Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.04.2013, 18:23   #1
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Hallo nac dem Starten von Windows bekomme ich immer die o.g, Fehlermeldung (Hostprozess für Windows Dienste wurde beendet und geschlossen), außerdem ist meine Firewall F-Secure inkl. Online Banking Schutz funktioniert nicht mehr. Der F-Secure-Scan hat nix ergeben. Hatte dann nochmal Emisoft emergencykit installiert mit dem folgenden Ergebnis:
Emsisoft Emergency Kit - Version 3.0
Letztes Update: 24.04.2013 16:50:34

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 24.04.2013 16:51:16

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse gefunden: Trace.File.Super Pop and Drop (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}\INPROCSERVER32 -> ThreadingModel gefunden: Trace.Registry.Alexa Toolbar (A)
Key: HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} gefunden: Trace.Registry.AlexaToolbar (A)
C:\Program Files\Acer GameZone\Big Kahuna Reef\Big Kahuna Reef.exe gefunden: Trojan.Win32.Agent (A)

Gescannt 526364
Gefunden 4

Scan Ende: 24.04.2013 18:55:49
Scan Zeit: 2:04:33

C:\Program Files\Acer GameZone\Big Kahuna Reef\Big Kahuna Reef.exe Quarantäne Trojan.Win32.Agent (A)
Key: HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} Quarantäne Trace.Registry.AlexaToolbar (A)
Value: HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}\INPROCSERVER32 -> ThreadingModel Quarantäne Trace.Registry.Alexa Toolbar (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse Quarantäne Trace.File.Super Pop and Drop (A)

Quarantäne 4
das Problem besteht nach einem Neustart aber weiterhin. Kann mir hier jemand helfen? Vielen Dank für eure Mühen!!!

Geändert von Abby81 (24.04.2013 um 18:41 Uhr)

Alt 24.04.2013, 23:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 25.04.2013, 08:57   #3
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Nein hatte nur F-Secure laufen lassen (ohne Fund) und eben das Emisoft Emergency Kit und das log habe ich gepostet...soll ich noch mal Malwarebytes installlieren?
__________________

Alt 25.04.2013, 11:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2013, 12:39   #5
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Erstmal Danke dass du mir helfen willst!!!
Hier die OTL-Logs:
Code:
ATTFilter
OTL logfile created on: 25.04.2013 13:19:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,21% Memory free
6,19 Gb Paging File | 4,15 Gb Available in Paging File | 67,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 70,33 Gb Free Space | 47,19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14,91 Gb Total Space | 3,99 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\PANDORA.TV\PanService\PanProcess.exe (PandoraTV)
PRC - C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Amazon Browser Bar\ToolbarUpdaterService.exe ()
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng ()
MOD - C:\Users\***\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU ()
MOD - C:\Users\***\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Users\***\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU ()
MOD - C:\Users\***\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll ()
MOD - C:\Programme\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\eAudioUI.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (fshoster) -- C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (PanService) -- C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Updater Service for AMZN) -- C:\Programme\Amazon Browser Bar\ToolbarUpdaterService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys File not found
DRV - (A2DDA) -- C:\Users\***\Downloads\EMSISOFTEMERGENCYKIT_3.0.0.3\RUN\a2ddax86.sys (Emsisoft GmbH)
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (fsni) -- C:\Programme\F-Secure\apps\CCF_Scanning\fsni32.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/hxxp://www.g [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=F1C2B7FD-8705-4C1C-AA1C-8FA4EFA5C1B8&apn_sauid=2996D038-A2C8-473B-A4A8-473E1BE038C2
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 11:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 11:33:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 11:33:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 11:33:32 | 000,000,000 | ---D | M]
 
