Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista Firewall abgeschossen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 12.11.2012, 09:13   #1
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Hallo,

ich wurde kürzlich von dem heimtückischen "System Progressive Protectipon" heimgesucht und seit dem startet meine Windows Vista interne Firewall nicht mehr.

Ich hatte laut Anleitung zunächst den SPP mit dem Tool abgeschaltet und anschließend gelöscht. Danach folgten Scans mit Malewarebytes und Anti-Vir. Beide haben infizierte Dateien gelöscht bzw. in Quarantäne verschoben.

Soweit so gut. Nun habe ich das Problem, dass die Firewall nicht mehr startet.
Ich habe bereits alle zu ergoogelnden Anleitungen ausprobiert.

Zunächst über die cmd:
netsh firewall reset
> ohne Erfolg

Dann versucht die Firewall über "Dienste" zu starten
> ohne Erfolg

Anschließend versucht mit MicrosoftFixIt dem Problem beizukommen
> ebenfalls ohne Erfolg

Leider besitze ich zu meinem Acer-Lappy nur eine Recovery-CD und keine normale Vista-CD. Über diese Recovery-CD habe ich jedoch keine Repair-Funktion, sondern nur die Möglichkeit einer kompletten Zurücksetzung des Systems. Dem würde ich gerne nochmal davonkommen.

Hat jemand eine Ahnung wie ich die interne Firewall wieder zum starten kriege ohne das System neu aufzusetzen?

Anbei noch die beiden Berichte von MWB und Antivir.

Vielen Dank schonmal

Alt 12.11.2012, 13:25   #2
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 12.11.2012, 19:00   #3
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



OK:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.11.2012 18:27:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Piper\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,37% Memory free
6,19 Gb Paging File | 5,32 Gb Available in Paging File | 85,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 65,40 Gb Free Space | 45,40% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 86,09 Gb Free Space | 61,28% Space Free | Partition Type: NTFS
 
Computer Name: PIPER-PC | User Name: Piper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.12 18:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piper\Downloads\OTL.com
PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.16 17:56:56 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.01 21:10:25 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Piper\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.18 12:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.19 14:27:22 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.06.04 13:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.09 21:00:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2012.11.09 20:25:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2012.11.09 20:25:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2012.11.09 20:24:49 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\35f20a6b69d5c7033b4b1873456e5074\System.ServiceProcess.ni.dll
MOD - [2012.11.09 20:24:19 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2012.11.09 20:23:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2008.11.27 19:54:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.11.27 19:54:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.11.27 19:54:41 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.30 11:59:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011.04.06 15:51:34 | 000,405,504 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2008.08.19 14:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.03.20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.11.10 09:17:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.10.04 12:07:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.27 09:37:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2012.06.27 09:37:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
DRV - [2012.06.27 09:37:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.04.18 14:43:26 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.04.18 14:43:24 | 000,237,440 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011.04.18 14:43:24 | 000,191,872 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.04.18 14:43:24 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.04.18 14:43:22 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.09.01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2010.03.11 08:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010.03.11 08:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.08.28 15:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.19 14:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.31 17:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {A90FD7F8-62B7-45B2-8C53-A1D218D10C30}
IE - HKCU\..\SearchScopes\{A90FD7F8-62B7-45B2-8C53-A1D218D10C30}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "taz.de"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.08.22 09:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 17:24:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 17:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 11:59:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 17:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 17:24:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 11:59:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.02.01 22:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\Extensions
[2012.11.07 12:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions
[2012.02.01 22:13:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 22:13:11 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2012.02.01 22:13:11 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2012.11.07 12:28:38 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.11.02 08:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.01 22:13:11 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2012.02.01 22:13:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012.02.01 22:13:12 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2012.02.01 22:13:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\engine@conduit.com
[2012.10.12 08:37:59 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\info@djzig.com
[2012.02.02 10:54:21 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\mail@gutscheinrausch.de
[2012.02.01 22:13:09 | 000,000,000 | ---D | M] (Cold Night) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\martin@hoerandl.com
[2012.02.01 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2012.02.01 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\Firefox\Profiles\1btbgr6v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2011.04.19 15:20:38 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\personas@christopher.beard.xpi
[2012.08.30 11:19:28 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.25 17:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.04.29 23:36:38 | 000,105,386 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2008.02.08 06:47:30 | 000,001,204 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2008.01.27 18:53:20 | 000,001,812 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2009.02.07 19:15:04 | 001,304,961 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\tmp.xpi
[2009.12.21 17:18:32 | 000,828,588 | ---- | M] () (No name found) -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}\chrome\tmp.xpi
[2011.01.05 16:03:26 | 000,002,613 | ---- | M] () -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\searchplugins\dastelefonbuch.xml
[2012.11.12 08:12:54 | 000,002,387 | ---- | M] () -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\searchplugins\ebay-kleinanzeigen.xml
[2012.11.10 19:29:35 | 000,001,655 | ---- | M] () -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\searchplugins\ixquick---deutsch.xml
[2009.02.03 17:24:36 | 000,002,108 | ---- | M] () -- C:\Users\Piper\AppData\Roaming\mozilla\firefox\profiles\1btbgr6v.default\searchplugins\youtube-videosuche.xml
[2012.10.28 17:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 17:24:22 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.16 12:56:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.16 12:56:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.16 12:56:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 12:56:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 12:56:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 12:56:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AF28EFE-94B7-431B-B73C-85C3903CA838}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA550C81-F7B7-4C6E-A0E7-8F90329C35A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Piper\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Piper\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.12 14:13:00 | 000,000,000 | ---D | M] - D:\AutoGK -- [ NTFS ]
O33 - MountPoints2\{29da99d5-ec34-11e1-a743-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{29da99d5-ec34-11e1-a743-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{29da99d7-ec34-11e1-a743-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{29da99d7-ec34-11e1-a743-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{29da9a04-ec34-11e1-a743-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{29da9a04-ec34-11e1-a743-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{29da9a05-ec34-11e1-a743-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{29da9a05-ec34-11e1-a743-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{4b7d5655-ec1f-11e1-9d6a-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{4b7d5655-ec1f-11e1-9d6a-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{76cc77d5-ece9-11e1-839e-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{76cc77d5-ece9-11e1-839e-00238b518f17}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{c3a432ba-ec20-11e1-af75-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{c3a432ba-ec20-11e1-af75-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c3a432ce-ec20-11e1-af75-00238b518f17}\Shell - "" = AutoRun
O33 - MountPoints2\{c3a432ce-ec20-11e1-af75-00238b518f17}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8D979863-89D3-F7E6-BE13-97D7B1F481A1} - Microsoft Windows Media Player
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^Piper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Piper\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesAirMessage - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: ProductReg - hkey= - key= - C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
MsConfig - StartUpReg: Trigger New Acer AlaunchX - hkey= - key= - c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.09 21:01:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.09 20:14:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.11.09 20:14:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.11.09 20:14:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.11.09 20:10:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.11.09 19:48:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.11.09 19:20:46 | 000,000,000 | ---D | C] -- C:\Users\Piper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012.11.09 15:30:13 | 000,000,000 | ---D | C] -- C:\Users\Piper\AppData\Roaming\Malwarebytes
[2012.11.09 15:29:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.09 15:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.09 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.09 14:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\5876C88E54E4FBAC00005876701D00C8
[2012.11.03 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Piper\AppData\Roaming\Avira
[2012.11.03 20:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.03 20:11:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.03 20:11:15 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.03 20:11:15 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.03 20:11:15 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.03 20:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.03 20:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.31 20:56:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.10.30 11:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.28 17:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.12 18:20:25 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.12 18:20:25 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.12 18:20:25 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.12 18:20:25 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.12 18:16:06 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.12 18:14:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.11.12 18:14:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 18:14:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 18:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.12 18:13:46 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 08:36:38 | 001,245,184 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012.11.12 08:36:38 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012.11.12 08:36:38 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012.11.12 08:31:07 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.12 08:20:11 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A422CF15-5687-4B2A-9C14-8F92A50284DA}.job
[2012.11.12 08:15:49 | 000,000,402 | ---- | M] () -- C:\Users\Piper\Desktop\repair.bat
[2012.11.10 09:17:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.10 08:48:53 | 000,430,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.09 19:20:46 | 000,002,016 | ---- | M] () -- C:\Users\Piper\Desktop\System Progressive Protection.lnk
[2012.11.09 15:29:59 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 19:23:50 | 000,104,960 | ---- | M] () -- C:\Users\Piper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.16 17:16:40 | 000,001,356 | ---- | M] () -- C:\Users\Piper\AppData\Local\d3d9caps.dat
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.12 08:24:52 | 001,245,184 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012.11.12 08:24:52 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012.11.12 08:24:52 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012.11.12 08:15:49 | 000,000,402 | ---- | C] () -- C:\Users\Piper\Desktop\repair.bat
[2012.11.09 19:54:26 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.11.09 19:54:24 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.11.09 19:54:05 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.11.09 19:54:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.11.09 19:54:01 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.11.09 19:52:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.11.09 19:52:29 | 002,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.11.09 19:52:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.11.09 19:52:24 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.11.09 19:52:23 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.11.09 19:52:17 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.11.09 19:20:46 | 000,002,016 | ---- | C] () -- C:\Users\Piper\Desktop\System Progressive Protection.lnk
[2012.11.09 15:50:55 | 3215,843,328 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.09 15:29:59 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.21 17:31:37 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
[2012.04.11 14:50:46 | 000,148,978 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.04.11 14:50:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.03.18 12:51:00 | 000,000,029 | ---- | C] () -- C:\Windows\wordpad.ini
[2012.03.18 12:50:49 | 000,000,029 | ---- | C] () -- C:\Windows\winzip32.ini
[2012.02.28 21:09:22 | 000,451,053 | ---- | C] () -- C:\Users\Piper\Swantje und Jan.jpg
[2012.02.15 15:43:35 | 000,000,363 | ---- | C] () -- C:\Users\Piper\Musik - Verknüpfung.lnk
[2012.02.05 18:17:07 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.05 12:36:27 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.02.02 10:10:59 | 000,104,960 | ---- | C] () -- C:\Users\Piper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.01 21:07:27 | 000,001,356 | ---- | C] () -- C:\Users\Piper\AppData\Local\d3d9caps.dat
[2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1395388942-2263756309-275698717-1000\$4d803809328f06bf51e32c1157186945\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.04.10 23:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\System32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\System32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.11.27 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Acer GameZone Console
[2012.03.18 12:44:10 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Babylon
[2012.03.18 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.03 19:26:58 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Dropbox
[2012.03.18 12:30:52 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\GetRightToGo
[2012.09.29 20:07:44 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\ICQ
[2012.10.02 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\IrfanView
[2012.05.23 06:55:52 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\MAGIX
[2012.02.02 10:54:16 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\OpenCandy
[2012.02.01 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Thunderbird
[2012.06.26 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Vodafone
[2012.09.03 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\Piper\AppData\Roaming\Wuala
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.09 14:04:50 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.02.01 21:43:24 | 000,000,000 | ---D | M] -- C:\ACER
[2012.02.02 05:55:38 | 000,000,000 | ---D | M] -- C:\ACERSW
[2008.11.27 20:57:30 | 000,000,000 | ---D | M] -- C:\book
[2012.11.09 20:22:53 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.02.01 21:32:51 | 000,000,000 | ---D | M] -- C:\CLSetup
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.02.01 21:05:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.11.27 19:39:17 | 000,000,000 | ---D | M] -- C:\Intel
[2008.11.27 20:31:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.09 15:29:58 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.09 15:29:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.01 21:05:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.12 18:30:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.01 21:07:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.12 08:37:07 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.10 23:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.02 10:35:36 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A422CF15-5687-4B2A-9C14-8F92A50284DA}.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 03:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.02.15 15:43:35 | 000,000,363 | ---- | M] () -- C:\Users\Piper\Musik - Verknüpfung.lnk
[2012.11.12 18:35:04 | 001,835,008 | -HS- | M] () -- C:\Users\Piper\ntuser.dat
[2012.11.12 18:35:04 | 000,262,144 | -H-- | M] () -- C:\Users\Piper\ntuser.dat.LOG1
[2012.02.01 21:07:25 | 000,000,000 | -H-- | M] () -- C:\Users\Piper\ntuser.dat.LOG2
[2012.11.12 14:31:10 | 000,065,536 | -HS- | M] () -- C:\Users\Piper\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.11.12 14:31:10 | 000,524,288 | -HS- | M] () -- C:\Users\Piper\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.02.01 21:24:01 | 000,524,288 | -HS- | M] () -- C:\Users\Piper\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.02.01 21:07:25 | 000,000,020 | -HS- | M] () -- C:\Users\Piper\ntuser.ini
[2012.02.28 21:09:22 | 000,451,053 | ---- | M] () -- C:\Users\Piper\Swantje und Jan.jpg
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


