|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Serifef infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  14.01.2013, 01:26 | #1 | 
|  |   Serifef infiziert Hallo. Gestern wollte eine Seite ein Flashplayer udate machen.. Ich hab leider auf ja geklickt und schon hat mein Virenscanner alarm geschlagen. Jetz hab ich meinen Rechner neu installiert mit eRecovery also den Dvds. Danach Malwarbyte durchlaufen lassen der nichts mehr gefunden hat. Kann ich mir da jetzt sicher sein das wieder alles passt oder könnte der Virus auch im MBR sitzen ? Danke schon mal für Antworten und eure Hilfe Hier sind auch noch die OTL.txt Code: 
  ATTFilter OTL logfile created on: 14.01.2013 00:25:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanjo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free 7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009.09.24 09:50:56 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2009.09.18 14:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 18:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.01.10 01:02:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 02:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009.11.25 02:05:05 | 001,664,560 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 20:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 18:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.22 04:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.06.19 23:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.02.23 02:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.08.04 21:46:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/01/13 17:55:36] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE518 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170633FE%7D:20.1.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.13 19:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 19:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Extensions [2013.01.13 19:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Firefox\Profiles\81d55giq.default\extensions [2013.01.13 19:34:40 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\firefox\profiles\81d55giq.default\extensions\testpilot@labs.mozilla.com.xpi [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2013.01.13 19:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.01.10 01:03:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.10 01:57:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 01:57:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 01:57:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 01:57:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 01:57:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 01:57:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C958B319-DBB3-4C76-B4DE-10032A463DE5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 02:36:18 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:14:13 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Malwarebytes [2013.01.14 00:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 00:03:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.14 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.14 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Programs [2013.01.13 23:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 23:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.13 23:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.01.13 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.13 21:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.01.13 21:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.13 21:27:31 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.13 21:27:31 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.13 21:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.13 21:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.13 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.13 21:26:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.13 20:59:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.13 19:58:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.13 19:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.13 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.13 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Mozilla [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Mozilla [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.13 19:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Adobe [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Google [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Google [2013.01.13 19:17:34 | 000,057,288 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity [2013.01.13 19:17:31 | 000,042,952 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 19:17:19 | 000,034,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2013.01.13 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Downloaded Installations [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Macromedia [2013.01.13 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2013.01.13 18:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.01.13 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.01.13 18:05:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.01.13 18:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2013.01.13 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.01.13 18:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.01.13 18:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.01.13 18:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.01.13 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft Help [2013.01.13 17:59:15 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector [2013.01.13 17:55:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe [2013.01.13 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2013.01.13 17:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.01.13 17:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\EgisTec [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\book [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.13 17:52:53 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Searches [2013.01.13 17:52:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Identities [2013.01.13 17:52:45 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Contacts [2013.01.13 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\VirtualStore [2013.01.13 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2013.01.13 17:51:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2013.01.13 17:51:32 | 000,000,000 | --SD | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Videos [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Saved Games [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Pictures [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Music [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Links [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Favorites [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Downloads [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Documents [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Desktop [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Vorlagen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Verlauf [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Temporary Internet Files [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Startmenü [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\SendTo [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Recent [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Netzwerkumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Lokale Einstellungen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Videos [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Musik [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Eigene Dateien [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Bilder [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Druckumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Cookies [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -H-D | C] -- C:\Users\Hanjo\AppData [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Temp [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Media Center Programs [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.13 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.13 17:46:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.13 17:46:51 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.13 17:46:51 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.13 17:46:51 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.13 17:46:51 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.13 17:46:50 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.13 17:46:50 | 000,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.13 17:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.13 17:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.13 17:46:23 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 17:43:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.13 17:40:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2009.09.17 22:20:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.14 02:36:08 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:08 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:20:42 | 000,000,000 | ---- | M] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:03:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:52:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 23:52:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 23:52:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 23:52:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 23:52:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 23:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 23:47:34 | 3214,209,024 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 