[2012.12.27 12:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.20 11:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9rdhqelb.default\extensions
[2013.04.14 12:59:53 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9rdhqelb.default\extensions\abb@amazon.com
[2013.04.20 11:31:36 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9rdhqelb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.29 16:28:38 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9rdhqelb.default\searchplugins\askcom.xml
[2013.04.12 11:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 11:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013.02.06 18:48:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.06 18:48:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.06 18:48:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.06 18:48:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.06 18:48:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.06 18:48:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8CE4B8-76C8-47A6-9288-B2D17DC6DE95}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.02.20 23:22:22 | 000,000,000 | ---D | M] - E:\Autogenes Training -- [ NTFS ]
O33 - MountPoints2\{85fd440c-7dcc-11e2-832d-869685e9f2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{85fd440c-7dcc-11e2-832d-869685e9f2dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{85fd4436-7dcc-11e2-832d-dcae9fe20d7e}\Shell - "" = AutoRun
O33 - MountPoints2\{85fd4436-7dcc-11e2-832d-dcae9fe20d7e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ee459d04-8286-11e2-8cf4-883a1e903cd4}\Shell - "" = AutoRun
O33 - MountPoints2\{ee459d04-8286-11e2-8cf4-883a1e903cd4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ee459d05-8286-11e2-8cf4-883a1e903cd4}\Shell - "" = AutoRun
O33 - MountPoints2\{ee459d05-8286-11e2-8cf4-883a1e903cd4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Kindle Content
[2013.04.22 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.04.22 17:41:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Amazon
[2013.04.19 12:59:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene PaperPort-Dokumente
[2013.04.19 12:58:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet
[2013.04.19 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScanSoft
[2013.04.14 13:00:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Amazon Browser Bar
[2013.04.14 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013.04.14 12:58:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Systweak
[2013.04.14 12:58:24 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013.04.12 11:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.12 07:26:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.12 07:26:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.12 07:26:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.12 07:26:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.12 07:26:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.12 07:26:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.12 07:26:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.12 07:26:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 11:57:41 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 11:57:41 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 11:57:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 11:57:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 11:57:31 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.06 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samuel_56cm_10.32_5.4.13
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 13:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 11:49:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 11:49:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 09:49:14 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.25 09:49:04 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2013.04.25 09:49:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 09:48:59 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 11:28:52 | 011,438,970 | ---- | M] () -- C:\Users\Public\Desktop\fsdiag.zip
[2013.04.23 11:18:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.23 11:18:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.23 11:18:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.23 11:18:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 17:42:05 | 000,002,022 | ---- | M] () -- C:\Users\***\Desktop\Kindle.lnk
[2013.04.19 13:01:43 | 000,014,973 | ---- | M] () -- C:\Users\***\Documents\Mutterschaftsgeldbescheinigung.pdf
[2013.04.15 13:21:44 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.15 13:21:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.12 07:34:50 | 000,297,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.26 19:07:56 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.24 11:28:52 | 011,438,970 | ---- | C] () -- C:\Users\Public\Desktop\fsdiag.zip
[2013.04.22 17:42:05 | 000,002,022 | ---- | C] () -- C:\Users\***\Desktop\Kindle.lnk
[2013.04.19 13:01:43 | 000,014,973 | ---- | C] () -- C:\Users\***\Documents\Mutterschaftsgeldbescheinigung.pdf
[2013.02.12 11:26:39 | 005,230,041 | ---- | C] () -- C:\Users\***\Broschüre_WB_2012.pdf
[2013.02.12 11:12:03 | 000,022,576 | ---- | C] () -- C:\Users\***\eA-light-Antrag_01.pdf
[2013.02.09 23:06:36 | 000,276,615 | ---- | C] () -- C:\Users\***\Babyhaekel.pdf
[2013.02.08 16:07:30 | 002,486,815 | ---- | C] () -- C:\Users\***\Häkelanleitung Ballerinas pdf.pdf
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.30 23:40:08 | 000,000,583 | ---- | C] () -- C:\Windows\wiso.ini
[2013.01.30 14:52:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.01.30 14:41:30 | 000,032,228 | ---- | C] () -- C:\Windows\maxlink.ini
[2013.01.02 20:50:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.02 20:50:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.01.02 20:24:29 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.01.02 20:24:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.01.02 20:24:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2013.01.02 20:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.12.28 14:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.12.28 14:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.12.27 12:34:08 | 000,044,240 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2012.12.27 12:33:40 | 000,019,403 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.12.27 06:51:49 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2012.12.27 06:51:20 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2012.12.27 00:25:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.12.26 22:21:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012.12.26 22:21:07 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2012.12.26 22:18:31 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2012.12.26 22:18:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2012.12.26 21:57:17 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012.12.26 21:57:17 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2012.12.26 21:56:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:FED912DB