und die Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.11.2012 18:27:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Piper\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,37% Memory free
6,19 Gb Paging File | 5,32 Gb Available in Paging File | 85,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 65,40 Gb Free Space | 45,40% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 86,09 Gb Free Space | 61,28% Space Free | Partition Type: NTFS
 
Computer Name: PIPER-PC | User Name: Piper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FTP Commander Pro" = FTP Commander Pro
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.1.13.71
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 11:55:59 | Computer Name = Piper-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 521325
 
Error - 07.11.2012 11:55:59 | Computer Name = Piper-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 521325
 
Error - 07.11.2012 11:56:03 | Computer Name = Piper-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.11.2012 11:56:03 | Computer Name = Piper-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 526005
 
Error - 07.11.2012 11:56:03 | Computer Name = Piper-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 526005
 
Error - 07.11.2012 13:18:42 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 04:25:32 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 03:24:21 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 10:12:02 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 10:20:35 | Computer Name = Piper-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 09.11.2012 10:21:45 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 10:51:39 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 13:05:55 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 13:09:17 | Computer Name = Piper-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.07.2012 03:16:22 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.07.2012 13:58:53 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.07.2012 05:41:44 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.07.2012 12:59:34 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.07.2012 03:16:42 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.07.2012 04:38:03 | Computer Name = Piper-PC | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Telekom E-Mail-Adresse_Postfach_uebertragen
 im Besitz von Piper konnte nicht auf dem Drucker Canon iP3300 gedruckt werden. 
Versuchen Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler
 erneut.   Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 946508. Anzahl der
 gedruckten Bytes: 472504. Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der 
gedruckten Seiten: 0. Clientcomputer: \\PIPER-PC. Vom Druckprozessor zurückgegebener
 Win32-Fehlercode: 1. Unzulässige Funktion.  
 
Error - 20.07.2012 10:57:20 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.07.2012 02:42:37 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.07.2012 15:55:21 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.07.2012 02:27:18 | Computer Name = Piper-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 13.11.2012, 17:58   #4
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.11.09 19:20:46 | 000,000,000 | ---D | C] -- C:\Users\Piper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012.11.09 19:20:46 | 000,002,016 | ---- | M] () -- C:\Users\Piper\Desktop\System Progressive Protection.lnk
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.11.2012, 10:17   #5
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



die beiden dokumente lagen auf dem desktop:


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799


und


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183


Alt 14.11.2012, 14:21   #6
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



hi
hast du unhide genutzt?
__________________
--> Windows Vista Firewall abgeschossen

Alt 15.11.2012, 10:03   #7
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Sorry, hatte ich nicht gelesen.

Hier das unhide dokument:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 11/15/2012 09:58:36 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 173338 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 21759 files processed.

The C:\Users\Piper\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 11/15/2012 10:02:25 AM
Execution time: 0 hours(s), 3 minute(s), and 49 seconds(s)

Fehlt mir jetzt noch eine Datei?

Ich habe nun auch eine Vista CD bekommen, aber damit konnte ich die Firewall auch nicht reparieren.

Bin jetzt wirklich ein bischen verzweifelt.

Alt 16.11.2012, 14:14   #8
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Du sollst nichts eigenständig am pc machen, du machsts damit nur noch schlimmer.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.11.2012, 11:48   #9
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



