query User{20EEDED2-3DB9-4516-A798-88C6128FA5B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{39D9187B-9ECC-4C15-98B7-BBBF3068E252}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe | 

"UDP Query User{6736E1EB-975B-4955-B86B-C8A9D70BDC5D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{6F7DAE3B-4425-43F5-A2CE-D29962C53E83}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{8AC42B42-5F81-4684-8781-D51E743F8B40}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{916070E9-4976-4F99-AC75-229E084A406A}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe | 

"UDP Query User{A851158D-8BB8-4D33-8B4B-13AA47159303}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 

"UDP Query User{AE1AD9E7-0285-4D50-A2D5-A9C6799E9C2C}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe | 

"UDP Query User{B0CF7F79-99C6-4F94-8E41-61F3B20648ED}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{BF347138-0056-406D-93E4-340991A675CF}C:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\terence_hill16\condition zero deleted scenes\hl.exe | 

"UDP Query User{E73C0106-7AA6-437A-ACBF-A76C8CCFBD95}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)

"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek

"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish

"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish

"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24

"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish

"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean

"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian

"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City

"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro

"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai

"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion

"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City

"{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010

"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min

"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone

"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French

"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{782DADC3-C885-4572-8F6A-675304CA8782}" = ccc-utility

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7B772F48-58A8-48C1-8F93-0AA960767FCA}" = Linkury Smartbar

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller

"{9BCA07A1-B626-0AFE-9D04-66C5E75AB15A}" = AMD Catalyst Install Manager

"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A1CE4680-F9EA-400D-BE71-70995522BD82}_is1" = Voodoo Skript 1.6.9

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext

"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)

"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3

"Acer Screensaver" = Acer ScreenSaver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0

"Avidemux 2.5" = Avidemux 2.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Call of Duty" = Call of Duty

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"conduitEngine" = Conduit Engine

"DAEMON Tools Lite" = DAEMON Tools Lite

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"FormatFactory" = FormatFactory 2.30

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"ICQToolbar" = ICQ Toolbar

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11

"LManager" = Launch Manager

"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Messenger Plus! Live" = Messenger Plus! Live

"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar

"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PokerStars" = PokerStars

"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

"Shop for HP Supplies" = Shop for HP Supplies

"SopCast" = SopCast 3.2.4

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 240" = Counter-Strike: Source

"Steam App 260" = Counter-Strike: Source Beta

"Steam App 30" = Day of Defeat

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 550" = Left 4 Dead 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Uninstall_is1" = Uninstall 1.0.0.1

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.08.2011 13:58:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.08.2011 06:34:57 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.08.2011 12:53:13 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.08.2011 15:20:23 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 16.08.2011 12:54:56 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 17.08.2011 16:25:23 | Computer Name = MeinPC | Source = Application Hang | ID = 1002

Description = Programm iTunes.exe, Version 10.2.2.14 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 470  Anfangszeit: 01cc5c43f2380427  Zeitpunkt der Beendigung:

 80

 

Error - 19.08.2011 06:40:18 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.08.2011 17:18:34 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 20.08.2011 12:49:17 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

Error - 20.08.2011 13:15:22 | Computer Name = MeinPC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 24.12.2011 06:18:25 | Computer Name = MeinPC | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse

 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 24.12.2011 23:32:33 | Computer Name = MeinPC | Source = HTTP | ID = 15016

Description = 

 

Error - 24.12.2011 23:34:09 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.12.2011 06:28:06 | Computer Name = MeinPC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 25.12.2011 um 04:49:25 unerwartet heruntergefahren.

 

Error - 25.12.2011 06:28:09 | Computer Name = MeinPC | Source = HTTP | ID = 15016

Description = 

 

Error - 25.12.2011 06:28:13 | Computer Name = MeinPC | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.2.5 für die Netzwerkkarte mit der Netzwerkadresse

 00265E49CE16 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 25.12.2011 06:29:46 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 25.12.2011 12:17:15 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 26.12.2011 07:24:45 | Computer Name = MeinPC | Source = bowser | ID = 8003

Description = 

 

Error - 26.12.2011 08:36:22 | Computer Name = MeinPC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 26.12.2011 um 12:53:13 unerwartet heruntergefahren.

 

 

< End of report >

Das ist nur das Extras-Log ich brauche aber primär die OTL.txt

Entschuldige! Wer lesen kann, ist klar im Vorteil!

Zitat:

Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Sorry, hier OTL.txt

Code:

OTL logfile created on: 24.06.2012 18:09:01 - Run 1

OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Marcel Klahn\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,18% Memory free

6,21 Gb Paging File | 4,84 Gb Available in Paging File | 77,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,99 Gb Total Space | 108,53 Gb Free Space | 23,80% Space Free | Partition Type: NTFS

 

Computer Name: MEINPC | User Name: Marcel Klahn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.02.15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.09.04 20:46:32 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MARCEL~1\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2009.07.26 05:46:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe

PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe

PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.15 04:11:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll

MOD - [2012.02.14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011.11.09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.01.27 21:16:20 | 000,239,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\93e9637d1e5c69baa89c5a47dc44153f\WindowsFormsIntegration.ni.dll

MOD - [2011.01.27 20:51:37 | 011,791,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll

MOD - [2011.01.27 08:33:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll

MOD - [2010.07.23 00:41:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll

MOD - [2010.05.04 22:45:15 | 002,294,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll

MOD - [2010.05.04 22:45:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll

MOD - [2010.05.04 22:45:09 | 014,320,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll

MOD - [2010.05.04 22:44:49 | 012,428,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll

MOD - [2010.05.04 22:44:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll

MOD - [2010.05.04 22:44:34 | 005,449,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll

MOD - [2010.05.04 22:44:29 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

MOD - [2010.05.04 22:44:25 | 012,213,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll

MOD - [2010.05.04 22:44:11 | 003,311,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll

MOD - [2010.05.04 22:44:07 | 007,867,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

MOD - [2010.05.04 22:43:39 | 011,485,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2009.07.25 21:09:24 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

MOD - [2009.03.12 12:46:55 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.03.12 12:46:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll

MOD - [2009.03.12 12:46:49 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.12 12:46:37 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll

MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.21 22:21:17 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012.02.15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2011.12.05 21:46:56 | 000,083,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2011.11.17 21:14:36 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2009.12.09 15:51:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.11.26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)

DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.12.26 13:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)

DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008.11.12 04:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)

DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 13:42:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.22 22:43:04 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.18 19:11:50 | 000,000,000 | ---D | M]

 

[2012.06.22 13:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Extensions

[2012.06.23 13:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel Klahn\AppData\Roaming\mozilla\Firefox\Profiles\balegvbu.default\extensions

[2012.06.22 13:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de

[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Linkury Smartbar Search (Enabled)

CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marcel Klahn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Shockwave Flash = C:\Users\Marcel Klahn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Facebook Update] C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found

O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BF6FFA2-68FE-46EF-86A5-EACA2BD2376E}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun

O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun

O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.24 18:06:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe

[2012.06.22 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes

[2012.06.22 13:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.06.22 13:40:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla

[2012.06.21 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.06.06 13:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars

[2012.06.06 13:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.24 18:08:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.24 18:06:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Klahn\Desktop\OTL.exe

[2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.24 17:34:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.24 17:17:02 | 000,013,472 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg

[2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job

[2012.06.24 13:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.24 12:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.23 16:59:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.06.23 16:59:51 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.06.23 16:59:51 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.06.23 16:59:51 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.06.23 16:53:47 | 3215,810,560 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.22 14:06:59 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.22 13:42:17 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.06.22 13:24:41 | 000,000,104 | ---- | M] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk

[2012.06.22 13:22:20 | 000,007,836 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.06.24 17:17:01 | 000,013,472 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\104598.jpg

[2012.06.22 14:06:59 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.22 13:42:17 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.06.22 13:42:17 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.06.22 13:24:41 | 000,000,104 | ---- | C] () -- C:\Users\Marcel Klahn\Desktop\Internet - Verknüpfung.lnk

[2012.03.21 13:20:14 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI

[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424

[2010.11.18 18:55:02 | 000,181,716 | ---- | C] () -- C:\Windows\hpoins44.dat

[2010.11.14 23:47:53 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI

[2010.09.29 03:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2010.03.19 00:33:59 | 000,000,716 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\wklnhst.dat

[2009.12.06 23:54:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.11.19 23:18:13 | 000,001,478 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\RecConfig.xml

[2009.10.06 21:08:17 | 000,040,448 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.07 07:35:17 | 000,007,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Local\d3d9caps.dat

[2008.01.21 04:25:01 | 000,002,048 | -HS- | C] () -- C:\Users\Marcel Klahn\AppData\Local\{e2f5e446-6de1-67c4-3fa1-022606b2433a}\@

 
 ========== LOP Check ==========

 

[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console

[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#

[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console

[2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux

[2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex

[2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite

[2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi

[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy

[2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ

[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu

[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin

[2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy

[2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst

[2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema

[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk

[2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar

[2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee

[2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA

[2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer

[2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template

[2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client

[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy

[2012.03.21 23:19:03 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job

[2012.06.24 16:19:01 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job

[2012.06.23 14:05:14 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#

[2009.07.25 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Acer GameZone Console

[2009.09.22 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Adobe

[2009.11.04 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Apple Computer

[2009.09.04 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ATI

[2010.06.19 17:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\avidemux

[2010.01.04 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Avnex

[2012.04.05 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\CyberLink

[2011.11.17 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DAEMON Tools Lite

[2009.10.06 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DivX

[2011.04.25 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.09.04 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\eSobi

[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy

[2009.09.04 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Google

[2010.11.18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\HP

[2012.06.06 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\ICQ

[2009.09.04 20:45:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Identities

[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu

[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin

[2009.09.04 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia

[2012.06.22 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Media Center Programs

[2011.11.17 20:55:01 | 000,000,000 | --SD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft

[2012.06.22 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Mozilla

[2011.11.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy

[2009.12.08 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PlayFirst

[2012.04.05 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\PowerCinema

[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk

[2010.06.21 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar

[2010.01.04 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Screaming Bee

[2010.05.04 14:39:57 | 000,000,000 | RH-D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SecuROM

[2010.10.02 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Skype

[2010.10.02 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\skypePM

[2012.04.05 22:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\SoftDMA

[2012.03.20 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\teamspeak2

[2011.03.24 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TeamViewer

[2010.03.19 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Template

[2012.06.22 22:43:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\TS3Client

[2010.01.14 00:23:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\U3

[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy

[2009.09.06 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.11.09 20:44:46 | 000,752,688 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.4.15.exe

[2010.12.26 13:17:13 | 000,228,657 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\kikin\kikin_updater_2.9.1.exe

[2011.07.28 21:23:27 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Marcel Klahn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_6FEFF9B68218417F98F549.exe

[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_BEBCCB425837855F193AE7.exe

[2010.01.04 15:59:13 | 000,104,470 | R--- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Installer\{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}\_F45B3AB76C8CE6133754A5.exe

[2011.11.17 21:17:02 | 005,750,064 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\OpenCandy\CCD98C77DC1F4EC4AC65BD71C2D04232\LinkuryInstaller_p1v6.exe

[2010.06.20 13:35:13 | 000,704,248 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\unins000.exe

[2010.03.03 15:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Marcel Klahn\AppData\Roaming\QuickStoresToolbar\Update.exe

[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\cleanup.exe

[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\Launchpad Removal.exe

[2008.05.04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\LaunchPad.exe

[2007.10.23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Marcel Klahn\AppData\Roaming\U3\087723163E535EA3\U3AccessGrant.exe

[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Marcel Klahn\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2012.02.15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728

@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=28A6E7D8-4CE1-44DA-8732-4624D117B7AD&apn_sauid=FD0D6661-8E96-4704-8BB3-384684DCF121

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=w7cD6BnnfuVHOjUz6-hH5q7wNTA?q={searchTerms}

IE - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www-proxy.google.de:3128;http=www-proxy.google.de:3128

[2010.01.18 22:09:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.06.20 13:35:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de

CHR - default_search_provider: Linkury Smartbar Search (Enabled)

CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKU\S-1-5-21-499933100-2867506379-2947858537-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe startup File not found

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell - "" = AutoRun

O33 - MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell - "" = AutoRun

O33 - MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

[2011.03.22 02:29:15 | 000,022,836 | ---- | C] () -- C:\Users\Marcel Klahn\AppData\Roaming\3A92.424

[2010.03.03 12:01:07 | 000,000,000 | -HSD | M] -- C:\Users\Marcel Klahn\AppData\Roaming\.#

[2010.12.26 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\kikin

[2010.10.05 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Itixzu

[2010.07.09 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy

[2010.10.04 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Fuamy

[2010.07.10 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Marcel Klahn\AppData\Roaming\Qiupk

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728

@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F

:Files

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hat geklappt, PC hat sich neugestartet
OGL-Fix:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.

C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.

C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.

HKU\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.

File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.

File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.

C:\Program Files\kikin\ie_kikin.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ not found.

File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.

File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Program Files\ICQ6Toolbar\1010111618\ICQToolBar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{542E4D79-1970-4E95-9862-FDB96F61B280} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542E4D79-1970-4E95-9862-FDB96F61B280}\ not found.

File C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll not found.

Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.

File C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll not found.

Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.

File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.

File C:\Program Files\kikin\ie_kikin.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bdb6e5-f5f2-11de-af79-001f16b62207}\ not found.

File E:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977c12ef-ff54-11de-bcad-001f16b62207}\ not found.

File F:\LaunchU3.exe -a not found.

C:\Users\Marcel Klahn\AppData\Roaming\3A92.424 moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\.# folder moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\kikin folder moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\Itixzu folder moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\Uhdovy folder moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\Fuamy folder moved successfully.

C:\Users\Marcel Klahn\AppData\Roaming\Qiupk folder moved successfully.

ADS C:\ProgramData\Temp:B203B914 deleted successfully.

ADS C:\ProgramData\Temp:DCAF903C deleted successfully.

ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.

ADS C:\ProgramData\Temp:3064D21D deleted successfully.

ADS C:\ProgramData\Temp:798A3728 deleted successfully.

ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.

ADS C:\ProgramData\Temp:CE0A077E deleted successfully.

ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.

ADS C:\ProgramData\Temp:BB24555F deleted successfully.