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 13:19:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,21% Memory free
6,19 Gb Paging File | 4,15 Gb Available in Paging File | 67,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 70,33 Gb Free Space | 47,19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14,91 Gb Total Space | 3,99 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5955D14E-AE8A-4CCD-8354-55ED8131B1CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7DC2B97C-B819-4F34-B866-3FCA03222D37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{847ECF70-1CE4-40C8-9F84-E095BE71D641}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EBA8FC0-6684-47D7-B353-22499456B20A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96A6A76B-05AB-40B6-ACB3-B8243B376FDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D26D6525-4BFF-4448-934A-692EA5BD862B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6185DFE-F9F8-48EB-814B-7B15A8590A5E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DCE2B7DF-CAD5-44F2-BFE4-8BF93EAE9209}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E42BC40E-481D-4AB5-8818-49D1F0C3BCE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0796758E-6A13-4EF3-983A-FF7C4C31EEB5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{09E33169-1D92-4D9D-B21C-B7487D8F6341}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10419082-F00B-49D4-ADED-C50AA67750A9}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{113C2737-FDC3-4F7C-9BCC-DAFE745E23F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14EC0B0D-F2E4-491B-B9E8-A51A5358DAFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AB15F70-6081-4A82-BF5F-18E42529DBF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{28E9EFED-AFCE-4246-AA83-585B6106A9F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40E4911E-C624-4206-9890-9900D791D526}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe | 
"{4F60BC4F-76C2-4C1C-8401-80FF9862BAEA}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{7112FA55-14CF-444D-8D43-4020DCC1B513}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe | 
"{72ED7C3D-0F9E-4C73-96BF-5954CAB1CD9F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{7D55B85E-E3F0-4595-B247-91213658C575}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe | 
"{7DF507FE-15F7-471B-BAE5-9F9814B31A97}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{90381B6C-A05D-47ED-A445-DE636401A178}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93224B18-899D-4C54-944B-A100ED0B0171}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CA7DFB1-A373-452C-9585-38800EEC7685}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe | 
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AFF2545C-7679-4BF1-87D4-E69BCB6178A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA38A0EA-42A3-4394-823B-F5BCE8319A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA5704E6-7579-4DBE-82FD-FACEAAA38A4F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{C5915738-8AAB-4534-9117-FB1FD0037D0F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{D70B2A78-9778-4ABC-8296-D3881A0EF9D9}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe | 
"{D7ACBFEB-92C2-4B79-969A-BA01D1857762}" = protocol=6 | dir=out | app=system | 
"{DA7CAA41-BCB9-4771-BB7D-5F7A523C2F86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB34D47F-B6D5-4AE5-8EBE-0DE3DE4AE5A1}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe | 
"{DCB1E7DF-F3AC-4D97-B4F3-F982F8630BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE908E20-8C02-4479-B776-62247208F94D}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe | 
"{DED04606-F8AA-4AC2-BEF5-17FCDF878830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E29255A9-41D3-4E0A-91D8-714275947D9E}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe | 
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{61082C35-3C36-438D-ABC5-8BF01BB20806}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{A3C94172-89F8-4E5E-8661-AF952E9BAEC9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{CB0E7640-3457-4A4E-8301-1C148A9B8D74}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{68D19666-D0DE-4FEF-BAAA-205D7581BFFF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{B2D66F0C-3202-4FEC-B218-9DCC2D85AD38}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F7408A52-2529-4C6F-A98F-5D1731144998}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{03F39988-365B-3491-2DE8-47D2F40B658C}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1962A938-85FA-AEC7-A533-5D78D976621D}" = Catalyst Control Center Localization Danish