11:45:48.0410 1624 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:45:48.0691 1624 ============================================================
11:45:48.0691 1624 Current date / time: 2012/11/18 11:45:48.0691
11:45:48.0691 1624 SystemInfo:
11:45:48.0691 1624
11:45:48.0691 1624 OS Version: 6.0.6002 ServicePack: 2.0
11:45:48.0691 1624 Product type: Workstation
11:45:48.0691 1624 ComputerName: PIPER-PC
11:45:48.0691 1624 UserName: Piper
11:45:48.0691 1624 Windows directory: C:\Windows
11:45:48.0691 1624 System windows directory: C:\Windows
11:45:48.0691 1624 Processor architecture: Intel x86
11:45:48.0691 1624 Number of processors: 2
11:45:48.0691 1624 Page size: 0x1000
11:45:48.0691 1624 Boot type: Normal boot
11:45:48.0691 1624 ============================================================
11:45:49.0517 1624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:45:49.0517 1624 ============================================================
11:45:49.0517 1624 \Device\Harddisk0\DR0:
11:45:49.0517 1624 MBR partitions:
11:45:49.0517 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
11:45:49.0517 1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
11:45:49.0517 1624 ============================================================
11:45:49.0564 1624 C: <-> \Device\Harddisk0\DR0\Partition1
11:45:49.0611 1624 D: <-> \Device\Harddisk0\DR0\Partition2
11:45:49.0611 1624 ============================================================
11:45:49.0611 1624 Initialize success
11:45:49.0611 1624 ============================================================
11:47:25.0066 0660 ============================================================
11:47:25.0066 0660 Scan started
11:47:25.0066 0660 Mode: Manual; SigCheck;
11:47:25.0066 0660 ============================================================
11:47:25.0909 0660 ================ Scan system memory ========================
11:47:25.0909 0660 System memory - ok
11:47:25.0909 0660 ================ Scan services =============================
11:47:26.0143 0660 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:47:26.0299 0660 ACPI - ok
11:47:26.0392 0660 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:47:26.0439 0660 adp94xx - ok
11:47:26.0470 0660 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:47:26.0501 0660 adpahci - ok
11:47:26.0517 0660 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:47:26.0548 0660 adpu160m - ok
11:47:26.0579 0660 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:47:26.0595 0660 adpu320 - ok
11:47:26.0626 0660 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:47:26.0689 0660 AeLookupSvc - ok
11:47:26.0735 0660 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys
11:47:26.0813 0660 AFD - ok
11:47:26.0845 0660 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:47:26.0860 0660 agp440 - ok
11:47:26.0907 0660 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:47:26.0923 0660 aic78xx - ok
11:47:26.0954 0660 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:47:27.0001 0660 ALG - ok
11:47:27.0032 0660 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
11:47:27.0047 0660 aliide - ok
11:47:27.0063 0660 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:47:27.0079 0660 amdagp - ok
11:47:27.0094 0660 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
11:47:27.0125 0660 amdide - ok
11:47:27.0141 0660 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
11:47:27.0203 0660 AmdK7 - ok
11:47:27.0219 0660 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:47:27.0297 0660 AmdK8 - ok
11:47:27.0422 0660 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:47:27.0437 0660 AntiVirSchedulerService - ok
11:47:27.0469 0660 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:47:27.0484 0660 AntiVirService - ok
11:47:27.0515 0660 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
11:47:27.0547 0660 Appinfo - ok
11:47:27.0609 0660 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:47:27.0609 0660 Apple Mobile Device - ok
11:47:27.0625 0660 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
11:47:27.0656 0660 arc - ok
11:47:27.0703 0660 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:47:27.0734 0660 arcsas - ok
11:47:27.0749 0660 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:47:27.0812 0660 AsyncMac - ok
11:47:27.0827 0660 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
11:47:27.0843 0660 atapi - ok
11:47:27.0890 0660 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:47:27.0937 0660 AudioEndpointBuilder - ok
11:47:27.0952 0660 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:47:27.0983 0660 Audiosrv - ok
11:47:27.0983 0660 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:47:28.0046 0660 avgntflt - ok
11:47:28.0077 0660 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:47:28.0093 0660 avipbb - ok
11:47:28.0108 0660 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:47:28.0124 0660 avkmgr - ok
11:47:28.0155 0660 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
11:47:28.0217 0660 Beep - ok
11:47:28.0280 0660 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
11:47:28.0405 0660 BITS - ok
11:47:28.0436 0660 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:47:28.0483 0660 blbdrive - ok
11:47:28.0514 0660 [ A6D35FF84E024D6D3F12AAF6C9814314 ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
11:47:28.0561 0660 BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:47:28.0561 0660 BMLoad - detected UnsignedFile.Multi.Generic (1)
11:47:28.0623 0660 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:47:28.0639 0660 Bonjour Service - ok
11:47:28.0670 0660 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:47:28.0717 0660 bowser - ok
11:47:28.0732 0660 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:47:28.0795 0660 BrFiltLo - ok
11:47:28.0810 0660 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:47:28.0857 0660 BrFiltUp - ok
11:47:28.0888 0660 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
11:47:28.0951 0660 Browser - ok
11:47:28.0997 0660 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:47:29.0075 0660 Brserid - ok
11:47:29.0091 0660 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:47:29.0185 0660 BrSerWdm - ok
11:47:29.0200 0660 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:47:29.0263 0660 BrUsbMdm - ok
11:47:29.0278 0660 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:47:29.0387 0660 BrUsbSer - ok
11:47:29.0403 0660 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:47:29.0481 0660 BTHMODEM - ok
11:47:29.0512 0660 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:47:29.0559 0660 cdfs - ok
11:47:29.0606 0660 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:47:29.0621 0660 cdrom - ok
11:47:29.0653 0660 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
11:47:29.0715 0660 CertPropSvc - ok
11:47:29.0731 0660 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:47:29.0777 0660 circlass - ok
11:47:29.0809 0660 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
11:47:29.0840 0660 CLFS - ok
11:47:29.0933 0660 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
11:47:29.0949 0660 CLHNService ( UnsignedFile.Multi.Generic ) - warning
11:47:29.0949 0660 CLHNService - detected UnsignedFile.Multi.Generic (1)
11:47:30.0027 0660 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:47:30.0043 0660 clr_optimization_v2.0.50727_32 - ok
11:47:30.0058 0660 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:47:30.0136 0660 CmBatt - ok
11:47:30.0167 0660 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:47:30.0183 0660 cmdide - ok
11:47:30.0199 0660 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:47:30.0214 0660 Compbatt - ok
11:47:30.0230 0660 COMSysApp - ok
11:47:30.0230 0660 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:47:30.0261 0660 crcdisk - ok
11:47:30.0277 0660 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
11:47:30.0323 0660 Crusoe - ok
11:47:30.0355 0660 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:47:30.0401 0660 CryptSvc - ok
11:47:30.0448 0660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:47:30.0495 0660 DcomLaunch - ok
11:47:30.0526 0660 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:47:30.0589 0660 DfsC - ok
11:47:30.0667 0660 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
11:47:30.0807 0660 DFSR - ok
11:47:30.0854 0660 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:47:30.0885 0660 Dhcp - ok
11:47:30.0916 0660 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
11:47:30.0947 0660 disk - ok
11:47:30.0963 0660 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
11:47:30.0979 0660 DKbFltr - ok
11:47:31.0025 0660 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:47:31.0072 0660 Dnscache - ok
11:47:31.0088 0660 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:47:31.0135 0660 dot3svc - ok
11:47:31.0181 0660 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:47:31.0228 0660 Dot4 - ok
11:47:31.0244 0660 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:47:31.0291 0660 Dot4Print - ok
11:47:31.0322 0660 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:47:31.0369 0660 dot4usb - ok
11:47:31.0415 0660 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
11:47:31.0462 0660 DPS - ok
11:47:31.0478 0660 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:47:31.0525 0660 drmkaud - ok
11:47:31.0587 0660 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:47:31.0649 0660 DXGKrnl - ok
11:47:31.0712 0660 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:47:31.0774 0660 E1G60 - ok
11:47:31.0821 0660 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
11:47:31.0837 0660 EapHost - ok
11:47:31.0883 0660 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
11:47:31.0915 0660 Ecache - ok
11:47:31.0977 0660 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
11:47:32.0024 0660 eDataSecurity Service - ok
11:47:32.0071 0660 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:47:32.0149 0660 ehRecvr - ok
11:47:32.0180 0660 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
11:47:32.0211 0660 ehSched - ok
11:47:32.0227 0660 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
11:47:32.0258 0660 ehstart - ok
11:47:32.0289 0660 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:47:32.0320 0660 elxstor - ok
11:47:32.0367 0660 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:47:32.0445 0660 EMDMgmt - ok
11:47:32.0461 0660 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:47:32.0523 0660 ErrDev - ok
11:47:32.0554 0660 [ C0FE39B8F686B7C70A666E716CC12B49 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
11:47:32.0570 0660 ETService ( UnsignedFile.Multi.Generic ) - warning
11:47:32.0585 0660 ETService - detected UnsignedFile.Multi.Generic (1)
11:47:32.0648 0660 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
11:47:32.0710 0660 EventSystem - ok
11:47:32.0741 0660 [ 3AED3B6B78F3506E363A4B64B7309568 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
11:47:32.0804 0660 ewusbnet - ok
11:47:32.0835 0660 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:47:32.0913 0660 ew_hwusbdev - ok
11:47:32.0929 0660 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
11:47:32.0975 0660 ew_usbenumfilter - ok
11:47:33.0022 0660 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
11:47:33.0069 0660 exfat - ok
11:47:33.0116 0660 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:47:33.0163 0660 fastfat - ok
11:47:33.0225 0660 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:47:33.0272 0660 fdc - ok
11:47:33.0303 0660 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
11:47:33.0365 0660 fdPHost - ok
11:47:33.0365 0660 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
11:47:33.0428 0660 FDResPub - ok
11:47:33.0459 0660 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:47:33.0490 0660 FileInfo - ok
11:47:33.0506 0660 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:47:33.0568 0660 Filetrace - ok
11:47:33.0584 0660 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:33.0646 0660 flpydisk - ok