23:28:24 | 000,353,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 22:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:56:37 | 000,365,568 | ---- | M] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 20:57:50 | 000,050,477 | ---- | M] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:34:32 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 19:17:32 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 17:59:15 | 000,002,073 | ---- | M] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.13 17:48:26 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd [2012.12.29 11:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.29 11:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2013.01.14 02:36:40 | 000,653,928 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.01.14 02:36:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:40 | 000,129,800 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.01.14 02:36:40 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 00:20:42 | 000,000,000 | ---- | C] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:03:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 22:32:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.13 22:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:55:33 | 000,365,568 | ---- | C] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 21:47:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.13 21:28:16 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.13 21:26:57 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.13 20:57:48 | 000,050,477 | ---- | C] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:34:32 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 19:34:32 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:17:32 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 18:07:57 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2013.01.13 18:07:45 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2013.01.13 17:59:15 | 000,002,073 | ---- | C] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:52:58 | 000,001,413 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.13 17:52:55 | 000,001,447 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.13 17:40:30 | 3214,209,024 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Extra.txt Code: 
  ATTFilter OTL Extras logfile created on: 14.01.2013 00:25:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hanjo\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free
7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
 
Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D182A33-2536-4F6D-AA08-69E9348A86C1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0DA08E88-910B-4D0B-9C9E-9412FED640C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{111134F4-6449-48CD-A2D8-FD3D2E2A7083}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{123930EB-7782-4153-8728-D259B33B6FA0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{21188573-04C8-4769-A9B0-182BF094C1AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2CE65C0C-1D1F-43A5-96A6-F030A0DC1051}" = lport=138 | protocol=17 | dir=in | app=system | 
"{322BAB24-7718-434D-9130-B7AE961F83E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4F8FDBFA-A7DD-444C-919D-E4924FCFC485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D84BC75-4F65-462B-8C26-C12BA74F654B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7278DC5C-37AC-465D-B712-91A5BF8F499D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{79E70220-DDF6-4DF2-9873-A3A76792F19B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7B6A151C-4F8A-4AA4-A4C5-9DFF63E73077}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E715805-2FA1-428F-96FA-8D5CDB4908CE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA9B47EA-8382-4AA0-8EAF-FC2DB704D9B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B360D86E-3062-462C-9C33-E4BD308F9D94}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C0D53CFA-E3D3-4670-A401-B1CB6A2ED102}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D519220A-A026-49F8-AAE9-17A1030FFC21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCCA4D9A-5813-4C7E-8F04-6678EF7A0CC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5D58135-3D41-4713-99BE-B0BFFFB4DE59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F08AC10C-14C7-4210-A00A-72D5B7705E21}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F0AE9548-EC85-4462-BFC8-0DE4D3AEBFE7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F542F958-594F-4135-926F-CA13E768ED0E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FDA42F62-7CE3-44FE-9AC4-60CD7929BE35}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01899D30-22CB-4EB0-823D-93AD09F8AB2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{061ACA92-2AC8-4ED3-A705-EFE46857A9E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0B4E74BF-D106-4567-9D86-B55EDB78B02F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10C9C447-9CE3-404E-A353-19F4833715F5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{16EAE5F3-F5CD-46B4-8B18-6C8CAFA06691}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1AD45C24-F07F-4AEE-B038-5A123605B55D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{20F7CEAB-0D65-4D91-BA54-40C698AF2F3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2675394C-8CCF-42B9-A7CF-140931A3C63E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{2719A9F0-C0CC-48DB-A167-10431748D4BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36021A1A-3574-4354-A2E1-766830A52B57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F0332F8-8DCB-4889-8369-45082C52EE63}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{517D1294-8C84-4CAE-9754-DF180B3DBC2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B31D413-914D-4623-B512-80801239C120}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D466A36-9ADF-4913-A241-76B7DBD94694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E99A6B9-BEAE-4703-8891-0E3B0B4E8EC9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{75208F4D-00D7-4108-A18E-4E7A50A2AD37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7BAEEFF3-A347-4E33-BB81-89486AE0B1AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D6D448C-C9F0-4A1E-A508-FCCA2CEA8672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FB4488F-47DD-46C8-99FA-F73A482EAF07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{82A4F512-3604-4251-B938-3F85CC8C7482}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{91B1DF4A-9F31-4D49-AA78-828262C72AB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{94071892-8278-4912-947D-37796F09BEE5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{A247DBEC-BE5E-4DD1-B5E5-8355CDA1A9F4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6ED6865-66B8-4C3F-8F97-4E46A5D60E36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C9B1F871-A9B5-4203-A95F-F713617DB662}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F13B77E5-A73D-4920-93A9-8001B1480007}" = protocol=6 | dir=out | app=system | 
"{F15DFD40-B69F-4E8C-A9E6-ABF79B1AFB83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3BAF5A5-C544-4ED8-8AED-507E473B7CA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA071859-66EB-45CF-88CB-47402F09E7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18c5b800-77b3-4e83-9bcd-967c26a1d75a}" = Nero 9 Essentials
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mufin player D" = mufin player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.01.2013 13:53:48 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 13.01.2013 12:44:13 | Computer Name = WIN-OSE6VQP48UE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 13.01.2013 12:44:31 | Computer Name = WIN-OSE6VQP48UE | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 13.01.2013 12:45:07 | Computer Name = WIN-OSE6VQP48UE | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         Gmer.txt Code: 
  ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 01:03:14
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST315003 rev.CC4H 1397,27GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Hanjo\AppData\Local\Temp\fwloipow.sys
---- User code sections - GMER 2.0 ----
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000774f1401 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000774f1419 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000774f1431 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000774f144a 2 bytes [4F, 77]
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000774f14dd 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000774f14f5 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         00000000774f150d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000774f1525 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000774f153d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             00000000774f1555 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000774f156d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000774f1585 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           00000000774f159d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000774f15b5 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000774f15cd 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000774f16b2 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000774f16bd 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17             00000000774f1401 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17               00000000774f1419 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17             00000000774f1431 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42             00000000774f144a 2 bytes [4F, 77]