"{1D54B4A2-9CF9-BEC1-BF40-FB67B64FBD37}" = Catalyst Control Center Localization Korean
"{2077FEAB-E2DE-A9C9-52EA-D059F78507A7}" = Catalyst Control Center Localization Turkish
"{232A093A-208F-5A12-1B55-199C0126D140}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A13103F-809F-4A5F-D5D5-0462B463CE26}" = Catalyst Control Center Localization German
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{31F4E894-2B51-890F-3A04-89AA16C1B667}" = Catalyst Control Center Localization Russian
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{363D1E82-40C5-C298-4C73-BD72E58168B4}" = Catalyst Control Center Localization Greek
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4097D40F-FB75-869F-18A0-637635A5FAA0}" = Catalyst Control Center Localization Chinese Traditional
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{432B7B0E-D471-1A8A-B43D-99C52D0DF092}" = Catalyst Control Center Localization Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EBE5044-43A3-49CC-9848-E5A11CA33E64}" = F-Secure CCF Scanning 1.18.127.7931 (release)
"{506C49D5-1A41-FEBF-8A0B-F4481C73F1DD}" = Catalyst Control Center Localization Swedish
"{50B9EFAD-9AD3-4E6A-A9B7-1C02669D4907}" = Online Safety 2.77.1170.803
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{584BFB71-3D12-8720-F222-7739726C3E7C}" = Catalyst Control Center Core Implementation
"{58A5DF2E-E32A-DDD5-2724-181DFB0FDD98}" = Kolay gelsin! Vokabeltrainer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5D5D742B-171C-2C00-810F-3DD837FDE520}" = Catalyst Control Center Localization Hungarian
"{61232CEF-6A36-A4F2-4242-605518175098}" = Catalyst Control Center Localization Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.77.100.0 (release)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4E3662-A321-4D98-84B8-934229348575}" = F-Secure Network CCF 1.02.128
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77B74177-25E3-6801-D4F6-514E0926F3B8}" = Catalyst Control Center Localization Chinese Standard
"{77BDD5AF-E4AC-E3F7-449C-5F5621A84A73}" = Catalyst Control Center Localization Italian
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F149393-7D14-B0EF-154F-3B83D57725AA}" = Catalyst Control Center Localization French
"{821D7BFA-918B-EDCE-15A5-6C6BAB0528A1}" = Catalyst Control Center Localization Thai
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{851DE017-C00B-4A50-B413-4C05740AF56E}" = Nuance PDF Create! 5
"{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F147B7-115C-A8D8-EFB8-B891D0DB39D1}" = ATI Catalyst Install Manager
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF04BC19-3F00-2F3A-2499-19A998E84B95}" = Catalyst Control Center Localization Japanese
"{B1C2147A-54CE-070A-C844-E69C203A3202}" = ccc-core-static
"{B298BB58-D68C-48C5-BC79-5E7EBB2FC922}" = F-Secure
"{B3251D6A-05E1-252C-64A6-4E6A7FE8F6B4}" = Catalyst Control Center Localization Portuguese
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C40AEEAE-DB5D-F537-0A90-A5F75DEE192D}" = Catalyst Control Center Localization Spanish
"{CDBE2FB7-5098-0277-2AE9-145ECE3C0773}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DA472378-2901-09E2-E9B9-019342B8CCD0}" = ccc-utility
"{DEAFFA41-FCE8-EBA5-3918-55F9672F75F8}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Browser Bar" = Amazon Browser Bar
"am-hoteldashtmsuitesuccesstm" = Hotel Dash(TM) - Suite Success(TM)
"AudibleManager" = AudibleManager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"de.klett.vokabeltrainer.kolaygelsin.994B08470047E3B9846080C577877A5B72079D21.1" = Kolay gelsin! Vokabeltrainer
"F-Secure ServiceEnabler 666" = F-Secure
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Verbindungsassistent" = Verbindungsassistent
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2013 03:23:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 03:25:56 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_MpsSvc, Version 6.0.6001.18000, 
Zeitstempel 0x47918b89, fehlerhaftes Modul mpssvc.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03763, Ausnahmecode 0xc0000005, Fehleroffset 0x0000592b,  Prozess-ID 0x1724,
 Anwendungsstartzeit 01ce3d9849041ffe.
 