11:47:33.0677 0660 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:47:33.0693 0660 FltMgr - ok
11:47:33.0755 0660 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:47:33.0787 0660 FontCache3.0.0.0 - ok
11:47:33.0818 0660 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:47:33.0865 0660 Fs_Rec - ok
11:47:33.0896 0660 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:47:33.0911 0660 gagp30kx - ok
11:47:33.0943 0660 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:47:33.0958 0660 GEARAspiWDM - ok
11:47:34.0005 0660 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
11:47:34.0130 0660 gpsvc - ok
11:47:34.0192 0660 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:47:34.0286 0660 HdAudAddService - ok
11:47:34.0317 0660 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:47:34.0364 0660 HDAudBus - ok
11:47:34.0395 0660 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:47:34.0473 0660 HidBth - ok
11:47:34.0489 0660 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:47:34.0535 0660 HidIr - ok
11:47:34.0567 0660 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
11:47:34.0629 0660 hidserv - ok
11:47:34.0660 0660 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:47:34.0691 0660 HidUsb - ok
11:47:34.0707 0660 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:47:34.0754 0660 hkmsvc - ok
11:47:34.0785 0660 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:47:34.0801 0660 HpCISSs - ok
11:47:34.0863 0660 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:47:34.0879 0660 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:47:34.0879 0660 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:47:34.0894 0660 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:47:34.0925 0660 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:47:34.0925 0660 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:47:34.0972 0660 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:47:35.0019 0660 HSFHWAZL - ok
11:47:35.0081 0660 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:47:35.0175 0660 HSF_DPV - ok
11:47:35.0191 0660 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:47:35.0237 0660 HSXHWAZL - ok
11:47:35.0284 0660 [ ABBC72793F1C588B1A7DB0CAC69A4FE8 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:47:35.0362 0660 HTTP - ok
11:47:35.0409 0660 [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:47:35.0425 0660 huawei_enumerator - ok
11:47:35.0456 0660 [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:47:35.0487 0660 hwdatacard - ok
11:47:35.0534 0660 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:47:35.0549 0660 i2omp - ok
11:47:35.0581 0660 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:47:35.0627 0660 i8042prt - ok
11:47:35.0674 0660 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:47:35.0705 0660 IAANTMON - ok
11:47:35.0752 0660 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:47:35.0768 0660 iaStor - ok
11:47:35.0799 0660 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:47:35.0830 0660 iaStorV - ok
11:47:35.0893 0660 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:47:35.0955 0660 idsvc - ok
11:47:36.0002 0660 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:47:36.0017 0660 iirsp - ok
11:47:36.0049 0660 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
11:47:36.0111 0660 IKEEXT - ok
11:47:36.0142 0660 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
11:47:36.0158 0660 int15 - ok
11:47:36.0220 0660 [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:47:36.0423 0660 IntcAzAudAddService - ok
11:47:36.0439 0660 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
11:47:36.0454 0660 intelide - ok
11:47:36.0485 0660 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:47:36.0517 0660 intelppm - ok
11:47:36.0548 0660 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:47:36.0610 0660 IPBusEnum - ok
11:47:36.0641 0660 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:36.0688 0660 IpFilterDriver - ok
11:47:36.0704 0660 IpInIp - ok
11:47:36.0735 0660 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:47:36.0797 0660 IPMIDRV - ok
11:47:36.0829 0660 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:47:36.0875 0660 IPNAT - ok
11:47:36.0938 0660 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:47:36.0969 0660 iPod Service - ok
11:47:37.0000 0660 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:47:37.0078 0660 IRENUM - ok
11:47:37.0109 0660 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:47:37.0125 0660 isapnp - ok
11:47:37.0172 0660 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:47:37.0187 0660 iScsiPrt - ok
11:47:37.0203 0660 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:47:37.0234 0660 iteatapi - ok
11:47:37.0250 0660 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:47:37.0265 0660 iteraid - ok
11:47:37.0281 0660 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:47:37.0297 0660 kbdclass - ok
11:47:37.0328 0660 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:47:37.0359 0660 kbdhid - ok
11:47:37.0390 0660 [ DCF733788C7D088D814E5F80EB4B3E0F ] KeyIso C:\Windows\system32\lsass.exe
11:47:37.0437 0660 KeyIso - ok
11:47:37.0484 0660 [ EA7F1D605518486269F45BD80FA00907 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:47:37.0515 0660 KSecDD - ok
11:47:37.0546 0660 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:47:37.0609 0660 KtmRm - ok
11:47:37.0655 0660 [ 86D7F66AC2C0123ED81B2F3E835845C2 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys
11:47:37.0702 0660 L1E - ok
11:47:37.0733 0660 [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:47:37.0780 0660 LanmanServer - ok
11:47:37.0796 0660 [ DEC1A338B86C5D582C25C40836DD76C3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:47:37.0858 0660 LanmanWorkstation - ok
11:47:37.0889 0660 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:47:37.0889 0660 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:47:37.0889 0660 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:47:37.0905 0660 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:47:37.0936 0660 lltdio - ok
11:47:37.0967 0660 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:47:38.0030 0660 lltdsvc - ok
11:47:38.0061 0660 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:47:38.0155 0660 lmhosts - ok
11:47:38.0186 0660 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:47:38.0201 0660 LSI_FC - ok
11:47:38.0248 0660 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:47:38.0279 0660 LSI_SAS - ok
11:47:38.0295 0660 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:47:38.0311 0660 LSI_SCSI - ok
11:47:38.0326 0660 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
11:47:38.0373 0660 luafv - ok
11:47:38.0420 0660 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
11:47:38.0435 0660 MBAMSwissArmy - ok
11:47:38.0529 0660 [ 5E25F0B6F0BB3F2A880598AF1BA36174 ] McNASvc c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
11:47:38.0701 0660 McNASvc - ok
11:47:38.0747 0660 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:47:38.0794 0660 Mcx2Svc - ok
11:47:38.0825 0660 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:47:38.0857 0660 mdmxsdk - ok
11:47:38.0888 0660 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
11:47:38.0903 0660 megasas - ok
11:47:38.0935 0660 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
11:47:38.0997 0660 MegaSR - ok
11:47:39.0028 0660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
11:47:39.0059 0660 MMCSS - ok
11:47:39.0106 0660 MobilityService - ok
11:47:39.0122 0660 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
11:47:39.0169 0660 Modem - ok
11:47:39.0200 0660 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:47:39.0231 0660 monitor - ok
11:47:39.0247 0660 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:47:39.0262 0660 mouclass - ok
11:47:39.0278 0660 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:47:39.0340 0660 mouhid - ok
11:47:39.0371 0660 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:47:39.0387 0660 MountMgr - ok
11:47:39.0434 0660 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:47:39.0449 0660 MozillaMaintenance - ok
11:47:39.0465 0660 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
11:47:39.0481 0660 mpio - ok
11:47:39.0512 0660 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:47:39.0543 0660 mpsdrv - ok
11:47:39.0590 0660 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:47:39.0605 0660 Mraid35x - ok
11:47:39.0652 0660 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:47:39.0668 0660 MRxDAV - ok
11:47:39.0683 0660 [ 317EB668973951BAD512EE8BEBF9ED25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:39.0730 0660 mrxsmb - ok
11:47:39.0761 0660 [ 05716F0203B5C774A87384A1FF7B968F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:39.0808 0660 mrxsmb10 - ok
11:47:39.0824 0660 [ C70C50D101B92B45C42BA11EA9FE6CD1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:39.0871 0660 mrxsmb20 - ok
11:47:39.0902 0660 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
11:47:39.0917 0660 msahci - ok
11:47:39.0933 0660 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:47:39.0949 0660 msdsm - ok
11:47:39.0964 0660 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
11:47:40.0011 0660 MSDTC - ok
11:47:40.0027 0660 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:47:40.0073 0660 Msfs - ok
11:47:40.0073 0660 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:47:40.0089 0660 msisadrv - ok
11:47:40.0151 0660 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:47:40.0198 0660 MSiSCSI - ok
11:47:40.0198 0660 msiserver - ok
11:47:40.0214 0660 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:47:40.0261 0660 MSKSSRV - ok
11:47:40.0292 0660 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:40.0354 0660 MSPCLOCK - ok
11:47:40.0385 0660 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:47:40.0448 0660 MSPQM - ok
11:47:40.0479 0660 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:47:40.0510 0660 MsRPC - ok
11:47:40.0541 0660 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:47:40.0541 0660 mssmbios - ok
11:47:40.0573 0660 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:47:40.0635 0660 MSTEE - ok
11:47:40.0666 0660 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
11:47:40.0682 0660 Mup - ok
11:47:40.0729 0660 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
11:47:40.0760 0660 napagent - ok
11:47:40.0791 0660 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:47:40.0822 0660 NativeWifiP - ok
11:47:40.0869 0660 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:47:40.0916 0660 NDIS - ok
11:47:40.0947 0660 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:41.0009 0660 NdisTapi - ok
11:47:41.0025 0660 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:41.0087 0660 Ndisuio - ok
11:47:41.0134 0660 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:41.0197 0660 NdisWan - ok
11:47:41.0228 0660 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:47:41.0275 0660 NDProxy - ok
11:47:41.0321 0660 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:47:41.0337 0660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:47:41.0337 0660 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:47:41.0353 0660 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:47:41.0415 0660 NetBIOS - ok
11:47:41.0462 0660 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:47:41.0509 0660 netbt - ok
11:47:41.0509 0660 [ DCF733788C7D088D814E5F80EB4B3E0F ] Netlogon C:\Windows\system32\lsass.exe
11:47:41.0540 0660 Netlogon - ok
11:47:41.0587 0660 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
11:47:41.0665 0660 Netman - ok
11:47:41.0696 0660 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
11:47:41.0743 0660 netprofm - ok
11:47:41.0774 0660 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:47:41.0805 0660 NetTcpPortSharing - ok
11:47:41.0930 0660 [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
11:47:42.0070 0660 NETw5v32 - ok