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                00000000774f14dd 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17         00000000774f14f5 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                00000000774f150d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17         00000000774f1525 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17               00000000774f153d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    00000000774f1555 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17             00000000774f156d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17               00000000774f1585 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  00000000774f159d 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17               00000000774f15b5 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17             00000000774f15cd 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20         00000000774f16b2 2 bytes [4F, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31         00000000774f16bd 2 bytes [4F, 77]
---- Devices - GMER 2.0 ----
Device   \Driver\iaStor \Device\Dev_fffffa8004b06050                                                                                                        ws\system32\DRIVERS\kbdclass.sys
Device   \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006728b70                                                                                      fffffa8004738aa4
Device   \Driver\USBSTOR \Device\Dev_fffffa8006728b70                                                                                                       ws\system32\DRIVERS\kbdclass.sys
Device   \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672db70                                                                                      fffffa8004738aa4
Device   \Driver\USBSTOR \Device\Dev_fffffa800672db70                                                                                                       ws\system32\DRIVERS\kbdclass.sys
Device   \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006732b70                                                                                      fffffa8004738aa4
Device   \Driver\USBSTOR \Device\Dev_fffffa8006732b70                                                                                                       ws\system32\DRIVERS\kbdclass.sys
Device   \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672eb70                                                                                      fffffa8004738aa4
Device   \Driver\USBSTOR \Device\Dev_fffffa800672eb70                                                                                                       ws\system32\DRIVERS\kbdclass.sys
Device   \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672fb70                                                                                      fffffa8004738aa4
Device   \Driver\USBSTOR \Device\Dev_fffffa800672fb70                                                                                                       ws\system32\DRIVERS\kbdclass.sys
---- Threads - GMER 2.0 ----
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1460]                                                                       0000000077572e3e
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1476]                                                                       0000000074e67587
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2620]                                                                       000000001000bd90
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2676]                                                                       000000001000bd90
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4516]                                                                       0000000004b55f30
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3216]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2188]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1076]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:932]                                                                        000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3008]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3048]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3056]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3836]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4408]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2156]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2000]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3368]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1980]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5000]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4636]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3508]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3436]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4648]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5008]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5076]                                                                       000000001000bb20
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1768]                                                                       0000000077573e59
Thread   C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4584]                                                                       0000000077573e59
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4312]                                                                           0000000010024040
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4316]                                                                           0000000010015e40
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4320]                                                                           0000000010024040
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4324]                                                                           0000000010024040
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4328]                                                                           000000007c3494f6
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4892]                                                                           0000000010024040
Thread   C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4540]                                                                           0000000010024040
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4172]                                                                             0000000074e67587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4588]                                                                             0000000073300cb3
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4532]                                                                             0000000077572e3e
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4704]                                                                             0000000077573e59
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:1468]                                                                             0000000077573e59
---- Processes - GMER 2.0 ----
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432]                                                       0000000076c00000
---- EOF - GMER 2.0 ----
          | 
|  14.01.2013, 15:10 | #2 | 
| /// Malware-holic       |   Serifef infiziert hi__________________ download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten 
				__________________ | 
|  15.01.2013, 01:35 | #3 | 
|  |   Serifef infiziert Hi__________________ so hab tdss killer durchlaufen lassen hat auch was gefunden (FirebirdServerMAGIXInstance) aber keine ahnung was das sein soll ! hier der log Code: 
  ATTFilter 01:25:20.0486 4816  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:25:22.0498 4816  ============================================================
01:25:22.0498 4816  Current date / time: 2013/01/15 01:25:22.0498
01:25:22.0498 4816  SystemInfo:
01:25:22.0498 4816  
01:25:22.0498 4816  OS Version: 6.1.7601 ServicePack: 1.0
01:25:22.0498 4816  Product type: Workstation
01:25:22.0498 4816  ComputerName: HANJO-PC
01:25:22.0498 4816  UserName: Hanjo
01:25:22.0498 4816  Windows directory: C:\Windows
01:25:22.0498 4816  System windows directory: C:\Windows
01:25:22.0498 4816  Running under WOW64
01:25:22.0498 4816  Processor architecture: Intel x64
01:25:22.0498 4816  Number of processors: 4
01:25:22.0498 4816  Page size: 0x1000
01:25:22.0498 4816  Boot type: Normal boot
01:25:22.0498 4816  ============================================================
01:25:23.0653 4816  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:25:23.0684 4816  ============================================================
01:25:23.0684 4816  \Device\Harddisk0\DR0:
01:25:23.0684 4816  MBR partitions:
01:25:23.0684 4816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
01:25:23.0684 4816  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x565E7000
01:25:23.0684 4816  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x58419800, BlocksNum 0x5666D800
01:25:23.0684 4816  ============================================================
01:25:23.0731 4816  C: <-> \Device\Harddisk0\DR0\Partition2
01:25:24.0089 4816  D: <-> \Device\Harddisk0\DR0\Partition3
01:25:24.0089 4816  ============================================================
01:25:24.0089 4816  Initialize success
01:25:24.0089 4816  ============================================================
01:27:24.0174 2360  ============================================================
01:27:24.0174 2360  Scan started
01:27:24.0174 2360  Mode: Manual; SigCheck; TDLFS; 
01:27:24.0174 2360  ============================================================
01:27:25.0500 2360  ================ Scan system memory ========================
01:27:25.0500 2360  System memory - ok
01:27:25.0500 2360  ================ Scan services =============================
01:27:25.0609 2360  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:27:25.0796 2360  1394ohci - ok