Error - 20.04.2013 03:31:19 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_MpsSvc, Version 6.0.6001.18000, 
Zeitstempel 0x47918b89, fehlerhaftes Modul mpssvc.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03763, Ausnahmecode 0xc0000005, Fehleroffset 0x0000592b,  Prozess-ID 0x4a4, 
Anwendungsstartzeit 01ce3d990be4472e.
 
Error - 20.04.2013 06:24:20 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.04.2013 06:24:32 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PanProcess.exe, Version 1.0.1.2, Zeitstempel
 0x506004cc, fehlerhaftes Modul pthreadVC2.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x458b2fea, Ausnahmecode 0xc0000005, Fehleroffset 0x1000691c,  Prozess-ID 0xb98, 
Anwendungsstartzeit 01ce3d97f07e61be.
 
Error - 20.04.2013 13:54:19 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_MpsSvc, Version 6.0.6001.18000, 
Zeitstempel 0x47918b89, fehlerhaftes Modul mpssvc.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03763, Ausnahmecode 0xc0000005, Fehleroffset 0x0000592b,  Prozess-ID 0x64c, 
Anwendungsstartzeit 01ce3df0107f95f9.
 
Error - 20.04.2013 13:54:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 13:56:45 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_MpsSvc, Version 6.0.6001.18000, 
Zeitstempel 0x47918b89, fehlerhaftes Modul mpssvc.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03763, Ausnahmecode 0xc0000005, Fehleroffset 0x0000592b,  Prozess-ID 0xb70, 
Anwendungsstartzeit 01ce3df06c1ced97.
 
Error - 20.04.2013 14:02:11 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_MpsSvc, Version 6.0.6001.18000, 
Zeitstempel 0x47918b89, fehlerhaftes Modul mpssvc.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03763, Ausnahmecode 0xc0000005, Fehleroffset 0x0000592b,  Prozess-ID 0xc88, 
Anwendungsstartzeit 01ce3df12e30eb27.
 
Error - 20.04.2013 14:55:20 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 23.01.2013 13:07:37 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2013 03:49:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.04.2013 03:50:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2013 03:50:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2013 03:52:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2013 03:52:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2013 03:52:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.04.2013 03:53:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2013 03:53:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2013 03:54:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2013 03:54:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         


Alt 25.04.2013, 13:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr

Alt 25.04.2013, 15:33   #7
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



OK also:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-25 15:05:01
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10 149,05GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Anika\AppData\Local\Temp\kwdorpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\system32\DRIVERS\atikmdag.sys                section is writeable [0x90209000, 0x1E73A0, 0xE8000020]
       C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl  entry point in "" section [0x9F59F000]
.clc   C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl  unknown last section [0x9F5A0000, 0x1000, 0x00000000]

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                   unknown MBR code

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.000000 GHz
Memory total: 3218599936, free: 1689083904