11:47:42.0101 0660 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:47:42.0117 0660 nfrd960 - ok
11:47:42.0148 0660 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:47:42.0211 0660 NlaSvc - ok
11:47:42.0242 0660 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:47:42.0273 0660 Npfs - ok
11:47:42.0289 0660 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
11:47:42.0367 0660 nsi - ok
11:47:42.0382 0660 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:47:42.0429 0660 nsiproxy - ok
11:47:42.0476 0660 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:47:42.0616 0660 Ntfs - ok
11:47:42.0663 0660 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
11:47:42.0679 0660 NTIDrvr - ok
11:47:42.0710 0660 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
11:47:42.0741 0660 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
11:47:42.0741 0660 NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
11:47:42.0772 0660 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
11:47:42.0850 0660 ntrigdigi - ok
11:47:42.0881 0660 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
11:47:42.0928 0660 Null - ok
11:47:42.0959 0660 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
11:47:43.0006 0660 NVHDA - ok
11:47:43.0412 0660 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:47:43.0802 0660 nvlddmkm - ok
11:47:43.0833 0660 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:47:43.0849 0660 nvraid - ok
11:47:43.0864 0660 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:47:43.0911 0660 nvstor - ok
11:47:43.0942 0660 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:47:43.0973 0660 nvsvc - ok
11:47:43.0989 0660 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:47:44.0005 0660 nv_agp - ok
11:47:44.0020 0660 NwlnkFlt - ok
11:47:44.0020 0660 NwlnkFwd - ok
11:47:44.0161 0660 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:47:44.0223 0660 odserv - ok
11:47:44.0270 0660 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:47:44.0348 0660 ohci1394 - ok
11:47:44.0410 0660 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:47:44.0426 0660 ose - ok
11:47:44.0504 0660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:47:44.0597 0660 p2pimsvc - ok
11:47:44.0597 0660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
11:47:44.0722 0660 p2psvc - ok
11:47:44.0738 0660 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
11:47:44.0831 0660 Parport - ok
11:47:44.0863 0660 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:47:44.0878 0660 partmgr - ok
11:47:44.0925 0660 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:47:45.0019 0660 Parvdm - ok
11:47:45.0019 0660 PCASp50 - ok
11:47:45.0050 0660 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
11:47:45.0128 0660 PcaSvc - ok
11:47:45.0143 0660 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
11:47:45.0159 0660 pci - ok
11:47:45.0221 0660 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
11:47:45.0237 0660 pciide - ok
11:47:45.0299 0660 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:47:45.0346 0660 pcmcia - ok
11:47:45.0393 0660 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:47:45.0596 0660 PEAUTH - ok
11:47:45.0814 0660 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
11:47:45.0955 0660 pla - ok
11:47:46.0048 0660 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:47:46.0095 0660 PlugPlay - ok
11:47:46.0111 0660 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:47:46.0126 0660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:47:46.0126 0660 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:47:46.0189 0660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:47:46.0298 0660 PNRPAutoReg - ok
11:47:46.0360 0660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:47:46.0423 0660 PNRPsvc - ok
11:47:46.0469 0660 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:47:46.0579 0660 PolicyAgent - ok
11:47:46.0641 0660 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:47:46.0688 0660 PptpMiniport - ok
11:47:46.0703 0660 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
11:47:46.0766 0660 Processor - ok
11:47:46.0828 0660 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
11:47:46.0875 0660 ProfSvc - ok
11:47:46.0906 0660 [ DCF733788C7D088D814E5F80EB4B3E0F ] ProtectedStorage C:\Windows\system32\lsass.exe
11:47:46.0937 0660 ProtectedStorage - ok
11:47:46.0984 0660 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:47:47.0047 0660 PSched - ok
11:47:47.0062 0660 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
11:47:47.0078 0660 PSDFilter - ok
11:47:47.0093 0660 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
11:47:47.0109 0660 PSDNServ - ok
11:47:47.0109 0660 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
11:47:47.0140 0660 psdvdisk - ok
11:47:47.0171 0660 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:47:47.0234 0660 ql2300 - ok
11:47:47.0327 0660 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:47:47.0343 0660 ql40xx - ok
11:47:47.0390 0660 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
11:47:47.0452 0660 QWAVE - ok
11:47:47.0468 0660 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:47:47.0483 0660 QWAVEdrv - ok
11:47:47.0499 0660 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:47:47.0530 0660 RasAcd - ok
11:47:47.0546 0660 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
11:47:47.0608 0660 RasAuto - ok
11:47:47.0639 0660 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:47.0702 0660 Rasl2tp - ok
11:47:47.0764 0660 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
11:47:47.0827 0660 RasMan - ok
11:47:47.0827 0660 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:47.0873 0660 RasPppoe - ok
11:47:47.0889 0660 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:47:47.0905 0660 RasSstp - ok
11:47:47.0951 0660 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:47:48.0014 0660 rdbss - ok
11:47:48.0045 0660 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:48.0123 0660 RDPCDD - ok
11:47:48.0154 0660 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:47:48.0201 0660 rdpdr - ok
11:47:48.0232 0660 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:47:48.0295 0660 RDPENCDD - ok
11:47:48.0326 0660 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:47:48.0373 0660 RDPWD - ok
11:47:48.0419 0660 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:47:48.0466 0660 RemoteAccess - ok
11:47:48.0482 0660 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:47:48.0544 0660 RemoteRegistry - ok
11:47:48.0575 0660 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
11:47:48.0607 0660 RpcLocator - ok
11:47:48.0638 0660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
11:47:48.0700 0660 RpcSs - ok
11:47:48.0731 0660 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:47:48.0763 0660 rspndr - ok
11:47:48.0778 0660 [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
11:47:48.0809 0660 RTSTOR - ok
11:47:48.0809 0660 [ DCF733788C7D088D814E5F80EB4B3E0F ] SamSs C:\Windows\system32\lsass.exe
11:47:48.0841 0660 SamSs - ok
11:47:48.0887 0660 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:47:48.0934 0660 sbp2port - ok
11:47:48.0981 0660 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:47:49.0012 0660 SCardSvr - ok
11:47:49.0059 0660 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll
11:47:49.0153 0660 Schedule - ok
11:47:49.0184 0660 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:47:49.0215 0660 SCPolicySvc - ok
11:47:49.0246 0660 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:47:49.0293 0660 SDRSVC - ok
11:47:49.0324 0660 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:47:49.0418 0660 secdrv - ok
11:47:49.0433 0660 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
11:47:49.0496 0660 seclogon - ok
11:47:49.0511 0660 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
11:47:49.0589 0660 SENS - ok
11:47:49.0621 0660 [ B97E1D0E59A128394F24E9F31E227EF2 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
11:47:49.0667 0660 Ser2pl - ok
11:47:49.0699 0660 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:47:49.0777 0660 Serenum - ok
11:47:49.0808 0660 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
11:47:49.0886 0660 Serial - ok
11:47:49.0917 0660 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:47:49.0979 0660 sermouse - ok
11:47:50.0042 0660 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
11:47:50.0089 0660 SessionEnv - ok
11:47:50.0135 0660 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:47:50.0198 0660 sffdisk - ok
11:47:50.0229 0660 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:47:50.0276 0660 sffp_mmc - ok
11:47:50.0307 0660 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:47:50.0385 0660 sffp_sd - ok
11:47:50.0401 0660 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:47:50.0479 0660 sfloppy - ok
11:47:50.0525 0660 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:47:50.0572 0660 SharedAccess - ok
11:47:50.0635 0660 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:47:50.0697 0660 ShellHWDetection - ok
11:47:50.0728 0660 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:47:50.0744 0660 sisagp - ok
11:47:50.0759 0660 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:47:50.0791 0660 SiSRaid2 - ok
11:47:50.0806 0660 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:47:50.0837 0660 SiSRaid4 - ok
11:47:51.0040 0660 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
11:47:51.0259 0660 slsvc - ok
11:47:51.0305 0660 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:47:51.0368 0660 SLUINotify - ok
11:47:51.0383 0660 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:47:51.0430 0660 Smb - ok
11:47:51.0461 0660 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:47:51.0477 0660 SNMPTRAP - ok
11:47:51.0508 0660 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
11:47:51.0539 0660 spldr - ok
11:47:51.0571 0660 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe
11:47:51.0633 0660 Spooler - ok
11:47:51.0680 0660 [ BAA6018A27857B5FF0C03CE756B4A7A2 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:47:51.0727 0660 srv - ok
11:47:51.0727 0660 [ D69B44E3B000C2FF583F10C65489B4FB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:47:51.0773 0660 srv2 - ok
11:47:51.0820 0660 [ 2D10DE9022822772ADAA120B15A9BD03 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:47:51.0883 0660 srvnet - ok
11:47:51.0929 0660 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\Windows\system32\DRIVERS\sscebus.sys
11:47:51.0929 0660 sscebus - ok
11:47:51.0961 0660 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\Windows\system32\DRIVERS\sscemdfl.sys
11:47:51.0976 0660 sscemdfl - ok
11:47:51.0992 0660 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\Windows\system32\DRIVERS\sscemdm.sys
11:47:52.0023 0660 sscemdm - ok
11:47:52.0070 0660 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:47:52.0117 0660 SSDPSRV - ok
11:47:52.0148 0660 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:47:52.0163 0660 ssmdrv - ok
11:47:52.0195 0660 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:47:52.0226 0660 SstpSvc - ok
11:47:52.0273 0660 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
11:47:52.0382 0660 stisvc - ok
11:47:52.0413 0660 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:47:52.0429 0660 swenum - ok
11:47:52.0491 0660 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
11:47:52.0522 0660 swprv - ok
11:47:52.0538 0660 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:47:52.0553 0660 Symc8xx - ok
11:47:52.0569 0660 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:47:52.0585 0660 Sym_hi - ok
11:47:52.0616 0660 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:47:52.0631 0660 Sym_u3 - ok
11:47:52.0694 0660 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:47:52.0725 0660 SynTP - ok
11:47:52.0756 0660 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
11:47:52.0834 0660 SysMain - ok