01:27:25.0827 2360  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:27:25.0859 2360  ACPI - ok
01:27:25.0874 2360  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:27:25.0921 2360  AcpiPmi - ok
01:27:25.0952 2360  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:27:25.0999 2360  adp94xx - ok
01:27:25.0999 2360  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:27:26.0030 2360  adpahci - ok
01:27:26.0046 2360  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:27:26.0077 2360  adpu320 - ok
01:27:26.0108 2360  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:27:26.0233 2360  AeLookupSvc - ok
01:27:26.0280 2360  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:27:26.0373 2360  AFD - ok
01:27:26.0389 2360  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:27:26.0405 2360  agp440 - ok
01:27:26.0436 2360  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:27:26.0483 2360  ALG - ok
01:27:26.0529 2360  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:27:26.0545 2360  aliide - ok
01:27:26.0576 2360  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:27:26.0592 2360  amdide - ok
01:27:26.0623 2360  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:27:26.0685 2360  AmdK8 - ok
01:27:26.0701 2360  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:27:26.0732 2360  AmdPPM - ok
01:27:26.0748 2360  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:27:26.0779 2360  amdsata - ok
01:27:26.0795 2360  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:27:26.0810 2360  amdsbs - ok
01:27:26.0841 2360  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:27:26.0857 2360  amdxata - ok
01:27:26.0888 2360  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:27:27.0029 2360  AppID - ok
01:27:27.0044 2360  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:27:27.0091 2360  AppIDSvc - ok
01:27:27.0122 2360  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
01:27:27.0169 2360  Appinfo - ok
01:27:27.0169 2360  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:27:27.0200 2360  arc - ok
01:27:27.0200 2360  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:27:27.0231 2360  arcsas - ok
01:27:27.0247 2360  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:27.0294 2360  AsyncMac - ok
01:27:27.0325 2360  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:27:27.0341 2360  atapi - ok
01:27:27.0450 2360  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
01:27:27.0621 2360  atikmdag - ok
01:27:27.0653 2360  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:27:27.0746 2360  AudioEndpointBuilder - ok
01:27:27.0762 2360  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:27:27.0824 2360  AudioSrv - ok
01:27:28.0058 2360  [ 780AC17E6C1B5A35AB5A2BA58212EA55 ] AVKProxy        C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
01:27:28.0183 2360  AVKProxy - ok
01:27:28.0339 2360  [ EB024C7DFCFBC24117BABD07B4020D81 ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
01:27:28.0401 2360  AVKService - ok
01:27:28.0448 2360  [ 393118F933D70AAFB7D3519F73CB6971 ] AVKWCtl         C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
01:27:28.0542 2360  AVKWCtl - ok
01:27:28.0604 2360  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:27:28.0667 2360  AxInstSV - ok
01:27:28.0729 2360  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:27:28.0776 2360  b06bdrv - ok
01:27:28.0807 2360  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:27:28.0869 2360  b57nd60a - ok
01:27:28.0901 2360  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:27:28.0947 2360  BDESVC - ok
01:27:28.0963 2360  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:27:29.0010 2360  Beep - ok
01:27:29.0072 2360  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:27:29.0135 2360  BFE - ok
01:27:29.0197 2360  [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
01:27:29.0244 2360  BingDesktopUpdate - ok
01:27:29.0275 2360  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:27:29.0353 2360  BITS - ok
01:27:29.0369 2360  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:27:29.0400 2360  blbdrive - ok
01:27:29.0431 2360  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:27:29.0478 2360  bowser - ok
01:27:29.0478 2360  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:27:29.0525 2360  BrFiltLo - ok
01:27:29.0525 2360  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:27:29.0540 2360  BrFiltUp - ok
01:27:29.0571 2360  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:27:29.0587 2360  Browser - ok
01:27:29.0618 2360  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:27:29.0681 2360  Brserid - ok
01:27:29.0681 2360  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:27:29.0712 2360  BrSerWdm - ok
01:27:29.0712 2360  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:27:29.0743 2360  BrUsbMdm - ok
01:27:29.0743 2360  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:27:29.0759 2360  BrUsbSer - ok
01:27:29.0774 2360  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:27:29.0805 2360  BTHMODEM - ok
01:27:29.0837 2360  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:27:29.0883 2360  bthserv - ok
01:27:29.0899 2360  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:27:29.0946 2360  cdfs - ok
01:27:29.0993 2360  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
01:27:30.0039 2360  cdrom - ok
01:27:30.0086 2360  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:27:30.0117 2360  CertPropSvc - ok
01:27:30.0149 2360  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:27:30.0195 2360  circlass - ok
01:27:30.0211 2360  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:27:30.0242 2360  CLFS - ok
01:27:30.0398 2360  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:30.0429 2360  clr_optimization_v2.0.50727_32 - ok
01:27:30.0523 2360  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:30.0554 2360  clr_optimization_v2.0.50727_64 - ok
01:27:30.0726 2360  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:30.0757 2360  clr_optimization_v4.0.30319_32 - ok
01:27:30.0882 2360  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:30.0913 2360  clr_optimization_v4.0.30319_64 - ok
01:27:30.0929 2360  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:30.0960 2360  CmBatt - ok
01:27:30.0991 2360  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:27:31.0007 2360  cmdide - ok
01:27:31.0053 2360  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
01:27:31.0100 2360  CNG - ok
01:27:31.0131 2360  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:27:31.0163 2360  Compbatt - ok
01:27:31.0178 2360  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:27:31.0225 2360  CompositeBus - ok
01:27:31.0225 2360  COMSysApp - ok
01:27:31.0241 2360  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:27:31.0272 2360  crcdisk - ok
01:27:31.0303 2360  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:27:31.0334 2360  CryptSvc - ok
01:27:31.0365 2360  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:27:31.0428 2360  DcomLaunch - ok
01:27:31.0459 2360  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:27:31.0521 2360  defragsvc - ok
01:27:31.0553 2360  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:27:31.0599 2360  DfsC - ok
01:27:31.0631 2360  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:27:31.0677 2360  Dhcp - ok
01:27:31.0677 2360  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:27:31.0709 2360  discache - ok
01:27:31.0724 2360  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:27:31.0755 2360  Disk - ok
01:27:31.0771 2360  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:27:31.0833 2360  Dnscache - ok
01:27:31.0865 2360  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:27:31.0911 2360  dot3svc - ok
01:27:31.0943 2360  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:27:31.0989 2360  DPS - ok
01:27:32.0021 2360  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:27:32.0052 2360  drmkaud - ok
01:27:32.0067 2360  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:27:32.0145 2360  DXGKrnl - ok
01:27:32.0223 2360  [ 04DDDEA79B9E616F50B9132752F656FC ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
01:27:32.0255 2360  e1kexpress - ok
01:27:32.0317 2360  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:27:32.0364 2360  EapHost - ok
01:27:32.0442 2360  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:27:32.0567 2360  ebdrv - ok
01:27:32.0582 2360  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:27:32.0629 2360  EFS - ok
01:27:32.0723 2360  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:27:32.0816 2360  ehRecvr - ok
01:27:32.0832 2360  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:27:32.0879 2360  ehSched - ok
01:27:32.0910 2360  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:27:32.0957 2360  elxstor - ok
01:27:32.0988 2360  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:27:33.0019 2360  ErrDev - ok
01:27:33.0066 2360  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:27:33.0128 2360  EventSystem - ok
01:27:33.0128 2360  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:27:33.0175 2360  exfat - ok
01:27:33.0222 2360  Fabs - ok
01:27:33.0237 2360  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:27:33.0284 2360  fastfat - ok
01:27:33.0331 2360  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:27:33.0393 2360  Fax - ok
01:27:33.0393 2360  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:27:33.0425 2360  fdc - ok
01:27:33.0440 2360  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:27:33.0487 2360  fdPHost - ok
01:27:33.0487 2360  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:27:33.0534 2360  FDResPub - ok
01:27:33.0534 2360  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:27:33.0565 2360  FileInfo - ok
01:27:33.0565 2360  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:27:33.0612 2360  Filetrace - ok
01:27:33.0705 2360  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