------------ Kernel report ------------
     04/25/2013 15:08:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\Drivers\fsbts.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
\??\C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Users\Anika\Downloads\EMSISOFTEMERGENCYKIT_3.0.0.3\RUN\a2ddax86.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSDNServ.sys
\SystemRoot\system32\DRIVERS\PSDVdisk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
\??\C:\Program Files\F-Secure\apps\CCF_Scanning\fsni32.sys
\??\C:\Users\Anika\AppData\Local\Temp\kwdorpoc.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff89e63ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xffffffff937c0cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff866a3ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8552b028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.25.04
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff866a3ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff866a37b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff866a3ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85525700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8552b028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb06067b0, 0xffffffff866a3ac8, 0xffffffffedd1f4f0
Lower DeviceData: 0xffffffffb06fbc78, 0xffffffff8552b028, 0xffffffffef61fad0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A9591DF0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 312576642
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff89e63ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86df9d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89e63ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff937c0cb8, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffaa7b1cb8, 0xffffffff89e63ac8, 0xffffffffef49f598
Lower DeviceData: 0xffffffffb8c413a0, 0xffffffff937c0cb8, 0xffffffffa6c1f600
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 31266784

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16008609792 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Anika :: ANIKA-PC [administrator]

25.04.2013 15:20:51
mbar-log-2013-04-25 (15-20-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26630
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 25.04.2013, 16:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2013, 19:48   #9
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



OK also weiter :
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-25 20:14:19
-----------------------------
20:14:19.846    OS Version: Windows 6.0.6002 Service Pack 2
20:14:19.846    Number of processors: 2 586 0xF0D
20:14:19.847    ComputerName: ANIKA-PC  UserName: Anika
20:14:20.919    Initialize success
20:21:02.356    AVAST engine defs: 13042500
20:22:03.799    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:22:03.801    Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
20:22:03.989    Disk 0 MBR read successfully
20:22:03.991    Disk 0 MBR scan
20:22:04.080    Disk 0 unknown MBR code
20:22:04.083    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152625 MB offset 63
20:22:04.391    Disk 0 scanning sectors +312576705
20:22:04.545    Disk 0 scanning C:\Windows\system32\drivers
20:22:39.676    Service scanning
20:23:09.756    Modules scanning
20:23:17.115    Disk 0 trace - called modules:
20:23:17.145    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
20:23:17.149    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8608c780]
20:23:17.155    3 CLASSPNP.SYS[8a7ad8b3] -> nt!IofCallDriver -> [0x85525700]
20:23:17.161    5 acpi.sys[82c976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552b028]
20:23:22.030    AVAST engine scan C:\Windows
20:23:27.357    AVAST engine scan C:\Windows\system32
20:30:15.719    AVAST engine scan C:\Windows\system32\drivers
20:30:29.934    AVAST engine scan C:\Users\Anika
20:35:44.935    Disk 0 MBR has been saved successfully to "C:\Users\Anika\Desktop\MBR.dat"
20:35:44.945    The log file has been saved successfully to "C:\Users\Anika\Desktop\aswMBR.txt"
         