11:47:52.0881 0660 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:47:52.0928 0660 TabletInputService - ok
11:47:53.0006 0660 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:47:53.0037 0660 TapiSrv - ok
11:47:53.0068 0660 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
11:47:53.0146 0660 TBS - ok
11:47:53.0240 0660 [ 0E6B0885C3D5E4643ED2D043DE3433D8 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:47:53.0333 0660 Tcpip - ok
11:47:53.0365 0660 [ 0E6B0885C3D5E4643ED2D043DE3433D8 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:47:53.0489 0660 Tcpip6 - ok
11:47:53.0536 0660 [ FBF08035B75E52D99D81EA8EDDBA5F9C ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
11:47:53.0567 0660 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:47:53.0567 0660 tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:47:53.0614 0660 [ B085A1C98F96BA7882A27B001BECF5AC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:47:53.0661 0660 tcpipreg - ok
11:47:53.0723 0660 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
11:47:53.0755 0660 TcUsb - ok
11:47:53.0786 0660 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:47:53.0833 0660 TDPIPE - ok
11:47:53.0864 0660 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:47:53.0942 0660 TDTCP - ok
11:47:53.0989 0660 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:47:54.0035 0660 tdx - ok
11:47:54.0082 0660 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:47:54.0098 0660 TermDD - ok
11:47:54.0129 0660 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
11:47:54.0191 0660 TermService - ok
11:47:54.0223 0660 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll
11:47:54.0254 0660 Themes - ok
11:47:54.0285 0660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
11:47:54.0316 0660 THREADORDER - ok
11:47:54.0347 0660 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
11:47:54.0394 0660 TrkWks - ok
11:47:54.0425 0660 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:47:54.0488 0660 TrustedInstaller - ok
11:47:54.0535 0660 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:54.0597 0660 tssecsrv - ok
11:47:54.0628 0660 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:47:54.0675 0660 tunmp - ok
11:47:54.0706 0660 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:47:54.0769 0660 tunnel - ok
11:47:54.0815 0660 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:47:54.0831 0660 uagp35 - ok
11:47:54.0878 0660 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:47:54.0925 0660 udfs - ok
11:47:54.0956 0660 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:47:55.0018 0660 UI0Detect - ok
11:47:55.0034 0660 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:47:55.0065 0660 uliagpkx - ok
11:47:55.0096 0660 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:47:55.0127 0660 uliahci - ok
11:47:55.0174 0660 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:47:55.0190 0660 UlSata - ok
11:47:55.0221 0660 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:47:55.0252 0660 ulsata2 - ok
11:47:55.0299 0660 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:47:55.0346 0660 umbus - ok
11:47:55.0361 0660 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
11:47:55.0439 0660 upnphost - ok
11:47:55.0471 0660 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:55.0517 0660 usbccgp - ok
11:47:55.0533 0660 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:47:55.0611 0660 usbcir - ok
11:47:55.0689 0660 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:47:55.0767 0660 usbehci - ok
11:47:55.0783 0660 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:47:55.0845 0660 usbhub - ok
11:47:55.0892 0660 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:47:55.0970 0660 usbohci - ok
11:47:56.0001 0660 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:47:56.0048 0660 usbprint - ok
11:47:56.0079 0660 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:47:56.0126 0660 usbscan - ok
11:47:56.0188 0660 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:56.0235 0660 USBSTOR - ok
11:47:56.0266 0660 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:47:56.0313 0660 usbuhci - ok
11:47:56.0360 0660 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:47:56.0391 0660 usbvideo - ok
11:47:56.0469 0660 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
11:47:56.0516 0660 UxSms - ok
11:47:56.0531 0660 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
11:47:56.0578 0660 vds - ok
11:47:56.0625 0660 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:56.0672 0660 vga - ok
11:47:56.0703 0660 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
11:47:56.0750 0660 VgaSave - ok
11:47:56.0765 0660 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:47:56.0781 0660 viaagp - ok
11:47:56.0797 0660 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:47:56.0843 0660 ViaC7 - ok
11:47:56.0859 0660 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
11:47:56.0875 0660 viaide - ok
11:47:57.0140 0660 [ 59E6D1CC4EA1A19D07570AA0657ED966 ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
11:47:57.0155 0660 VmbService ( UnsignedFile.Multi.Generic ) - warning
11:47:57.0155 0660 VmbService - detected UnsignedFile.Multi.Generic (1)
11:47:57.0202 0660 [ 381BA57C1EE2AB1BAFCB4A6035CC305F ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
11:47:57.0265 0660 vodafone_K3805-z_dc_enum - ok
11:47:57.0296 0660 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:47:57.0311 0660 volmgr - ok
11:47:57.0374 0660 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:47:57.0389 0660 volmgrx - ok
11:47:57.0530 0660 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:47:57.0561 0660 volsnap - ok
11:47:57.0592 0660 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:47:57.0639 0660 vsmraid - ok
11:47:57.0764 0660 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
11:47:57.0904 0660 VSS - ok
11:47:57.0982 0660 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
11:47:58.0045 0660 W32Time - ok
11:47:58.0091 0660 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:47:58.0201 0660 WacomPen - ok
11:47:58.0216 0660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:47:58.0247 0660 Wanarp - ok
11:47:58.0263 0660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:47:58.0294 0660 Wanarpv6 - ok
11:47:58.0388 0660 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:47:58.0435 0660 wcncsvc - ok
11:47:58.0466 0660 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:47:58.0513 0660 WcsPlugInService - ok
11:47:58.0544 0660 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
11:47:58.0559 0660 Wd - ok
11:47:58.0731 0660 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:47:58.0809 0660 Wdf01000 - ok
11:47:58.0840 0660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:47:58.0903 0660 WdiServiceHost - ok
11:47:58.0903 0660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:47:58.0949 0660 WdiSystemHost - ok
11:47:59.0027 0660 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
11:47:59.0059 0660 WebClient - ok
11:47:59.0152 0660 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:47:59.0230 0660 Wecsvc - ok
11:47:59.0246 0660 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:47:59.0277 0660 wercplsupport - ok
11:47:59.0339 0660 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
11:47:59.0402 0660 WerSvc - ok
11:47:59.0527 0660 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:47:59.0667 0660 winachsf - ok
11:47:59.0698 0660 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
11:47:59.0761 0660 winbondcir - ok
11:47:59.0839 0660 [ B1CCBEEF1C3288407EB897E0B8DC2798 ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
11:47:59.0870 0660 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
11:47:59.0870 0660 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
11:47:59.0870 0660 WinHttpAutoProxySvc - ok
11:47:59.0963 0660 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:47:59.0995 0660 Winmgmt - ok
11:48:00.0104 0660 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
11:48:00.0275 0660 WinRM - ok
11:48:00.0369 0660 [ 766FDCF7E9AED0D0BEF8A36C27D0EF91 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:48:00.0447 0660 Wlansvc - ok
11:48:00.0525 0660 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:48:00.0556 0660 WmiAcpi - ok
11:48:00.0619 0660 [ 43BE3875207DCB62A85C8C49970B66CC ] WmiApSrv C:\Windows\System32\wbem\WmiApSrv.exe
11:48:00.0650 0660 WmiApSrv - ok
11:48:00.0712 0660 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:48:00.0806 0660 WMPNetworkSvc - ok
11:48:00.0868 0660 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:48:00.0946 0660 WPCSvc - ok
11:48:00.0977 0660 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:48:01.0133 0660 WPDBusEnum - ok
11:48:01.0165 0660 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
11:48:01.0211 0660 WpdUsb - ok
11:48:01.0243 0660 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:48:01.0289 0660 ws2ifsl - ok
11:48:01.0305 0660 WSearch - ok
11:48:01.0601 0660 [ 01E1499A7A4FCA7CDE102B60976544C1 ] wuauserv C:\Windows\system32\wuaueng.dll
11:48:01.0757 0660 wuauserv - ok
11:48:01.0789 0660 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:48:01.0851 0660 WUDFRd - ok
11:48:01.0913 0660 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:48:01.0991 0660 wudfsvc - ok
11:48:02.0023 0660 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
11:48:02.0038 0660 XAudio - ok
11:48:02.0069 0660 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
11:48:02.0085 0660 XAudioService - ok
11:48:02.0210 0660 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
11:48:02.0257 0660 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
11:48:02.0272 0660 ================ Scan global ===============================
11:48:02.0319 0660 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:48:02.0381 0660 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
11:48:02.0413 0660 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
11:48:02.0475 0660 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:48:02.0475 0660 [Global] - ok
11:48:02.0491 0660 ================ Scan MBR ==================================
11:48:02.0506 0660 [ F79EF1FA2A5761BF6A7B3A858FC003EE ] \Device\Harddisk0\DR0
11:48:03.0489 0660 \Device\Harddisk0\DR0 - ok
11:48:03.0489 0660 ================ Scan VBR ==================================
11:48:03.0505 0660 [ 9549086E0F7B8A33A5FF2787ED7CD8D2 ] \Device\Harddisk0\DR0\Partition1
11:48:03.0520 0660 \Device\Harddisk0\DR0\Partition1 - ok
11:48:03.0536 0660 [ E2D6838B22A0073B864CFB9AC3B04A62 ] \Device\Harddisk0\DR0\Partition2
11:48:03.0536 0660 \Device\Harddisk0\DR0\Partition2 - ok
11:48:03.0536 0660 ============================================================
11:48:03.0536 0660 Scan finished
11:48:03.0536 0660 ============================================================
11:48:03.0551 3432 Detected object count: 12
11:48:03.0551 3432 Actual detected object count: 12
11:48:30.0868 3432 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0868 3432 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0868 3432 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0868 3432 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0868 3432 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0868 3432 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0868 3432 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0868 3432 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0868 3432 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0868 3432 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0884 3432 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0884 3432 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:48:30.0899 3432 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:30.0899 3432 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 19.11.2012, 18:30   #10
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.11.2012, 09:24   #11
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Dem Himmel sei Dank ... und Markusg natürlich noch viel mehr!