01:27:33.0893 2360  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
01:27:33.0893 2360  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
01:27:33.0908 2360  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:33.0924 2360  flpydisk - ok
01:27:33.0955 2360  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:27:34.0017 2360  FltMgr - ok
01:27:34.0049 2360  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
01:27:34.0127 2360  FontCache - ok
01:27:34.0220 2360  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:34.0251 2360  FontCache3.0.0.0 - ok
01:27:34.0251 2360  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:27:34.0283 2360  FsDepends - ok
01:27:34.0298 2360  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:27:34.0329 2360  Fs_Rec - ok
01:27:34.0392 2360  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:27:34.0439 2360  fvevol - ok
01:27:34.0454 2360  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:27:34.0470 2360  gagp30kx - ok
01:27:34.0517 2360  [ 98C64A79D282A6D043D8C9447CE0AD8C ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
01:27:34.0532 2360  GDBehave - ok
01:27:34.0641 2360  [ AF0F1C4F67953C3E2EEE44C2FAE515A9 ] GDFwSvc         C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
01:27:34.0719 2360  GDFwSvc - ok
01:27:34.0813 2360  [ 001D282B8A56C0FB94D14033F5F94EED ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
01:27:34.0829 2360  GDMnIcpt - ok
01:27:34.0875 2360  [ 7818102C1ED42C17CD834645FC0CF4ED ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
01:27:34.0891 2360  GDPkIcpt - ok
01:27:34.0922 2360  [ D31F31342349964E245EAAC1BDC5F6A6 ] GDScan          C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
01:27:34.0969 2360  GDScan - ok
01:27:35.0000 2360  [ FC9B3D24E18D08200F31AA3BACE42F6A ] gdwfpcd         C:\Windows\system32\DRIVERS\gdwfpcd64.sys
01:27:35.0016 2360  gdwfpcd - ok
01:27:35.0016 2360  [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
01:27:35.0031 2360  GearAspiWDM - ok
01:27:35.0078 2360  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:27:35.0156 2360  gpsvc - ok
01:27:35.0187 2360  [ FFA07D1D1D7F16D5A08846A28AFF59EF ] GRD             C:\Windows\system32\drivers\GRD.sys
01:27:35.0203 2360  GRD - ok
01:27:35.0234 2360  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:27:35.0265 2360  hcw85cir - ok
01:27:35.0312 2360  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:27:35.0359 2360  HdAudAddService - ok
01:27:35.0390 2360  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:27:35.0437 2360  HDAudBus - ok
01:27:35.0468 2360  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:27:35.0499 2360  HidBatt - ok
01:27:35.0499 2360  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:27:35.0531 2360  HidBth - ok
01:27:35.0531 2360  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:27:35.0577 2360  HidIr - ok
01:27:35.0593 2360  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
01:27:35.0655 2360  hidserv - ok
01:27:35.0671 2360  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
01:27:35.0687 2360  HidUsb - ok
01:27:35.0702 2360  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:27:35.0749 2360  hkmsvc - ok
01:27:35.0796 2360  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:27:35.0827 2360  HomeGroupListener - ok
01:27:35.0858 2360  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:27:35.0905 2360  HomeGroupProvider - ok
01:27:35.0936 2360  [ 3440D5C74EDD0792A6AA943D1BE985E2 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
01:27:35.0952 2360  HookCentre - ok
01:27:35.0983 2360  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:27:36.0014 2360  HpSAMD - ok
01:27:36.0061 2360  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:27:36.0186 2360  HTTP - ok
01:27:36.0201 2360  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:27:36.0217 2360  hwpolicy - ok
01:27:36.0279 2360  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:27:36.0295 2360  i8042prt - ok
01:27:36.0342 2360  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
01:27:36.0389 2360  IAANTMON - ok
01:27:36.0420 2360  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:27:36.0451 2360  iaStor - ok
01:27:36.0529 2360  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:27:36.0623 2360  iaStorV - ok
01:27:36.0669 2360  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:36.0732 2360  idsvc - ok
01:27:36.0747 2360  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:27:36.0763 2360  iirsp - ok
01:27:36.0841 2360  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:27:36.0935 2360  IKEEXT - ok
01:27:37.0013 2360  [ 135856AC71116CCFF05ED8481745241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:27:37.0091 2360  IntcAzAudAddService - ok
01:27:37.0106 2360  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:27:37.0137 2360  intelide - ok
01:27:37.0137 2360  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:27:37.0184 2360  intelppm - ok
01:27:37.0200 2360  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:27:37.0231 2360  IPBusEnum - ok
01:27:37.0247 2360  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:37.0309 2360  IpFilterDriver - ok
01:27:37.0356 2360  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:27:37.0403 2360  iphlpsvc - ok
01:27:37.0418 2360  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:27:37.0449 2360  IPMIDRV - ok
01:27:37.0449 2360  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:27:37.0496 2360  IPNAT - ok
01:27:37.0512 2360  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:27:37.0543 2360  IRENUM - ok
01:27:37.0559 2360  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:27:37.0574 2360  isapnp - ok
01:27:37.0605 2360  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:27:37.0652 2360  iScsiPrt - ok
01:27:37.0839 2360  [ 2224ABC439D115A44EDB5630A92C1D7E ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
01:27:37.0871 2360  JRAID - ok
01:27:37.0902 2360  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:27:37.0933 2360  kbdclass - ok
01:27:37.0995 2360  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:27:38.0027 2360  kbdhid - ok
01:27:38.0042 2360  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:27:38.0058 2360  KeyIso - ok
01:27:38.0089 2360  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:27:38.0120 2360  KSecDD - ok
01:27:38.0167 2360  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:27:38.0198 2360  KSecPkg - ok
01:27:38.0229 2360  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:27:38.0276 2360  ksthunk - ok
01:27:38.0307 2360  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:27:38.0354 2360  KtmRm - ok
01:27:38.0401 2360  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:27:38.0448 2360  LanmanServer - ok
01:27:38.0479 2360  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:27:38.0541 2360  LanmanWorkstation - ok
01:27:38.0573 2360  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:27:38.0635 2360  lltdio - ok
01:27:38.0651 2360  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:27:38.0713 2360  lltdsvc - ok
01:27:38.0744 2360  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:27:38.0775 2360  lmhosts - ok
01:27:38.0791 2360  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:27:38.0822 2360  LSI_FC - ok
01:27:38.0822 2360  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:27:38.0853 2360  LSI_SAS - ok
01:27:38.0853 2360  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:27:38.0869 2360  LSI_SAS2 - ok
01:27:38.0885 2360  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:27:38.0900 2360  LSI_SCSI - ok
01:27:38.0916 2360  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:27:38.0978 2360  luafv - ok
01:27:39.0009 2360  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
01:27:39.0025 2360  MBAMProtector - ok
01:27:39.0087 2360  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:27:39.0134 2360  MBAMScheduler - ok
01:27:39.0165 2360  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:27:39.0228 2360  MBAMService - ok
01:27:39.0243 2360  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:27:39.0290 2360  Mcx2Svc - ok
01:27:39.0290 2360  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:27:39.0306 2360  megasas - ok
01:27:39.0321 2360  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:27:39.0368 2360  MegaSR - ok
01:27:39.0368 2360  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:27:39.0399 2360  MMCSS - ok
01:27:39.0431 2360  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:27:39.0477 2360  Modem - ok
01:27:39.0524 2360  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:27:39.0555 2360  monitor - ok
01:27:39.0587 2360  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
01:27:39.0602 2360  mouclass - ok
01:27:39.0618 2360  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:27:39.0633 2360  mouhid - ok
01:27:39.0665 2360  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:27:39.0696 2360  mountmgr - ok
01:27:39.0711 2360  [ F5E6770295C24A131E5769E6D87E8CF0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:27:39.0758 2360  MozillaMaintenance - ok
01:27:39.0774 2360  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:27:39.0805 2360  mpio - ok
01:27:39.0805 2360  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:27:39.0867 2360  mpsdrv - ok
01:27:39.0914 2360  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:27:39.0992 2360  MpsSvc - ok
01:27:40.0023 2360  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:27:40.0070 2360  MRxDAV - ok
01:27:40.0101 2360  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:40.0164 2360  mrxsmb - ok
01:27:40.0164 2360  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:40.0211 2360  mrxsmb10 - ok
01:27:40.0226 2360  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:40.0257 2360  mrxsmb20 - ok
01:27:40.0273 2360  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:27:40.0304 2360  msahci - ok