========== FILES ==========

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-37166f99-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-5aa34940-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-339a3541-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-43f11994-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-11ccc2f1-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-7b0aebee-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-24e5ba32-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-639b839c-n folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\Marcel Klahn\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 75 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Marcel Klahn

->Temp folder emptied: 2958623579 bytes

->Temporary Internet Files folder emptied: 166080469 bytes

->FireFox cache emptied: 2306488915 bytes

->Google Chrome cache emptied: 6364879 bytes

->Flash cache emptied: 3834252 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1140553856 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6.277,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Marcel Klahn

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.0 log created on 06252012_161719
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Alles klar Chef,

Code:

15:53:26.0859 5288        TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

15:53:27.0082 5288        ============================================================

15:53:27.0082 5288        Current date / time: 2012/06/26 15:53:27.0082

15:53:27.0082 5288        SystemInfo:

15:53:27.0082 5288        

15:53:27.0082 5288        OS Version: 6.0.6001 ServicePack: 1.0

15:53:27.0082 5288        Product type: Workstation

15:53:27.0082 5288        ComputerName: MEINPC

15:53:27.0083 5288        UserName: Marcel Klahn

15:53:27.0083 5288        Windows directory: C:\Windows

15:53:27.0083 5288        System windows directory: C:\Windows

15:53:27.0083 5288        Processor architecture: Intel x86

15:53:27.0083 5288        Number of processors: 2

15:53:27.0083 5288        Page size: 0x1000

15:53:27.0083 5288        Boot type: Normal boot

15:53:27.0083 5288        ============================================================

15:53:27.0650 5288        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:53:27.0652 5288        ============================================================

15:53:27.0652 5288        \Device\Harddisk0\DR0:

15:53:27.0652 5288        MBR partitions:

15:53:27.0652 5288        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000

15:53:27.0652 5288        ============================================================

15:53:27.0696 5288        C: <-> \Device\Harddisk0\DR0\Partition0

15:53:27.0697 5288        ============================================================

15:53:27.0697 5288        Initialize success

15:53:27.0697 5288        ============================================================

15:54:33.0903 5240        ============================================================

15:54:33.0903 5240        Scan started

15:54:33.0903 5240        Mode: Manual; SigCheck; TDLFS; 

15:54:33.0903 5240        ============================================================

15:54:34.0228 5240        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

15:54:34.0394 5240        ACPI - ok

15:54:34.0451 5240        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

15:54:34.0491 5240        adp94xx - ok

15:54:34.0554 5240        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

15:54:34.0576 5240        adpahci - ok

15:54:34.0600 5240        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

15:54:34.0619 5240        adpu160m - ok

15:54:34.0650 5240        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

15:54:34.0669 5240        adpu320 - ok

15:54:34.0745 5240        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

15:54:34.0869 5240        AeLookupSvc - ok

15:54:34.0912 5240        AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

15:54:34.0965 5240        AFD - ok

15:54:35.0075 5240        AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys

15:54:35.0357 5240        AgereSoftModem - ok

15:54:35.0409 5240        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

15:54:35.0425 5240        agp440 - ok

15:54:35.0446 5240        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

15:54:35.0460 5240        aic78xx - ok

15:54:35.0491 5240        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

15:54:35.0536 5240        ALG - ok

15:54:35.0560 5240        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

15:54:35.0574 5240        aliide - ok

15:54:35.0643 5240        AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe

15:54:35.0736 5240        AMD External Events Utility - ok

15:54:35.0801 5240        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

15:54:35.0816 5240        amdagp - ok

15:54:35.0845 5240        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

15:54:35.0858 5240        amdide - ok

15:54:35.0886 5240        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

15:54:35.0942 5240        AmdK7 - ok

15:54:35.0971 5240        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

15:54:36.0009 5240        AmdK8 - ok

15:54:36.0686 5240        amdkmdag        (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys

15:54:37.0835 5240        amdkmdag - ok

15:54:38.0060 5240        amdkmdap        (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys

15:54:38.0141 5240        amdkmdap - ok

15:54:38.0245 5240        AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe

15:54:38.0268 5240        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning

15:54:38.0268 5240        AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)

15:54:38.0304 5240        AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

15:54:38.0315 5240        AntiVirService ( UnsignedFile.Multi.Generic ) - warning

15:54:38.0315 5240        AntiVirService - detected UnsignedFile.Multi.Generic (1)

15:54:38.0352 5240        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

15:54:38.0420 5240        Appinfo - ok

15:54:38.0498 5240        Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:54:38.0515 5240        Apple Mobile Device - ok

15:54:38.0539 5240        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

15:54:38.0554 5240        arc - ok

15:54:38.0593 5240        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

15:54:38.0608 5240        arcsas - ok

15:54:38.0647 5240        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

15:54:38.0715 5240        AsyncMac - ok

15:54:38.0731 5240        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

15:54:38.0745 5240        atapi - ok

15:54:38.0890 5240        athr            (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys

15:54:39.0053 5240        athr - ok

15:54:39.0113 5240        AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys

15:54:39.0166 5240        AtiHDAudioService - ok

15:54:39.0827 5240        atikmdag        (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys

15:54:40.0192 5240        atikmdag - ok

15:54:40.0344 5240        AudioEndpointBuilder (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll

15:54:40.0412 5240        AudioEndpointBuilder - ok

15:54:40.0422 5240        Audiosrv        (20c195b959ea0fcccb986c7619bd347e) C:\Windows\System32\Audiosrv.dll

15:54:40.0447 5240        Audiosrv - ok

15:54:40.0535 5240        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

15:54:40.0546 5240        avgio - ok

15:54:40.0607 5240        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

15:54:40.0618 5240        avgntflt - ok

15:54:40.0665 5240        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys

15:54:40.0676 5240        avipbb - ok

15:54:40.0747 5240        b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:54:40.0811 5240        b57nd60x - ok

15:54:40.0852 5240        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

15:54:40.0910 5240        Beep - ok

15:54:40.0965 5240        BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll

15:54:41.0026 5240        BFE - ok

15:54:41.0117 5240        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll

15:54:41.0258 5240        BITS - ok

15:54:41.0290 5240        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

15:54:41.0339 5240        blbdrive - ok

15:54:41.0437 5240        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

15:54:41.0460 5240        Bonjour Service - ok

15:54:41.0478 5240        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

15:54:41.0523 5240        bowser - ok

15:54:41.0557 5240        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

15:54:41.0611 5240        BrFiltLo - ok

15:54:41.0639 5240        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

15:54:41.0689 5240        BrFiltUp - ok

15:54:41.0723 5240        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

15:54:41.0821 5240        Browser - ok

15:54:41.0842 5240        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

15:54:41.0925 5240        Brserid - ok

15:54:41.0949 5240        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

15:54:42.0026 5240        BrSerWdm - ok

15:54:42.0043 5240        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

15:54:42.0113 5240        BrUsbMdm - ok

15:54:42.0128 5240        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

15:54:42.0198 5240        BrUsbSer - ok

15:54:42.0221 5240        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

15:54:42.0295 5240        BTHMODEM - ok

15:54:42.0327 5240        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

15:54:42.0381 5240        cdfs - ok

15:54:42.0412 5240        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

15:54:42.0467 5240        cdrom - ok

15:54:42.0514 5240        CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

15:54:42.0558 5240        CertPropSvc - ok

15:54:42.0592 5240        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

15:54:42.0641 5240        circlass - ok

15:54:42.0684 5240        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

15:54:42.0704 5240        CLFS - ok

15:54:42.0821 5240        CLHNService     (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

15:54:42.0832 5240        CLHNService - ok

15:54:42.0924 5240        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:54:42.0938 5240        clr_optimization_v2.0.50727_32 - ok

15:54:42.0986 5240        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

15:54:43.0039 5240        CmBatt - ok

15:54:43.0065 5240        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

15:54:43.0079 5240        cmdide - ok

15:54:43.0103 5240        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

15:54:43.0116 5240        Compbatt - ok

15:54:43.0121 5240        COMSysApp - ok

15:54:43.0130 5240        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

15:54:43.0144 5240        crcdisk - ok

15:54:43.0162 5240        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

15:54:43.0217 5240        Crusoe - ok

15:54:43.0261 5240        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll

15:54:43.0311 5240        CryptSvc - ok

15:54:43.0381 5240        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

15:54:43.0462 5240        DcomLaunch - ok

15:54:43.0494 5240        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

15:54:43.0545 5240        DfsC - ok

15:54:43.0731 5240        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe

15:54:43.0881 5240        DFSR - ok

15:54:44.0053 5240        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll

15:54:44.0105 5240        Dhcp - ok

15:54:44.0148 5240        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

15:54:44.0163 5240        disk - ok

15:54:44.0197 5240        DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

15:54:44.0208 5240        DKbFltr - ok

15:54:44.0231 5240        Dnscache        (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll

15:54:44.0347 5240        Dnscache - ok

15:54:44.0378 5240        dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll

15:54:44.0419 5240        dot3svc - ok

15:54:44.0487 5240        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

15:54:44.0550 5240        Dot4 - ok

15:54:44.0578 5240        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:54:44.0728 5240        Dot4Print - ok

15:54:44.0781 5240        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

15:54:44.0832 5240        dot4usb - ok

15:54:44.0864 5240        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

15:54:44.0905 5240        DPS - ok

15:54:44.0932 5240        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

15:54:44.0977 5240        drmkaud - ok

15:54:45.0066 5240        dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

15:54:45.0083 5240        dtsoftbus01 - ok

15:54:45.0145 5240        DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

15:54:45.0262 5240        DXGKrnl - ok

15:54:45.0340 5240        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

15:54:45.0398 5240        E1G60 - ok

15:54:45.0415 5240        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

15:54:45.0462 5240        EapHost - ok

15:54:45.0513 5240        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

15:54:45.0531 5240        Ecache - ok

15:54:45.0610 5240        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

15:54:45.0645 5240        ehRecvr - ok

15:54:45.0677 5240        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

15:54:45.0718 5240        ehSched - ok

15:54:45.0739 5240        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

15:54:45.0767 5240        ehstart - ok

15:54:45.0842 5240        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

15:54:45.0912 5240        elxstor - ok

15:54:46.0036 5240        EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll

15:54:46.0136 5240        EMDMgmt - ok

15:54:46.0306 5240        ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

15:54:46.0337 5240        ePowerSvc - ok

15:54:46.0420 5240        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

15:54:46.0466 5240        ErrDev - ok

15:54:46.0510 5240        EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll

15:54:46.0554 5240        EventSystem - ok

15:54:46.0601 5240        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

15:54:46.0641 5240        exfat - ok

15:54:46.0686 5240        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

15:54:46.0740 5240        fastfat - ok

15:54:46.0773 5240        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

15:54:46.0827 5240        fdc - ok

15:54:46.0900 5240        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

15:54:46.0939 5240        fdPHost - ok

15:54:46.0948 5240        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

15:54:47.0019 5240        FDResPub - ok

15:54:47.0050 5240        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

15:54:47.0061 5240        FileInfo - ok

15:54:47.0083 5240        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

15:54:47.0136 5240        Filetrace - ok

15:54:47.0159 5240        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:54:47.0213 5240        flpydisk - ok

15:54:47.0238 5240        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

15:54:47.0256 5240        FltMgr - ok

15:54:47.0330 5240        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:54:47.0342 5240        FontCache3.0.0.0 - ok

15:54:47.0372 5240        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

15:54:47.0421 5240        Fs_Rec - ok

15:54:47.0447 5240        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

15:54:47.0461 5240        gagp30kx - ok

15:54:47.0525 5240        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:54:47.0535 5240        GEARAspiWDM - ok

15:54:47.0653 5240        GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

15:54:47.0664 5240        GoogleDesktopManager-051210-111108 - ok

15:54:47.0746 5240        gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll

15:54:47.0806 5240        gpsvc - ok

15:54:47.0884 5240        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:47.0910 5240        gupdate - ok

15:54:47.0916 5240        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:47.0929 5240        gupdatem - ok

15:54:47.0986 5240        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:54:48.0001 5240        gusvc - ok

15:54:48.0048 5240        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

15:54:48.0141 5240        HdAudAddService - ok

15:54:48.0164 5240        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:54:48.0213 5240        HDAudBus - ok

15:54:48.0231 5240        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

15:54:48.0311 5240        HidBth - ok

15:54:48.0336 5240        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

15:54:48.0404 5240        HidIr - ok

15:54:48.0437 5240        hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

15:54:48.0506 5240        hidserv - ok

15:54:48.0550 5240        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys

15:54:48.0573 5240        HidUsb - ok

15:54:48.0607 5240        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

15:54:48.0658 5240        hkmsvc - ok

15:54:48.0679 5240        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

15:54:48.0694 5240        HpCISSs - ok

15:54:48.0860 5240        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

15:54:48.0879 5240        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

15:54:48.0879 5240        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

15:54:48.0933 5240        hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

15:54:48.0991 5240        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

15:54:48.0991 5240        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

15:54:49.0044 5240        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

15:54:49.0085 5240        HSFHWAZL - ok

15:54:49.0146 5240        HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll

15:54:49.0226 5240        HsfXAudioService - ok

15:54:49.0361 5240        HSF_DPV         (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

15:54:49.0497 5240        HSF_DPV - ok

15:54:49.0570 5240        HSXHWAZL        (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

15:54:49.0634 5240        HSXHWAZL - ok

15:54:49.0703 5240        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys

15:54:49.0763 5240        HTTP - ok

15:54:49.0778 5240        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

15:54:49.0792 5240        i2omp - ok

15:54:49.0827 5240        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

15:54:49.0882 5240        i8042prt - ok

15:54:49.0934 5240        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

15:54:49.0953 5240        iaStor - ok

15:54:49.0998 5240        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

15:54:50.0018 5240        iaStorV - ok

15:54:50.0160 5240        idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:54:50.0247 5240        idsvc - ok

15:54:50.0276 5240        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

15:54:50.0290 5240        iirsp - ok

15:54:50.0342 5240        IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll

15:54:50.0436 5240        IKEEXT - ok

15:54:50.0630 5240        IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys

15:54:50.0846 5240        IntcAzAudAddService - ok

15:54:51.0022 5240        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

15:54:51.0035 5240        intelide - ok

15:54:51.0076 5240        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

15:54:51.0125 5240        intelppm - ok

15:54:51.0162 5240        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

15:54:51.0219 5240        IPBusEnum - ok

15:54:51.0241 5240        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:54:51.0281 5240        IpFilterDriver - ok

15:54:51.0306 5240        iphlpsvc        (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll

15:54:51.0347 5240        iphlpsvc - ok

15:54:51.0352 5240        IpInIp - ok

15:54:51.0373 5240        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

15:54:51.0422 5240        IPMIDRV - ok

15:54:51.0455 5240        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

15:54:51.0495 5240        IPNAT - ok

15:54:51.0606 5240        iPod Service    (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe

15:54:51.0687 5240        iPod Service - ok

15:54:51.0744 5240        irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

15:54:51.0784 5240        irda - ok

15:54:51.0830 5240        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

15:54:51.0868 5240        IRENUM - ok

15:54:51.0902 5240        Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll

15:54:51.0977 5240        Irmon - ok

15:54:52.0004 5240        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

15:54:52.0018 5240        isapnp - ok

15:54:52.0058 5240        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

15:54:52.0075 5240        iScsiPrt - ok

15:54:52.0099 5240        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

15:54:52.0113 5240        iteatapi - ok

15:54:52.0130 5240        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

15:54:52.0143 5240        iteraid - ok

15:54:52.0190 5240        k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys

15:54:52.0230 5240        k57nd60x - ok

15:54:52.0249 5240        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:54:52.0264 5240        kbdclass - ok

15:54:52.0274 5240        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

15:54:52.0312 5240        kbdhid - ok

15:54:52.0336 5240        KeyIso          (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe

15:54:52.0379 5240        KeyIso - ok

15:54:52.0431 5240        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys

15:54:52.0457 5240        KSecDD - ok

15:54:52.0507 5240        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

15:54:52.0560 5240        KtmRm - ok

15:54:52.0589 5240        LanmanServer    (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll

15:54:52.0644 5240        LanmanServer - ok

15:54:52.0672 5240        LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll

15:54:52.0741 5240        LanmanWorkstation - ok

15:54:52.0804 5240        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

15:54:52.0843 5240        lltdio - ok

15:54:52.0868 5240        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

15:54:52.0912 5240        lltdsvc - ok

15:54:52.0926 5240        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

15:54:52.0996 5240        lmhosts - ok

15:54:53.0037 5240        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

15:54:53.0048 5240        LSI_FC - ok

15:54:53.0068 5240        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

15:54:53.0080 5240        LSI_SAS - ok

15:54:53.0109 5240        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

15:54:53.0125 5240        LSI_SCSI - ok

15:54:53.0156 5240        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

15:54:53.0201 5240        luafv - ok

15:54:53.0263 5240        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

15:54:53.0277 5240        MBAMProtector - ok

15:54:53.0430 5240        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:54:53.0460 5240        MBAMService - ok

15:54:53.0643 5240        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

15:54:53.0658 5240        McComponentHostService - ok

15:54:53.0690 5240        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

15:54:53.0733 5240        Mcx2Svc - ok

15:54:53.0759 5240        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

15:54:53.0775 5240        mdmxsdk - ok

15:54:53.0821 5240        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

15:54:53.0835 5240        megasas - ok

15:54:53.0907 5240        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

15:54:53.0963 5240        MegaSR - ok

15:54:54.0071 5240        Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

15:54:54.0084 5240        Microsoft Office Groove Audit Service - ok

15:54:54.0161 5240        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

15:54:54.0215 5240        MMCSS - ok

15:54:54.0236 5240        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

15:54:54.0288 5240        Modem - ok

15:54:54.0327 5240        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

15:54:54.0365 5240        monitor - ok

15:54:54.0412 5240        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

15:54:54.0426 5240        mouclass - ok

15:54:54.0455 5240        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

15:54:54.0493 5240        mouhid - ok

15:54:54.0513 5240        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

15:54:54.0527 5240        MountMgr - ok

15:54:54.0631 5240        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:54:54.0646 5240        MozillaMaintenance - ok

15:54:54.0682 5240        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

15:54:54.0698 5240        mpio - ok

15:54:54.0720 5240        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

15:54:54.0759 5240        mpsdrv - ok

15:54:54.0805 5240        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll

15:54:54.0871 5240        MpsSvc - ok

15:54:54.0957 5240        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

15:54:54.0971 5240        Mraid35x - ok

15:54:55.0004 5240        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

15:54:55.0048 5240        MRxDAV - ok

15:54:55.0076 5240        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:54:55.0116 5240        mrxsmb - ok

15:54:55.0146 5240        mrxsmb10        (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:54:55.0183 5240        mrxsmb10 - ok

15:54:55.0193 5240        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:54:55.0232 5240        mrxsmb20 - ok

15:54:55.0255 5240        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

15:54:55.0270 5240        msahci - ok

15:54:55.0304 5240        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

15:54:55.0319 5240        msdsm - ok

15:54:55.0362 5240        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

15:54:55.0408 5240        MSDTC - ok

15:54:55.0417 5240        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

15:54:55.0463 5240        Msfs - ok

15:54:55.0487 5240        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

15:54:55.0500 5240        msisadrv - ok

15:54:55.0535 5240        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

15:54:55.0576 5240        MSiSCSI - ok

15:54:55.0580 5240        msiserver - ok

15:54:55.0600 5240        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

15:54:55.0646 5240        MSKSSRV - ok

15:54:55.0664 5240        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

15:54:55.0702 5240        MSPCLOCK - ok

15:54:55.0719 5240        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

15:54:55.0757 5240        MSPQM - ok

15:54:55.0788 5240        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

15:54:55.0805 5240        MsRPC - ok

15:54:55.0824 5240        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

15:54:55.0838 5240        mssmbios - ok

15:54:55.0858 5240        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

15:54:55.0895 5240        MSTEE - ok

15:54:55.0914 5240        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

15:54:55.0928 5240        Mup - ok

15:54:55.0957 5240        mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

15:54:55.0968 5240        mwlPSDFilter - ok

15:54:55.0978 5240        mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

15:54:55.0989 5240        mwlPSDNServ - ok

15:54:56.0003 5240        mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

15:54:56.0013 5240        mwlPSDVDisk - ok

15:54:56.0106 5240        MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

15:54:56.0125 5240        MWLService - ok

15:54:56.0179 5240        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll

15:54:56.0244 5240        napagent - ok

15:54:56.0288 5240        NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

15:54:56.0331 5240        NativeWifiP - ok

15:54:56.0389 5240        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

15:54:56.0444 5240        NDIS - ok

15:54:56.0520 5240        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

15:54:56.0571 5240        NdisTapi - ok

15:54:56.0583 5240        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

15:54:56.0620 5240        Ndisuio - ok

15:54:56.0653 5240        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

15:54:56.0696 5240        NdisWan - ok

15:54:56.0713 5240        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

15:54:56.0751 5240        NDProxy - ok

15:54:56.0791 5240        Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

15:54:56.0812 5240        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:54:56.0812 5240        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:54:56.0823 5240        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

15:54:56.0860 5240        NetBIOS - ok

15:54:56.0885 5240        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

15:54:56.0936 5240        netbt - ok

15:54:56.0957 5240        Netlogon        (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe

15:54:56.0977 5240        Netlogon - ok

15:54:57.0012 5240        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

15:54:57.0068 5240        Netman - ok

15:54:57.0103 5240        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

15:54:57.0155 5240        netprofm - ok

15:54:57.0227 5240        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:54:57.0241 5240        NetTcpPortSharing - ok

15:54:57.0287 5240        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

15:54:57.0300 5240        nfrd960 - ok

15:54:57.0340 5240        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

15:54:57.0382 5240        NlaSvc - ok

15:54:57.0401 5240        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

15:54:57.0449 5240        Npfs - ok

15:54:57.0463 5240        NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

15:54:57.0510 5240        NSCIRDA - ok

15:54:57.0538 5240        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

15:54:57.0592 5240        nsi - ok

15:54:57.0605 5240        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

15:54:57.0657 5240        nsiproxy - ok

15:54:57.0744 5240        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

15:54:57.0818 5240        Ntfs - ok

15:54:57.0911 5240        NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

15:54:57.0923 5240        NTI IScheduleSvc - ok

15:54:57.0948 5240        NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

15:54:57.0959 5240        NTIBackupSvc - ok

15:54:57.0986 5240        NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys

15:54:57.0996 5240        NTIDrvr - ok

15:54:58.0022 5240        NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

15:54:58.0034 5240        NTISchedulerSvc - ok

15:54:58.0075 5240        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

15:54:58.0165 5240        ntrigdigi - ok

15:54:58.0183 5240        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

15:54:58.0226 5240        Null - ok

15:54:58.0257 5240        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

15:54:58.0269 5240        nvraid - ok

15:54:58.0294 5240        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

15:54:58.0305 5240        nvstor - ok

15:54:58.0329 5240        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

15:54:58.0345 5240        nv_agp - ok

15:54:58.0350 5240        NwlnkFlt - ok

15:54:58.0358 5240        NwlnkFwd - ok

15:54:58.0476 5240        odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:54:58.0500 5240        odserv - ok

15:54:58.0541 5240        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

15:54:58.0588 5240        ohci1394 - ok

15:54:58.0619 5240        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:54:58.0633 5240        ose - ok