Meine Firewall hat ihre Arbeit wieder aufgenommen!

Hier ist der Log von combofix.
Muss ich noch irgend etwas andeeres tun um meinen PC zu heilen?

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-19.03 - Piper 20.11.2012   8:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2085 [GMT 1:00]
ausgeführt von:: c:\users\Piper\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\SET649E.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-20 bis 2012-11-20  ))))))))))))))))))))))))))))))
.
.
2012-11-20 08:00 . 2012-11-20 08:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-14 09:11 . 2012-11-14 09:11	--------	d-----w-	C:\_OTL
2012-11-10 18:32 . 2012-11-20 08:02	--------	d-----w-	c:\windows\system32\wbem\repository
2012-11-09 20:01 . 2012-11-10 08:17	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-09 19:14 . 2012-11-09 19:15	--------	d-----w-	c:\windows\system32\ca-ES
2012-11-09 19:14 . 2012-11-09 19:14	--------	d-----w-	c:\windows\system32\eu-ES
2012-11-09 19:14 . 2012-11-09 19:14	--------	d-----w-	c:\windows\system32\vi-VN
2012-11-09 19:10 . 2012-11-09 19:10	--------	d-----w-	c:\windows\system32\SPReview
2012-11-09 18:56 . 2009-04-10 22:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2012-11-09 18:55 . 2009-04-10 22:27	57856	----a-w-	c:\windows\system32\compcln.exe
2012-11-09 18:53 . 2009-04-10 22:28	454144	----a-w-	c:\windows\system32\IasMigPlugin.dll
2012-11-09 18:52 . 2009-04-10 22:28	41984	----a-w-	c:\windows\system32\mimefilt.dll
2012-11-09 18:48 . 2012-11-09 18:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-11-09 14:30 . 2012-11-09 14:30	--------	d-----w-	c:\users\Piper\AppData\Roaming\Malwarebytes
2012-11-09 14:29 . 2012-11-09 14:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-09 14:29 . 2012-11-09 14:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-09 14:29 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-09 13:04 . 2012-11-09 18:23	--------	d-----w-	c:\programdata\5876C88E54E4FBAC00005876701D00C8
2012-11-03 19:16 . 2012-11-03 19:16	--------	d-----w-	c:\users\Piper\AppData\Roaming\Avira
2012-11-03 19:11 . 2012-11-13 12:46	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-03 19:11 . 2012-11-13 12:46	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-03 19:11 . 2012-11-13 12:46	83432	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-03 19:11 . 2012-11-03 19:11	--------	d-----w-	c:\programdata\Avira
2012-11-03 19:11 . 2012-11-03 19:11	--------	d-----w-	c:\program files\Avira
2012-11-01 12:42 . 2012-09-24 22:16	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-31 19:56 . 2012-10-31 19:56	--------	d-----w-	c:\windows\Sun
2012-10-30 10:59 . 2012-10-31 07:07	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 12:25 . 2012-09-03 12:26	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-03 12:25 . 2012-09-03 12:26	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-28 08:05 . 2012-10-02 19:23	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-08-28 08:04 . 2012-08-28 08:04	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-08-28 08:04 . 2012-08-28 08:04	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-08-28 08:04 . 2012-08-28 08:04	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-08-28 08:04 . 2012-08-28 08:04	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-08-28 08:04 . 2012-08-28 08:04	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-08-28 08:04 . 2012-08-28 08:04	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-08-28 08:04 . 2012-08-28 08:04	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-08-28 08:04 . 2012-08-28 08:04	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-08-28 08:04 . 2012-08-28 08:04	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-08-28 08:04 . 2012-08-28 08:04	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-08-28 08:04 . 2012-08-28 08:04	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-08-28 08:04 . 2012-10-02 19:22	821824	----a-w-	c:\windows\system32\dgderapi.dll
2012-08-28 08:04 . 2012-10-02 19:22	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2012-08-28 08:04 . 2012-08-28 08:04	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-08-28 08:04 . 2012-08-28 08:04	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-08-28 08:04 . 2012-08-28 08:04	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-08-28 08:04 . 2012-08-28 08:04	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-08-28 08:04 . 2012-08-28 08:04	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-08-28 08:04 . 2012-08-28 08:04	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-08-28 08:04 . 2012-08-28 08:04	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-08-28 08:04 . 2012-08-28 08:04	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-08-28 08:04 . 2012-08-28 08:04	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-08-28 08:04 . 2012-08-28 08:04	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-08-28 08:04 . 2008-11-27 18:44	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2012-10-28 16:24 . 2012-10-28 16:24	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Piper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Piper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Piper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-06 831488]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-13 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Piper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Piper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 14:54	147456	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 14:54	167936	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-09-11 21:46	544768	----a-w-	c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-29 16:52	526896	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 09:45	182808	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-02-01 20:53	127040	----a-w-	c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 07:52	964024	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 07:52	3524536	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-04-19 14:12	408576	----a-w-	c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-18 16:23	13543968	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-18 16:23	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-07-18 15:04	167936	------w-	c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53	6144	----a-w-	c:\program files\Acer\WR_PopUp\ProductReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trigger New Acer AlaunchX]
2008-08-13 08:38	172032	----a-w-	c:\acer\Preload\Command\AlaunchX\AppInRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\User_Feed_Synchronization-{A422CF15-5687-4B2A-9C14-8F92A50284DA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0212&m=aspire_6930g
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: Interfaces\{92288ED8-8471-49B9-B415-4D6A36DDE2EA}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\Piper\AppData\Roaming\Mozilla\Firefox\Profiles\1btbgr6v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - taz.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-20 09:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3240)
c:\users\Piper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Windows7FirewallControl\Windows7FirewallService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-20  09:10:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-20 08:10
.
Vor Suchlauf: 13 Verzeichnis(se), 62.183.624.704 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 63.626.469.376 Bytes frei
.
- - End Of File - - F62E7D3FE6CE76423B512352126BE746
         