01:27:40.0320 2360  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:27:40.0351 2360  msdsm - ok
01:27:40.0382 2360  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:27:40.0413 2360  MSDTC - ok
01:27:40.0429 2360  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:27:40.0476 2360  Msfs - ok
01:27:40.0476 2360  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:27:40.0523 2360  mshidkmdf - ok
01:27:40.0538 2360  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:27:40.0554 2360  msisadrv - ok
01:27:40.0616 2360  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:27:40.0663 2360  MSiSCSI - ok
01:27:40.0663 2360  msiserver - ok
01:27:40.0679 2360  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:27:40.0725 2360  MSKSSRV - ok
01:27:40.0741 2360  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:27:40.0772 2360  MSPCLOCK - ok
01:27:40.0788 2360  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:27:40.0835 2360  MSPQM - ok
01:27:40.0913 2360  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:27:40.0959 2360  MsRPC - ok
01:27:40.0975 2360  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:27:40.0991 2360  mssmbios - ok
01:27:41.0006 2360  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:27:41.0053 2360  MSTEE - ok
01:27:41.0053 2360  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:27:41.0069 2360  MTConfig - ok
01:27:41.0100 2360  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:27:41.0115 2360  Mup - ok
01:27:41.0147 2360  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:27:41.0162 2360  mwlPSDFilter - ok
01:27:41.0193 2360  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:27:41.0209 2360  mwlPSDNServ - ok
01:27:41.0225 2360  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:27:41.0240 2360  mwlPSDVDisk - ok
01:27:41.0271 2360  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
01:27:41.0318 2360  MWLService - ok
01:27:41.0396 2360  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:27:41.0459 2360  napagent - ok
01:27:41.0474 2360  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:27:41.0521 2360  NativeWifiP - ok
01:27:41.0568 2360  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:27:41.0630 2360  NDIS - ok
01:27:41.0646 2360  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:27:41.0693 2360  NdisCap - ok
01:27:41.0693 2360  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:41.0724 2360  NdisTapi - ok
01:27:41.0771 2360  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:41.0833 2360  Ndisuio - ok
01:27:41.0880 2360  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:41.0942 2360  NdisWan - ok
01:27:41.0958 2360  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:27:42.0020 2360  NDProxy - ok
01:27:42.0161 2360  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:27:42.0239 2360  Nero BackItUp Scheduler 4.0 - ok
01:27:42.0254 2360  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:27:42.0301 2360  NetBIOS - ok
01:27:42.0332 2360  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:27:42.0395 2360  NetBT - ok
01:27:42.0410 2360  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:27:42.0426 2360  Netlogon - ok
01:27:42.0519 2360  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:27:42.0597 2360  Netman - ok
01:27:42.0597 2360  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:27:42.0675 2360  netprofm - ok
01:27:42.0769 2360  [ D66596DB0A0739A89C25B590CE36D628 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
01:27:42.0847 2360  netr28x - ok
01:27:42.0878 2360  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:42.0909 2360  NetTcpPortSharing - ok
01:27:42.0925 2360  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:27:42.0941 2360  nfrd960 - ok
01:27:42.0972 2360  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:27:43.0003 2360  NlaSvc - ok
01:27:43.0003 2360  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:27:43.0050 2360  Npfs - ok
01:27:43.0065 2360  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:27:43.0128 2360  nsi - ok
01:27:43.0128 2360  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:27:43.0175 2360  nsiproxy - ok
01:27:43.0221 2360  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:27:43.0362 2360  Ntfs - ok
01:27:43.0424 2360  [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
01:27:43.0455 2360  NTI IScheduleSvc - ok
01:27:43.0471 2360  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
01:27:43.0487 2360  NTIDrvr - ok
01:27:43.0502 2360  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:27:43.0565 2360  Null - ok
01:27:43.0611 2360  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
01:27:43.0643 2360  NVHDA - ok
01:27:43.0877 2360  [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:27:44.0111 2360  nvlddmkm - ok
01:27:44.0142 2360  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:27:44.0173 2360  nvraid - ok
01:27:44.0204 2360  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:27:44.0235 2360  nvstor - ok
01:27:44.0282 2360  [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
01:27:44.0329 2360  nvsvc - ok
01:27:44.0391 2360  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:27:44.0469 2360  nvUpdatusService - ok
01:27:44.0485 2360  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:27:44.0501 2360  nv_agp - ok
01:27:44.0563 2360  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:27:44.0610 2360  odserv - ok
01:27:44.0641 2360  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:27:44.0672 2360  ohci1394 - ok
01:27:44.0688 2360  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:27:44.0735 2360  ose - ok
01:27:44.0766 2360  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:27:44.0797 2360  p2pimsvc - ok
01:27:44.0828 2360  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:27:44.0859 2360  p2psvc - ok
01:27:44.0891 2360  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:27:44.0922 2360  Parport - ok
01:27:44.0953 2360  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:27:44.0984 2360  partmgr - ok
01:27:44.0984 2360  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:27:45.0031 2360  PcaSvc - ok
01:27:45.0047 2360  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:27:45.0093 2360  pci - ok
01:27:45.0093 2360  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:27:45.0125 2360  pciide - ok
01:27:45.0140 2360  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:27:45.0171 2360  pcmcia - ok
01:27:45.0171 2360  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:27:45.0187 2360  pcw - ok
01:27:45.0203 2360  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:27:45.0281 2360  PEAUTH - ok
01:27:45.0359 2360  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:27:45.0390 2360  PerfHost - ok
01:27:45.0515 2360  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:27:45.0671 2360  pla - ok
01:27:45.0702 2360  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:27:45.0749 2360  PlugPlay - ok
01:27:45.0764 2360  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:27:45.0795 2360  PNRPAutoReg - ok
01:27:45.0811 2360  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:27:45.0842 2360  PNRPsvc - ok
01:27:45.0873 2360  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:27:45.0936 2360  PolicyAgent - ok
01:27:45.0967 2360  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:27:46.0029 2360  Power - ok
01:27:46.0076 2360  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:27:46.0154 2360  PptpMiniport - ok
01:27:46.0170 2360  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:27:46.0201 2360  Processor - ok
01:27:46.0232 2360  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:27:46.0279 2360  ProfSvc - ok
01:27:46.0295 2360  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:27:46.0310 2360  ProtectedStorage - ok
01:27:46.0357 2360  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:27:46.0404 2360  Psched - ok
01:27:46.0451 2360  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:27:46.0513 2360  ql2300 - ok
01:27:46.0529 2360  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:27:46.0544 2360  ql40xx - ok
01:27:46.0560 2360  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:27:46.0607 2360  QWAVE - ok
01:27:46.0607 2360  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:27:46.0653 2360  QWAVEdrv - ok
01:27:46.0669 2360  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:27:46.0700 2360  RasAcd - ok
01:27:46.0731 2360  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:27:46.0778 2360  RasAgileVpn - ok
01:27:46.0778 2360  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:27:46.0841 2360  RasAuto - ok
01:27:46.0841 2360  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:46.0903 2360  Rasl2tp - ok
01:27:46.0934 2360  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:27:47.0012 2360  RasMan - ok
01:27:47.0043 2360  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:47.0090 2360  RasPppoe - ok
01:27:47.0106 2360  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:27:47.0137 2360  RasSstp - ok
01:27:47.0168 2360  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:27:47.0231 2360  rdbss - ok
01:27:47.0246 2360  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:27:47.0277 2360  rdpbus - ok
01:27:47.0277 2360  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:47.0324 2360  RDPCDD - ok
01:27:47.0324 2360  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:27:47.0371 2360  RDPENCDD - ok
01:27:47.0387 2360  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:27:47.0418 2360  RDPREFMP - ok
01:27:47.0480 2360  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:27:47.0511 2360  RdpVideoMiniport - ok
01:27:47.0527 2360  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:27:47.0589 2360  RDPWD - ok
01:27:47.0636 2360  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:27:47.0667 2360  rdyboost - ok
01:27:47.0699 2360  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:27:47.0745 2360  RemoteAccess - ok