15:54:58.0704 5240        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

15:54:58.0829 5240        p2pimsvc - ok

15:54:58.0841 5240        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

15:54:58.0926 5240        p2psvc - ok

15:54:58.0995 5240        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

15:54:59.0099 5240        Parport - ok

15:54:59.0117 5240        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

15:54:59.0133 5240        partmgr - ok

15:54:59.0158 5240        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

15:54:59.0226 5240        Parvdm - ok

15:54:59.0252 5240        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

15:54:59.0287 5240        PcaSvc - ok

15:54:59.0301 5240        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

15:54:59.0318 5240        pci - ok

15:54:59.0342 5240        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

15:54:59.0355 5240        pciide - ok

15:54:59.0411 5240        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

15:54:59.0428 5240        pcmcia - ok

15:54:59.0522 5240        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

15:54:59.0666 5240        PEAUTH - ok

15:54:59.0826 5240        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

15:54:59.0913 5240        pla - ok

15:55:00.0061 5240        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll

15:55:00.0116 5240        PlugPlay - ok

15:55:00.0156 5240        Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

15:55:00.0180 5240        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:55:00.0180 5240        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:55:00.0248 5240        PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

15:55:00.0324 5240        PNRPAutoReg - ok

15:55:00.0343 5240        PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

15:55:00.0420 5240        PNRPsvc - ok

15:55:00.0519 5240        PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll

15:55:00.0576 5240        PolicyAgent - ok

15:55:00.0651 5240        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

15:55:00.0694 5240        PptpMiniport - ok

15:55:00.0722 5240        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

15:55:00.0761 5240        Processor - ok

15:55:00.0791 5240        ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll

15:55:00.0843 5240        ProfSvc - ok

15:55:00.0868 5240        ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe

15:55:00.0888 5240        ProtectedStorage - ok

15:55:00.0914 5240        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

15:55:00.0957 5240        PSched - ok

15:55:01.0079 5240        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

15:55:01.0198 5240        ql2300 - ok

15:55:01.0220 5240        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

15:55:01.0235 5240        ql40xx - ok

15:55:01.0295 5240        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

15:55:01.0325 5240        QWAVE - ok

15:55:01.0352 5240        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

15:55:01.0371 5240        QWAVEdrv - ok

15:55:01.0388 5240        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

15:55:01.0442 5240        RasAcd - ok

15:55:01.0459 5240        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

15:55:01.0500 5240        RasAuto - ok

15:55:01.0523 5240        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:55:01.0564 5240        Rasl2tp - ok

15:55:01.0610 5240        RasMan          (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll

15:55:01.0654 5240        RasMan - ok

15:55:01.0678 5240        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

15:55:01.0725 5240        RasPppoe - ok

15:55:01.0741 5240        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

15:55:01.0780 5240        RasSstp - ok

15:55:01.0814 5240        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

15:55:01.0856 5240        rdbss - ok

15:55:01.0872 5240        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:55:01.0910 5240        RDPCDD - ok

15:55:01.0957 5240        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

15:55:01.0999 5240        rdpdr - ok

15:55:02.0005 5240        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

15:55:02.0071 5240        RDPENCDD - ok

15:55:02.0109 5240        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

15:55:02.0166 5240        RDPWD - ok

15:55:02.0210 5240        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

15:55:02.0250 5240        RemoteAccess - ok

15:55:02.0299 5240        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll

15:55:02.0342 5240        RemoteRegistry - ok

15:55:02.0379 5240        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

15:55:02.0397 5240        RpcLocator - ok

15:55:02.0455 5240        RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

15:55:02.0486 5240        RpcSs - ok

15:55:02.0522 5240        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

15:55:02.0562 5240        rspndr - ok

15:55:02.0590 5240        RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys

15:55:02.0603 5240        RTHDMIAzAudService - ok

15:55:02.0650 5240        RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS

15:55:02.0692 5240        RTSTOR - ok

15:55:02.0735 5240        SamSs           (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe

15:55:02.0754 5240        SamSs - ok

15:55:02.0781 5240        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

15:55:02.0795 5240        sbp2port - ok

15:55:02.0836 5240        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll

15:55:02.0883 5240        SCardSvr - ok

15:55:03.0010 5240        Schedule        (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll

15:55:03.0155 5240        Schedule - ok

15:55:03.0201 5240        SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

15:55:03.0239 5240        SCPolicySvc - ok

15:55:03.0278 5240        SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys

15:55:03.0289 5240        SCREAMINGBDRIVER - ok

15:55:03.0334 5240        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

15:55:03.0391 5240        sdbus - ok

15:55:03.0431 5240        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

15:55:03.0472 5240        SDRSVC - ok

15:55:03.0504 5240        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:55:03.0588 5240        secdrv - ok

15:55:03.0595 5240        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

15:55:03.0636 5240        seclogon - ok

15:55:03.0655 5240        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

15:55:03.0695 5240        SENS - ok

15:55:03.0725 5240        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

15:55:03.0814 5240        Serenum - ok

15:55:03.0851 5240        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

15:55:03.0946 5240        Serial - ok

15:55:03.0987 5240        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

15:55:04.0025 5240        sermouse - ok

15:55:04.0056 5240        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

15:55:04.0099 5240        SessionEnv - ok

15:55:04.0132 5240        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

15:55:04.0170 5240        sffdisk - ok

15:55:04.0199 5240        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

15:55:04.0260 5240        sffp_mmc - ok

15:55:04.0293 5240        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

15:55:04.0331 5240        sffp_sd - ok

15:55:04.0347 5240        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

15:55:04.0431 5240        sfloppy - ok

15:55:04.0500 5240        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

15:55:04.0572 5240        SharedAccess - ok

15:55:04.0611 5240        ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll

15:55:04.0655 5240        ShellHWDetection - ok

15:55:04.0688 5240        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

15:55:04.0703 5240        sisagp - ok

15:55:04.0725 5240        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

15:55:04.0740 5240        SiSRaid2 - ok

15:55:04.0761 5240        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

15:55:04.0776 5240        SiSRaid4 - ok

15:55:04.0974 5240        slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe

15:55:05.0221 5240        slsvc - ok

15:55:05.0407 5240        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll

15:55:05.0457 5240        SLUINotify - ok

15:55:05.0495 5240        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

15:55:05.0542 5240        Smb - ok

15:55:05.0567 5240        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

15:55:05.0586 5240        SNMPTRAP - ok

15:55:05.0604 5240        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

15:55:05.0617 5240        spldr - ok

15:55:05.0637 5240        Spooler         (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe

15:55:05.0679 5240        Spooler - ok

15:55:05.0722 5240        srv             (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys

15:55:05.0766 5240        srv - ok

15:55:05.0780 5240        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys

15:55:05.0820 5240        srv2 - ok

15:55:05.0831 5240        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys

15:55:05.0871 5240        srvnet - ok

15:55:05.0899 5240        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

15:55:05.0953 5240        SSDPSRV - ok

15:55:05.0994 5240        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys

15:55:06.0004 5240        ssmdrv - ok

15:55:06.0036 5240        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

15:55:06.0089 5240        SstpSvc - ok

15:55:06.0148 5240        Steam Client Service - ok

15:55:06.0214 5240        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll

15:55:06.0244 5240        stisvc - ok

15:55:06.0278 5240        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

15:55:06.0293 5240        swenum - ok

15:55:06.0327 5240        swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll

15:55:06.0374 5240        swprv - ok

15:55:06.0400 5240        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

15:55:06.0413 5240        Symc8xx - ok

15:55:06.0440 5240        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

15:55:06.0453 5240        Sym_hi - ok

15:55:06.0480 5240        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

15:55:06.0494 5240        Sym_u3 - ok

15:55:06.0548 5240        SynTP           (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys

15:55:06.0564 5240        SynTP - ok

15:55:06.0621 5240        SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll

15:55:06.0704 5240        SysMain - ok

15:55:06.0731 5240        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

15:55:06.0767 5240        TabletInputService - ok

15:55:06.0795 5240        TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll

15:55:06.0849 5240        TapiSrv - ok

15:55:06.0871 5240        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

15:55:06.0923 5240        TBS - ok

15:55:07.0012 5240        Tcpip           (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys

15:55:07.0132 5240        Tcpip - ok

15:55:07.0147 5240        Tcpip6          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys

15:55:07.0237 5240        Tcpip6 - ok

15:55:07.0293 5240        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

15:55:07.0347 5240        tcpipreg - ok

15:55:07.0369 5240        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

15:55:07.0432 5240        TDPIPE - ok

15:55:07.0450 5240        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

15:55:07.0487 5240        TDTCP - ok

15:55:07.0517 5240        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

15:55:07.0563 5240        tdx - ok

15:55:07.0585 5240        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

15:55:07.0600 5240        TermDD - ok

15:55:07.0649 5240        TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll

15:55:07.0720 5240        TermService - ok

15:55:07.0777 5240        Themes          (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll

15:55:07.0821 5240        Themes - ok

15:55:07.0859 5240        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

15:55:07.0899 5240        THREADORDER - ok

15:55:07.0914 5240        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

15:55:07.0969 5240        TrkWks - ok

15:55:08.0020 5240        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe

15:55:08.0059 5240        TrustedInstaller - ok

15:55:08.0087 5240        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:55:08.0152 5240        tssecsrv - ok

15:55:08.0162 5240        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

15:55:08.0200 5240        tunmp - ok

15:55:08.0229 5240        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

15:55:08.0278 5240        tunnel - ok

15:55:08.0303 5240        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

15:55:08.0317 5240        uagp35 - ok

15:55:08.0346 5240        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

15:55:08.0356 5240        UBHelper - ok

15:55:08.0400 5240        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

15:55:08.0441 5240        udfs - ok

15:55:08.0470 5240        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

15:55:08.0520 5240        UI0Detect - ok

15:55:08.0538 5240        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

15:55:08.0554 5240        uliagpkx - ok

15:55:08.0599 5240        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

15:55:08.0618 5240        uliahci - ok

15:55:08.0654 5240        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

15:55:08.0669 5240        UlSata - ok

15:55:08.0687 5240        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

15:55:08.0702 5240        ulsata2 - ok

15:55:08.0731 5240        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

15:55:08.0779 5240        umbus - ok

15:55:08.0818 5240        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

15:55:08.0876 5240        upnphost - ok

15:55:08.0922 5240        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

15:55:08.0972 5240        USBAAPL - ok

15:55:09.0027 5240        usbccgp         (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys

15:55:09.0075 5240        usbccgp - ok

15:55:09.0122 5240        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

15:55:09.0192 5240        usbcir - ok

15:55:09.0231 5240        usbehci         (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys

15:55:09.0260 5240        usbehci - ok

15:55:09.0285 5240        usbhub          (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys

15:55:09.0304 5240        usbhub - ok

15:55:09.0331 5240        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

15:55:09.0399 5240        usbohci - ok

15:55:09.0439 5240        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

15:55:09.0489 5240        usbprint - ok

15:55:09.0545 5240        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

15:55:09.0597 5240        usbscan - ok

15:55:09.0633 5240        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:55:09.0691 5240        USBSTOR - ok

15:55:09.0704 5240        usbuhci         (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys

15:55:09.0721 5240        usbuhci - ok

15:55:09.0738 5240        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

15:55:09.0784 5240        usbvideo - ok

15:55:09.0818 5240        UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll

15:55:09.0859 5240        UxSms - ok

15:55:09.0892 5240        VCSVADHWSer     (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys

15:55:09.0924 5240        VCSVADHWSer - ok

15:55:09.0967 5240        vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe

15:55:10.0024 5240        vds - ok

15:55:10.0092 5240        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

15:55:10.0154 5240        vga - ok

15:55:10.0167 5240        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

15:55:10.0216 5240        VgaSave - ok

15:55:10.0245 5240        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

15:55:10.0259 5240        viaagp - ok

15:55:10.0277 5240        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

15:55:10.0315 5240        ViaC7 - ok

15:55:10.0333 5240        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

15:55:10.0346 5240        viaide - ok

15:55:10.0381 5240        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

15:55:10.0396 5240        volmgr - ok

15:55:10.0418 5240        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

15:55:10.0439 5240        volmgrx - ok

15:55:10.0459 5240        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

15:55:10.0478 5240        volsnap - ok

15:55:10.0525 5240        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

15:55:10.0541 5240        vsmraid - ok

15:55:10.0658 5240        VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe

15:55:10.0783 5240        VSS - ok

15:55:10.0818 5240        W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll

15:55:10.0874 5240        W32Time - ok

15:55:10.0941 5240        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

15:55:11.0032 5240        WacomPen - ok

15:55:11.0076 5240        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:55:11.0133 5240        Wanarp - ok

15:55:11.0141 5240        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:55:11.0183 5240        Wanarpv6 - ok

15:55:11.0237 5240        wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll

15:55:11.0327 5240        wcncsvc - ok

15:55:11.0385 5240        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

15:55:11.0423 5240        WcsPlugInService - ok

15:55:11.0448 5240        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

15:55:11.0458 5240        Wd - ok

15:55:11.0528 5240        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

15:55:11.0576 5240        Wdf01000 - ok

15:55:11.0641 5240        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

15:55:11.0682 5240        WdiServiceHost - ok

15:55:11.0687 5240        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

15:55:11.0729 5240        WdiSystemHost - ok

15:55:11.0772 5240        WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll

15:55:11.0807 5240        WebClient - ok

15:55:11.0830 5240        Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll

15:55:11.0873 5240        Wecsvc - ok

15:55:11.0891 5240        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

15:55:11.0942 5240        wercplsupport - ok

15:55:11.0979 5240        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll

15:55:12.0016 5240        WerSvc - ok

15:55:12.0077 5240        winachsf        (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

15:55:12.0182 5240        winachsf - ok

15:55:12.0287 5240        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

15:55:12.0314 5240        WinDefend - ok

15:55:12.0322 5240        WinHttpAutoProxySvc - ok

15:55:12.0403 5240        Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll

15:55:12.0463 5240        Winmgmt - ok

15:55:12.0546 5240        WinRM           (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll

15:55:12.0646 5240        WinRM - ok

15:55:12.0701 5240        Wlansvc         (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll

15:55:12.0725 5240        Wlansvc - ok

15:55:12.0804 5240        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:55:12.0855 5240        WmiAcpi - ok

15:55:12.0928 5240        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe

15:55:12.0968 5240        wmiApSrv - ok

15:55:13.0101 5240        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

15:55:13.0267 5240        WMPNetworkSvc - ok

15:55:13.0345 5240        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll

15:55:13.0386 5240        WPCSvc - ok

15:55:13.0415 5240        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

15:55:13.0464 5240        WPDBusEnum - ok

15:55:13.0559 5240        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

15:55:13.0597 5240        WpdUsb - ok

15:55:13.0628 5240        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

15:55:13.0670 5240        ws2ifsl - ok

15:55:13.0690 5240        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll

15:55:13.0713 5240        wscsvc - ok

15:55:13.0722 5240        WSearch - ok

15:55:13.0858 5240        wuauserv        (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll

15:55:14.0076 5240        wuauserv - ok

15:55:14.0241 5240        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:55:14.0279 5240        WUDFRd - ok

15:55:14.0318 5240        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

15:55:14.0360 5240        wudfsvc - ok

15:55:14.0379 5240        XAudio          (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys

15:55:14.0396 5240        XAudio - ok

15:55:14.0429 5240        MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0