--- --- ---

Alt 20.11.2012, 22:04   #12
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.24.1850
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.11.2012, 10:54   #13
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Acer Arcade Deluxe CyberLink Corp. 01.02.2012 83,0MB 2.0.5702 benötigt
Acer Crystal Eye Webcam Acer Crystal Eye Webcam 01.02.2012 2,78MB 2.0.0.17 benötigt
Acer eAudio Management CyberLink Corp. 01.02.2012 4,71MB 3.0.3009 benötigt
Acer eDataSecurity Management Egis Inc. 27.11.2008 69,3MB 3.0.3065benötigt
Acer Empowering Technology Acer Incorporated 27.11.2008 120MB 3.0.3010 benötigt
Acer ePower Management Acer Incorporated 27.11.2008 9,82MB 3.0.3014 benötigt
Acer eRecovery Management Acer Incorporated 01.02.2012 27,5MB 3.0.3014 benötigt
Acer eSettings Management Acer Incorporated 27.11.2008 27,3MB 3.0.3007 benötigt
Acer GridVista 01.02.2012 1,51MB 2.72.317 benötigt
Acer Mobility Center Plug-In Acer Inc. 27.11.2008 4,12MB 3.0.3000 benötigt
Acer ScreenSaver Acer Incorporated 01.02.2012 1.11.0701 nicht benötigt
Acrobat.com Adobe Systems Incorporated 27.11.2008 1,67MB 1.1.377 benötigt
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 01.02.2012 14,0MB unbekannt
Adobe AIR Adobe Systems Incorporated 18.03.2012 3.1.0.4880 unbekannt
Adobe Download Assistant Adobe Systems Incorporated 18.03.2012 2,89MB 1.0.6 nicht benötigt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.02.2012 11.1.102.55 benötigt
Adobe Flash Player ActiveX Adobe Systems Incorporated 01.02.2012 9.0.124.0 benötigt
Adobe Reader 9 Adobe Systems Incorporated 27.11.2008 202MB 9.0.0 benötigt
Apple Application Support Apple Inc. 07.08.2012 61,0MB 2.1.9 unbekannt
Apple Mobile Device Support Apple Inc. 07.08.2012 24,4MB 5.2.0.6 unbekannt
Apple Software Update Apple Inc. 07.08.2012 2,38MB 2.1.3.127 unbekannt
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 27.11.2008 2,93MB 1.0.0.30 unbekannt
Avira Free Antivirus Avira 13.11.2012 194MB 13.0.0.2761 benötigt
Bonjour Apple Inc. 07.08.2012 0,98MB 3.0.0.10 unbekannt
CCleaner Piriform 24.10.2012 4,93MB 3.24 neu
Dropbox Dropbox, Inc. 15.06.2012 27,7MB 1.4.7 benötigt
FTP Commander Pro 10.05.2012 2,05MB benötigt
Google Earth Google 01.02.2012 116MB 6.2.0.5905 benötigt
HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 27.11.2008 0,98MB 7.73.00.52 unbekannt
HP Imaging Device Functions 8.0 HP 11.04.2012 1,52MB 8.0 benötigt
HP OCR Software 8.0 HP 11.04.2012 1,51MB 8.0 benötigt
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B benötigt
HP 11.04.2012 75,7MB 8.0 unbekannt
HP Solution Center 8.0 HP 11.04.2012 1,51MB 8.0 benötigt
HP Update Hewlett-Packard 11.04.2012 3,56MB 4.000.005.006 unbekannt
ICQ7.7 ICQ 01.02.2012 59,7MB 7.7 nicht benötigt[/B]
Intel® Matrix Storage Manager Intel Corporation 01.02.2012 48,0MB unbekannt
IrfanView (remove only) Irfan Skiljan 01.02.2012 1,69MB 4.32 benötigt
iTunes Apple Inc. 07.08.2012 183MB 10.6.3.25 benötigt
Java 7 Update 9 Oracle 03.09.2012 130MB 7.0.90 benötigt
Launch Manager 01.02.2012 2,66MB unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 09.11.2012 12,7MB 1.65.1.1000 neu
Microsoft Office Home and Student 2007 Microsoft Corporation 27.11.2008 298MB 12.0.6215.1000 benötigt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.11.2008 422KB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 unbekannt
Microsoft Corporation 22.05.2012 590KB 9.0.30729 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 unbekannt
Microsoft Corporation 01.02.2012 11,1MB 10.0.40219 unbekannt
Microsoft Works Microsoft Corporation 27.11.2008 282MB ? 08.05.0822
MozBackup 1.5.1 Pavel Cvrcek 01.02.2012 1,68MB
Mozilla Firefox 16.0.2 (x86 de) Mozilla 28.10.2012 39,0MB 16.0.2 benötigt
Mozilla Maintenance Service Mozilla 28.10.2012 216KB 16.0.2 unbekannt
Mozilla Thunderbird 16.0.2 (x86 de) Mozilla 31.10.2012 39,6MB 16.0.2 benötigt
MSXML 4.0 SP3 Parser Microsoft Corporation 22.05.2012 1,47MB 4.30.2100.0 unbekannt
NVIDIA Drivers 09.11.2012 ?
PL-2303 Vista Driver Installer Prolific 01.07.2012 3.2.0.0 ?
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.11.2008 23,6MB 6.0.1.5704 ?
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 27.11.2008 2,97MB ?
Samsung Kies Samsung Electronics Co., Ltd. 02.10.2012 204MB 2.3.3.12085_7 benötigt
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 20.11.2012 38,4MB 1.5.9.0 benötigt
Skype™ 5.5 Skype Technologies S.A. 01.02.2012 17,0MB 5.5.124 benötigt
Synaptics Pointing Device Driver Synaptics 01.02.2012 14,3MB 11.1.4.0 ?
VLC media player 1.1.11 VideoLAN 01.02.2012 82,1MB 1.1.11 benötigt
Vodafone Mobile Broadband Vodafone 22.08.2012 110MB 10.2.103.31248 benötigt
Winamp Nullsoft, Inc 02.02.2012 38,4MB 5.623 benötigt
Winamp Erkennungs-Plug-in Nullsoft, Inc 02.02.2012 156KB 1.0.0.1 ?
Winbond CIR Device Drivers Winbond Electronics Corporation 27.11.2008 2,24MB 7.60.1012 ?
Windows Media Player Firefox Plugin Microsoft Corp 03.03.2012 296KB 1.0.0.8 benötigt
Windows7FirewallControl (i386) 4.1.13.71 Sphinx Software 02.02.2012 2,64MB 4.1.13.71 benötigt
WinRAR 4.10 (32-Bit) win.rar GmbH 02.02.2012 4,19MB 4.10.0 benötigt
Wuala LaCie 03.09.2012 87,7MB 1.0.411.0 ?

Alt 23.11.2012, 11:32   #14
Piper5
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



Ich habe außerdem soeben festgestellt, dass mein Samsung Mobiltelefon über die KIES-Software trotz Neuinstallation nicht mehr mit dem PC verbunden werden kann.
Das muss auch eine Folge des Virenbefalls sein.
Gibt es dazu evtl. noch eine Lösung?

Alt 27.11.2012, 17:11   #15
markusg
/// Malware-holic
 
Windows Vista Firewall abgeschossen - Standard

Windows Vista Firewall abgeschossen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:

öffne ccleaner, analysieren, starten.
Öffne OTL, bereinigen, PC startet neu, löscht Remover.
welche Probleme gibts mit dem Handy genau, Fehlermeldungen? Welches Handy und welche Software wird verwendet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows Vista Firewall abgeschossen
abgeschaltet, anleitung, cmd, dateien, dateien gelöscht, dienste, ebenfalls, exploit.drop.gs, firewall, infizierte, infizierte dateien, problem, pum.disabled.securitycenter, quarantäne, rogue.systemprogressiveprotection, schließe, schonmal, starte, startet, system, system neu, tool, trojan.0access, versucht, windows, windows vista



Ähnliche Themen: Windows Vista Firewall abgeschossen


  1. Avira-Firewall oder die Windows-Firewall benutzen?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.10.2015 (6)
  2. Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (50)
  3. Habe irgendwie meine Kernel32.exe abgeschossen
    Alles rund um Windows - 16.07.2012 (4)
  4. Windows Vista, Firewall lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 11.04.2012 (6)
  5. Firewall Vista funktioniert nicht, kein Internetzugang, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (64)
  6. windows 2000- USB-Stick abgeschossen was kann man machen
    Alles rund um Windows - 01.07.2010 (3)
  7. Internet disconnected, Sound Mixer abgeschossen, usw.
    Plagegeister aller Art und deren Bekämpfung - 16.10.2009 (4)
  8. Windows Vista Firewall
    Alles rund um Windows - 22.02.2009 (6)
  9. System + Bios wurde abgeschossen
    Plagegeister aller Art und deren Bekämpfung - 28.09.2008 (2)
  10. Ständige Trojanerwarnmeldung der Vista Firewall II
    Plagegeister aller Art und deren Bekämpfung - 09.09.2008 (17)
  11. Ständige Trojanerwarnmeldung der Vista Firewall
    Plagegeister aller Art und deren Bekämpfung - 03.09.2008 (2)
  12. Vista Firewall oder McAfee ?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.05.2008 (1)
  13. Windows Vista Firewall sicher???
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2008 (9)
  14. Surfen ohne Vista-Firewall...droht nun Gefahr?
    Mülltonne - 04.08.2007 (0)
  15. Windows XP Firewall Symbol in Taskleiste ist nicht da, obwohl Firewall aktiviert ist!
    Antiviren-, Firewall- und andere Schutzprogramme - 15.01.2007 (7)
  16. System abgeschossen :(
    Log-Analyse und Auswertung - 14.12.2006 (1)
  17. aktivierte Windows Firewall ersetzt Personal Firewall??
    Antiviren-, Firewall- und andere Schutzprogramme - 22.02.2005 (3)

Zum Thema Windows Vista Firewall abgeschossen - Hallo, ich wurde kürzlich von dem heimtückischen "System Progressive Protectipon" heimgesucht und seit dem startet meine Windows Vista interne Firewall nicht mehr. Ich hatte laut Anleitung zunächst den SPP mit - Windows Vista Firewall abgeschossen...
Archiv
Du betrachtest: Windows Vista Firewall abgeschossen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.