01:27:47.0761 2360  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:27:47.0808 2360  RemoteRegistry - ok
01:27:47.0870 2360  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
01:27:47.0917 2360  RichVideo - ok
01:27:47.0933 2360  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:27:47.0964 2360  RpcEptMapper - ok
01:27:47.0979 2360  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:27:48.0026 2360  RpcLocator - ok
01:27:48.0057 2360  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:27:48.0104 2360  RpcSs - ok
01:27:48.0151 2360  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:27:48.0198 2360  rspndr - ok
01:27:48.0198 2360  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:27:48.0229 2360  SamSs - ok
01:27:48.0260 2360  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:27:48.0291 2360  sbp2port - ok
01:27:48.0307 2360  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:27:48.0369 2360  SCardSvr - ok
01:27:48.0401 2360  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:27:48.0463 2360  scfilter - ok
01:27:48.0479 2360  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:27:48.0572 2360  Schedule - ok
01:27:48.0603 2360  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:27:48.0635 2360  SCPolicySvc - ok
01:27:48.0666 2360  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:27:48.0713 2360  SDRSVC - ok
01:27:48.0759 2360  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:27:48.0806 2360  secdrv - ok
01:27:48.0822 2360  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:27:48.0869 2360  seclogon - ok
01:27:48.0900 2360  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:27:48.0947 2360  SENS - ok
01:27:48.0962 2360  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:27:48.0993 2360  SensrSvc - ok
01:27:49.0025 2360  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:27:49.0056 2360  Serenum - ok
01:27:49.0056 2360  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:27:49.0071 2360  Serial - ok
01:27:49.0103 2360  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:27:49.0118 2360  sermouse - ok
01:27:49.0149 2360  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:27:49.0212 2360  SessionEnv - ok
01:27:49.0243 2360  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:27:49.0274 2360  sffdisk - ok
01:27:49.0290 2360  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:27:49.0305 2360  sffp_mmc - ok
01:27:49.0305 2360  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:27:49.0337 2360  sffp_sd - ok
01:27:49.0352 2360  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:27:49.0368 2360  sfloppy - ok
01:27:49.0383 2360  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:27:49.0461 2360  SharedAccess - ok
01:27:49.0477 2360  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:27:49.0539 2360  ShellHWDetection - ok
01:27:49.0539 2360  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:27:49.0555 2360  SiSRaid2 - ok
01:27:49.0571 2360  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:27:49.0586 2360  SiSRaid4 - ok
01:27:49.0617 2360  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:27:49.0680 2360  Smb - ok
01:27:49.0711 2360  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:27:49.0727 2360  SNMPTRAP - ok
01:27:49.0727 2360  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:27:49.0758 2360  spldr - ok
01:27:49.0789 2360  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:27:49.0836 2360  Spooler - ok
01:27:49.0898 2360  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:27:49.0976 2360  sppsvc - ok
01:27:49.0992 2360  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:27:50.0039 2360  sppuinotify - ok
01:27:50.0070 2360  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:27:50.0163 2360  srv - ok
01:27:50.0179 2360  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:27:50.0257 2360  srv2 - ok
01:27:50.0288 2360  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:27:50.0335 2360  srvnet - ok
01:27:50.0366 2360  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:27:50.0413 2360  SSDPSRV - ok
01:27:50.0413 2360  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:27:50.0460 2360  SstpSvc - ok
01:27:50.0507 2360  [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:27:50.0569 2360  Stereo Service - ok
01:27:50.0600 2360  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:27:50.0616 2360  stexstor - ok
01:27:50.0709 2360  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:27:50.0819 2360  stisvc - ok
01:27:50.0865 2360  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:27:50.0881 2360  swenum - ok
01:27:50.0943 2360  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:27:51.0037 2360  swprv - ok
01:27:51.0084 2360  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:27:51.0271 2360  SysMain - ok
01:27:51.0302 2360  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:27:51.0333 2360  TabletInputService - ok
01:27:51.0380 2360  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:27:51.0458 2360  TapiSrv - ok
01:27:51.0474 2360  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:27:51.0536 2360  TBS - ok
01:27:51.0599 2360  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:27:51.0739 2360  Tcpip - ok
01:27:51.0801 2360  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:27:51.0879 2360  TCPIP6 - ok
01:27:51.0911 2360  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:27:51.0957 2360  tcpipreg - ok
01:27:51.0973 2360  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:27:51.0989 2360  TDPIPE - ok
01:27:52.0020 2360  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:27:52.0051 2360  TDTCP - ok
01:27:52.0082 2360  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:27:52.0145 2360  tdx - ok
01:27:52.0160 2360  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:27:52.0191 2360  TermDD - ok
01:27:52.0347 2360  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:27:52.0425 2360  TermService - ok
01:27:52.0457 2360  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:27:52.0488 2360  Themes - ok
01:27:52.0503 2360  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:27:52.0535 2360  THREADORDER - ok
01:27:52.0550 2360  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:27:52.0597 2360  TrkWks - ok
01:27:52.0628 2360  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:27:52.0691 2360  TrustedInstaller - ok
01:27:52.0722 2360  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:52.0753 2360  tssecsrv - ok
01:27:52.0784 2360  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:27:52.0815 2360  TsUsbFlt - ok
01:27:52.0862 2360  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:27:52.0909 2360  tunnel - ok
01:27:52.0956 2360  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:27:52.0971 2360  uagp35 - ok
01:27:52.0987 2360  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
01:27:53.0003 2360  UBHelper - ok
01:27:53.0018 2360  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:27:53.0096 2360  udfs - ok
01:27:53.0112 2360  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:27:53.0127 2360  UI0Detect - ok
01:27:53.0159 2360  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:27:53.0174 2360  uliagpkx - ok
01:27:53.0205 2360  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:27:53.0252 2360  umbus - ok
01:27:53.0252 2360  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:27:53.0283 2360  UmPass - ok
01:27:53.0346 2360  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:27:53.0393 2360  Updater Service - ok
01:27:53.0471 2360  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:27:53.0517 2360  upnphost - ok
01:27:53.0533 2360  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:27:53.0580 2360  usbccgp - ok
01:27:53.0611 2360  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:27:53.0642 2360  usbcir - ok
01:27:53.0658 2360  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
01:27:53.0705 2360  usbehci - ok
01:27:53.0720 2360  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:27:53.0783 2360  usbhub - ok
01:27:53.0798 2360  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:27:53.0829 2360  usbohci - ok
01:27:53.0829 2360  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:27:53.0861 2360  usbprint - ok
01:27:53.0892 2360  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
01:27:53.0939 2360  USBSTOR - ok
01:27:53.0954 2360  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:27:54.0001 2360  usbuhci - ok
01:27:54.0001 2360  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:27:54.0048 2360  UxSms - ok
01:27:54.0064 2360  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:27:54.0079 2360  VaultSvc - ok
01:27:54.0110 2360  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:27:54.0142 2360  vdrvroot - ok
01:27:54.0173 2360  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:27:54.0266 2360  vds - ok
01:27:54.0282 2360  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:54.0298 2360  vga - ok
01:27:54.0313 2360  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:27:54.0344 2360  VgaSave - ok
01:27:54.0360 2360  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:27:54.0422 2360  vhdmp - ok
01:27:54.0438 2360  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:27:54.0454 2360  viaide - ok
01:27:54.0469 2360  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:27:54.0500 2360  volmgr - ok
01:27:54.0532 2360  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:27:54.0594 2360  volmgrx - ok
01:27:54.0641 2360  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:27:54.0719 2360  volsnap - ok
01:27:54.0750 2360  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:27:54.0781 2360  vsmraid - ok
01:27:54.0937 2360  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:27:55.0062 2360  VSS - ok
01:27:55.0078 2360  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:27:55.0124 2360  vwifibus - ok