15:55:14.0828 5240        \Device\Harddisk0\DR0 - ok

15:55:14.0832 5240        Boot (0x1200)   (2b1801ad0246a445ff5091bb2fa14b1b) \Device\Harddisk0\DR0\Partition0

15:55:14.0834 5240        \Device\Harddisk0\DR0\Partition0 - ok

15:55:14.0836 5240        ============================================================

15:55:14.0836 5240        Scan finished

15:55:14.0836 5240        ============================================================

15:55:14.0920 6032        Detected object count: 6

15:55:14.0920 6032        Actual detected object count: 6

15:59:19.0686 6032        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0686 6032        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:19.0689 6032        AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0689 6032        AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:19.0692 6032        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0692 6032        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:19.0695 6032        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0695 6032        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:19.0698 6032        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0698 6032        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:19.0700 6032        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:59:19.0701 6032        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:59:26.0824 5984        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-06-28.01 - Marcel Klahn 28.06.2012  17:16:49.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1984 [GMT 2:00]

ausgeführt von:: c:\users\Marcel Klahn\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\kikin

c:\program files\kikin\default_settings.xml

c:\program files\kikin\file_list.txt

c:\program files\kikin\kikin.ico

c:\program files\kikin\KikinBroker.exe

c:\program files\kikin\KikinCrashReporter.exe

c:\program files\kikin\uninst.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))

.

.

2012-06-28 15:28 . 2012-06-28 15:28        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-25 14:17 . 2012-06-25 14:17        --------        d-----w-        C:\_OTL

2012-06-22 12:11 . 2012-06-22 12:11        --------        d-----w-        c:\users\Marcel Klahn\AppData\Roaming\Malwarebytes

2012-06-21 21:14 . 2012-06-21 21:14        --------        d-----w-        c:\program files\ESET

2012-06-06 11:18 . 2012-06-06 11:19        --------        d-----w-        c:\program files\PokerStars

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 13:56 . 2011-03-28 20:13        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2012-06-14 22:19 . 2012-06-22 11:42        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-22 22:41 . 2009-12-03 14:55        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2008-07-27 18:03        282112        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 68856]

"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

"Facebook Update"="c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-14 137536]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-25 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService        REG_MULTI_SZ           HsfXAudioService

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job

- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]

.

2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job

- c:\users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 20:14]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 07:41]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = 

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Free YouTube to MP3 Converter - c:\users\Marcel Klahn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Marcel Klahn\AppData\Roaming\Mozilla\Firefox\Profiles\balegvbu.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe

AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe

AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe

AddRemove-TeamSpeak 3 Client - c:\users\Marcel Klahn\Desktop\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-28 17:28

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-499933100-2867506379-2947858537-1000\Software\SecuROM\License information*]

"datasecu"=hex:d7,f1,4b,ea,7c,d6,4b,ee,73,e7,80,47,4e,fa,85,c2,d3,f1,bc,cf,79,

   d3,60,7f,71,d5,f4,4d,fc,6b,97,53,b2,1b,6e,09,ea,3f,be,7f,1c,fe,a2,a7,0a,f5,\

"rkeysecu"=hex:cf,93,cb,c3,6b,74,46,3a,94,96,51,0e,7d,ea,65,e2

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-06-28  17:31:40

ComboFix-quarantined-files.txt  2012-06-28 15:31

.

Vor Suchlauf: 16 Verzeichnis(se), 121.768.992.768 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 121.712.115.712 Bytes frei

.

- - End Of File - - 63DBC3A7E816081557E9A743882DF885

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Einmal der GEMA äh GMER scan :D

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-07-04 00:03:06

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0

Running: bfn8crpz.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8B226F3C                                                                                                                                      ZwCreateThread

SSDT            8B226F28                                                                                                                                      ZwOpenProcess

SSDT            8B226F2D                                                                                                                                      ZwOpenThread

SSDT            8B226F37                                                                                                                                      ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                               82508A18 4 Bytes  [3C, 6F, 22, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                               82508BE8 4 Bytes  [28, 6F, 22, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                               82508C04 4 Bytes  [2D, 6F, 22, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                               82508E18 4 Bytes  [37, 6F, 22, 8B]

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x8E201000, 0x3C9EA5, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Windows\Explorer.EXE[3352] SHELL32.dll!InitNetworkAddressControl + 2939                                                                    76FD0064 4 Bytes  [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrLoadDll                                                                       77AC7933 5 Bytes  JMP 69E0FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!MapViewOfFile                                                                 766B7F30 5 Bytes  JMP 6A0B079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] kernel32.dll!VirtualAlloc                                                                  766BB86F 5 Bytes  JMP 6A0B07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!CreateDIBSection                                                                 76C075C0 5 Bytes  JMP 6A0B0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2144] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [01B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                         [74867BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                          [748A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                      [7486D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                [7485F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                          [74867599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                       [7485E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                           [7489B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                              [7486D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                      [7486012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                       [74860095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                        [748571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                [748ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                   [748875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                      [7485DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                [7485668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                               [748566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                  [74861E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                   [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                       [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                 [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                   [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                        mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
 

---- EOF - GMER 1.0.15 ----

und OSAM

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:09:42 on 04.07.2012
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 13.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000Core.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe

"FacebookUpdateTaskUserS-1-5-21-499933100-2867506379-2947858537-1000UA.job" - "Facebook Inc." - C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"kxtdypog" (kxtdypog) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kxtdypog.sys  (Hidden registry entry, rootkit activity | File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys

"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys

"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Marcel Klahn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Facebook Update" - "Facebook Inc." - "C:\Users\Marcel Klahn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4

"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k

"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"

"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"PLFSetI" - ? - C:\Windows\PLFSetI.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "Acer" - C:\Windows\system32\Acer.scr
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

asw scan:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-04 00:11:53

-----------------------------

00:11:53.950    OS Version: Windows 6.0.6001 Service Pack 1

00:11:53.950    Number of processors: 2 586 0x170A

00:11:53.953    ComputerName: MEINPC  UserName: 

00:11:56.521    Initialize success

00:14:17.142    AVAST engine defs: 12070301

00:14:46.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

00:14:46.300    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

00:14:46.660    Disk 0 MBR read successfully

00:14:46.662    Disk 0 MBR scan

00:14:46.668    Disk 0 unknown MBR code

00:14:46.772    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048

00:14:46.903    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       466938 MB offset 20482048

00:14:47.317    Disk 0 scanning sectors +976771072

00:14:48.142    Disk 0 scanning C:\Windows\system32\drivers

00:16:20.103    Service scanning

00:16:46.722    Modules scanning

00:17:33.813    Disk 0 trace - called modules:

00:17:33.857    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

00:17:33.864    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8621c518]

00:17:33.869    3 CLASSPNP.SYS[8a7a2745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856ec028]

00:17:36.447    AVAST engine scan C:\Windows

00:19:45.623    AVAST engine scan C:\Windows\system32

00:24:19.222    AVAST engine scan C:\Windows\system32\drivers

00:24:58.356    AVAST engine scan C:\Users\Marcel Klahn

01:06:44.306    AVAST engine scan C:\ProgramData

01:14:54.557    Scan finished successfully

02:31:21.601    Disk 0 MBR has been saved successfully to "C:\Users\Marcel Klahn\Desktop\MBR.dat"

02:31:21.609    The log file has been saved successfully to "C:\Users\Marcel Klahn\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

So, mir hats gereicht, komplett das system neu aufgesetzt, danke für die mühen, kannst du bitte das thema löschen, ich will nicht, dass man hier googeln kann und private Daten erfährt. LG DANKE FÜR DIE BEMÜHUNGEN

Schade, dass du so kurz vorm Ziel aufgehört hast, naja
Themen werden hier nicht gelöscht