01:27:55.0140 2360  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:27:55.0187 2360  vwififlt - ok
01:27:55.0218 2360  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:27:55.0280 2360  W32Time - ok
01:27:55.0296 2360  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:27:55.0343 2360  WacomPen - ok
01:27:55.0374 2360  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:27:55.0436 2360  WANARP - ok
01:27:55.0452 2360  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:27:55.0483 2360  Wanarpv6 - ok
01:27:55.0530 2360  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:27:55.0624 2360  wbengine - ok
01:27:55.0639 2360  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:27:55.0670 2360  WbioSrvc - ok
01:27:55.0733 2360  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:27:55.0842 2360  wcncsvc - ok
01:27:55.0842 2360  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:27:55.0858 2360  WcsPlugInService - ok
01:27:55.0873 2360  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:27:55.0889 2360  Wd - ok
01:27:55.0998 2360  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:27:56.0076 2360  Wdf01000 - ok
01:27:56.0076 2360  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:27:56.0107 2360  WdiServiceHost - ok
01:27:56.0107 2360  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:27:56.0138 2360  WdiSystemHost - ok
01:27:56.0154 2360  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:27:56.0216 2360  WebClient - ok
01:27:56.0232 2360  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:27:56.0294 2360  Wecsvc - ok
01:27:56.0294 2360  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:27:56.0357 2360  wercplsupport - ok
01:27:56.0372 2360  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:27:56.0419 2360  WerSvc - ok
01:27:56.0435 2360  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:27:56.0466 2360  WfpLwf - ok
01:27:56.0482 2360  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:27:56.0497 2360  WIMMount - ok
01:27:56.0528 2360  WinDefend - ok
01:27:56.0528 2360  WinHttpAutoProxySvc - ok
01:27:56.0575 2360  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:27:56.0622 2360  Winmgmt - ok
01:27:56.0684 2360  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:27:56.0810 2360  WinRM - ok
01:27:56.0857 2360  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:27:56.0919 2360  Wlansvc - ok
01:27:56.0951 2360  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:27:56.0966 2360  WmiAcpi - ok
01:27:56.0982 2360  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:27:57.0029 2360  wmiApSrv - ok
01:27:57.0060 2360  WMPNetworkSvc - ok
01:27:57.0060 2360  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:27:57.0091 2360  WPCSvc - ok
01:27:57.0122 2360  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:27:57.0153 2360  WPDBusEnum - ok
01:27:57.0185 2360  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:27:57.0216 2360  ws2ifsl - ok
01:27:57.0231 2360  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:27:57.0278 2360  wscsvc - ok
01:27:57.0278 2360  WSearch - ok
01:27:57.0419 2360  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:27:57.0528 2360  wuauserv - ok
01:27:57.0559 2360  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:27:57.0590 2360  WudfPf - ok
01:27:57.0621 2360  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:57.0684 2360  WUDFRd - ok
01:27:57.0699 2360  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:27:57.0746 2360  wudfsvc - ok
01:27:57.0746 2360  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:27:57.0777 2360  WwanSvc - ok
01:27:57.0840 2360  [ 74983ADDCA2D9618512C088D856D6615 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
01:27:57.0871 2360  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
01:27:57.0871 2360  ================ Scan global ===============================
01:27:57.0902 2360  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:27:57.0918 2360  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
01:27:57.0933 2360  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
01:27:57.0949 2360  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:27:57.0980 2360  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:27:57.0980 2360  [Global] - ok
01:27:57.0980 2360  ================ Scan MBR ==================================
01:27:57.0996 2360  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:27:58.0994 2360  \Device\Harddisk0\DR0 - ok
01:27:58.0994 2360  ================ Scan VBR ==================================
01:27:58.0994 2360  [ 5B0778387F7D2FF57281CE28A66D2C29 ] \Device\Harddisk0\DR0\Partition1
01:27:59.0010 2360  \Device\Harddisk0\DR0\Partition1 - ok
01:27:59.0025 2360  [ 2CFF43CB93ABB80798BF8E00CEBB5F95 ] \Device\Harddisk0\DR0\Partition2
01:27:59.0025 2360  \Device\Harddisk0\DR0\Partition2 - ok
01:27:59.0057 2360  [ 39932544FA148808938AF9CF83A8CC9B ] \Device\Harddisk0\DR0\Partition3
01:27:59.0057 2360  \Device\Harddisk0\DR0\Partition3 - ok
01:27:59.0057 2360  ============================================================
01:27:59.0057 2360  Scan finished
01:27:59.0057 2360  ============================================================
01:27:59.0072 2628  Detected object count: 1
01:27:59.0072 2628  Actual detected object count: 1
01:29:03.0750 2628  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
01:29:03.0750 2628  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
          | 
|  15.01.2013, 20:43 | #4 | 
| /// Malware-holic       |   Serifef infiziert hi nutzt du den PC für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem? 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  15.01.2013, 23:37 | #5 | 
|  |   Serifef infiziert Hi ja ich nutze den Pc für online banking einkaufen usw | 
|  16.01.2013, 19:02 | #6 | 
| /// Malware-holic       |   Serifef infiziert hi bitte Bank anrufen, onlinebanking sperren lassen, wegen Zero access rootkits. Da man dieses nicht 100 %ig sicher los wird, dies aber nötig ist, fürs onlinebanking etc: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung: 
 
 ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen. 
				__________________ --> Serifef infiziert | 
|  16.01.2013, 19:22 | #7 | 
|  |   Serifef infiziert Hi hab einen fertig pc Acer Aspire M5810 und ich nutz eRecoery habe keine Windows 7 cd. also soll ich den jetz noch mal mit den recoery dvds zurücksetzen ? | 
|  16.01.2013, 20:36 | #8 | 
| /// Malware-holic       |   Serifef infiziert Hi, erst mal Daten sichern, dann Recovery nutzen, dann über die Herstellerseite neueste Treiber, für mainboard, graka etc instalieren und absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://store.computeractive.co.uk/p2...malware_7_1-pc testversion: http://www.emsisoft.de/de/software/a...re/?id=5987352 insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform http://www.roboform.com/de/ anleitung: http://www.roboform.com/de/manual.html 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  16.01.2013, 21:43 | #9 | 
|  |   Serifef infiziert Hi ok ich werd dann das mal alles abarbeiten ich nutz momentan G Data Internet Securtity 2010 und vom Browers her würd ich eigentlich ganz gern bei mozialla firefox bleiben .. Eine frage zum Online baninking noch . Wenn mein Pc dann wieder sicher ist kann ich dann mein online banking wieder frei schalten lassen und einfach passwort ändern oder direkt einen neuen zugang beantragen ? | 
|  16.01.2013, 21:46 | #10 | 
| /// Malware-holic       |   Serifef infiziert hi wieso gdata 2010, wir haben das jahr 2013, und die hersteller bringen jedes Jahr ein neues Programm raus. ich persönlihc würde auf Emsisoft umsteigen, ist aus meiner Sicht besser, und läuft auch flüssiger, aber das musst du entscheiden. Hast du dir den chrome schon mal angesehen? bietet einige Sicherheitsfeatures mehr als der FF und sollte schneller sein, anschauen kann man ihn ja, meckern auch noch bei nicht gefallen :-) adblock für chrome: http://filepony.de/download-ghostery_chrome/ HTTPS Everywhere https://chrome.google.com/webstore/d...jekcdonpmejbdp wählt, wenn möglich, eine sichere Verbindung sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online Wegen dem Onlinebanking: ich denke freischalten reicht, lass dich da aber von der Bank beraten 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  16.01.2013, 22:00 | #11 | 
|  |   Serifef infiziert ok dann versuch ich den browser mal   und zur datensicherung noch ne frage. Ich hab ja auf meinen pc ein C laufwerk wo ich jetzt eigentlich keine daten drauf habe was ich retten will und auf meinen D laufenwerk sind eigentlich bilder videos usw... das D laufwerk wird bei der recovery ja nicht berührt dann kann ich mir den schritt datenrettung sparen oder D laufwerk vorher auch platt machen ? | 
|  16.01.2013, 22:02 | #12 | 
| /// Malware-holic       |   Serifef infiziert hi solange auf d: nichts instaliert wurde, passt das, ansonsten die partition ebenfalls formatiern. 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  18.01.2013, 10:40 | #13 | 
|  |   Serifef infiziert Hi so hab windows neu drauf auch vorher den mbr überschrieben. sollte man das machen oder war es unötig den mbr zu überschreiben ? dann hab ich mein gdata noch mal installiert um online gehen zu können und alle windows updates zu machen und jetz bin ich dabei alle treiber zu aktualisieren! ist das soweit noch okay ? | 
|  18.01.2013, 18:16 | #14 | 
| /// Malware-holic       |   Serifef infiziert hi ist ok, ich persönlich hätte gdata zwar gegen emsisoft getauscht, ist aber geschmackssache, solange du gdata 2013 instaliert hast :-) bitte aber den Rest der Anleitung nicht vergessen 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  | 
| Themen zu Serifef infiziert | 
| antivirus, autorun, bho, defender, error, excel, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, mywinlocker, nvidia update, office 2007, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, symantec, virus, visual studio, windows |