Code:
ATTFilter
20:39:16.0335 1512  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:39:17.0027 1512  ============================================================
20:39:17.0027 1512  Current date / time: 2013/04/25 20:39:17.0027
20:39:17.0027 1512  SystemInfo:
20:39:17.0027 1512  
20:39:17.0027 1512  OS Version: 6.0.6002 ServicePack: 2.0
20:39:17.0027 1512  Product type: Workstation
20:39:17.0027 1512  ComputerName: ANIKA-PC
20:39:17.0028 1512  UserName: Anika
20:39:17.0028 1512  Windows directory: C:\Windows
20:39:17.0028 1512  System windows directory: C:\Windows
20:39:17.0028 1512  Processor architecture: Intel x86
20:39:17.0028 1512  Number of processors: 2
20:39:17.0028 1512  Page size: 0x1000
20:39:17.0028 1512  Boot type: Normal boot
20:39:17.0028 1512  ============================================================
20:39:17.0493 1512  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:17.0511 1512  Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:39:17.0512 1512  ============================================================
20:39:17.0512 1512  \Device\Harddisk0\DR0:
20:39:17.0513 1512  MBR partitions:
20:39:17.0513 1512  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
20:39:17.0513 1512  \Device\Harddisk1\DR1:
20:39:17.0513 1512  MBR partitions:
20:39:17.0513 1512  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x1DD17E0
20:39:17.0513 1512  ============================================================
20:39:17.0533 1512  C: <-> \Device\Harddisk0\DR0\Partition1
20:39:17.0533 1512  ============================================================
20:39:17.0533 1512  Initialize success
20:39:17.0533 1512  ============================================================
20:40:37.0024 2536  ============================================================
20:40:37.0025 2536  Scan started
20:40:37.0025 2536  Mode: Manual; SigCheck; TDLFS; 
20:40:37.0025 2536  ============================================================
20:40:37.0298 2536  ================ Scan system memory ========================
20:40:37.0298 2536  System memory - ok
20:40:37.0299 2536  ================ Scan services =============================
20:40:37.0985 2536  [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA           C:\Users\Anika\Downloads\EMSISOFTEMERGENCYKIT_3.0.0.3\RUN\a2ddax86.sys
20:40:38.0221 2536  A2DDA - ok
20:40:38.0839 2536  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:40:38.0929 2536  ACPI - ok
20:40:39.0094 2536  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:40:39.0209 2536  AdobeARMservice - ok
20:40:39.0296 2536  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:40:39.0376 2536  adp94xx - ok
20:40:39.0388 2536  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:40:39.0457 2536  adpahci - ok
20:40:39.0466 2536  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:40:39.0508 2536  adpu160m - ok
20:40:39.0516 2536  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:40:39.0566 2536  adpu320 - ok
20:40:39.0597 2536  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:40:39.0742 2536  AeLookupSvc - ok
20:40:39.0851 2536  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
20:40:40.0012 2536  AFD - ok
20:40:40.0051 2536  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:40:40.0094 2536  agp440 - ok
20:40:40.0182 2536  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:40:40.0237 2536  aic78xx - ok
20:40:40.0258 2536  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:40:40.0323 2536  ALG - ok
20:40:40.0364 2536  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:40:40.0396 2536  aliide - ok
20:40:40.0403 2536  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:40:40.0440 2536  amdagp - ok
20:40:40.0446 2536  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:40:40.0486 2536  amdide - ok
20:40:40.0501 2536  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:40:40.0570 2536  AmdK7 - ok
20:40:40.0578 2536  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:40:40.0723 2536  AmdK8 - ok
20:40:40.0788 2536  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:40:40.0867 2536  Appinfo - ok
20:40:40.0875 2536  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:40:40.0912 2536  arc - ok
20:40:40.0923 2536  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:40:40.0960 2536  arcsas - ok
20:40:40.0989 2536  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:41.0055 2536  AsyncMac - ok
20:40:41.0163 2536  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:40:41.0225 2536  atapi - ok
20:40:41.0444 2536  [ 26757A5A06C37EF44BE544EB7E98D9D3 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:40:41.0660 2536  Ati External Event Utility - ok
20:40:41.0935 2536  [ D5AB32F003780F21325F1C1DF613F867 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:40:42.0319 2536  atikmdag - ok
20:40:42.0416 2536  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:40:42.0503 2536  AudioEndpointBuilder - ok
20:40:42.0512 2536  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:40:42.0570 2536  Audiosrv - ok
20:40:42.0623 2536  [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:40:42.0730 2536  b57nd60x - ok
20:40:42.0765 2536  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:40:42.0819 2536  Beep - ok
20:40:42.0871 2536  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
20:40:42.0928 2536  BFE - ok
20:40:43.0046 2536  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:40:43.0186 2536  BITS - ok
20:40:43.0206 2536  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:40:43.0259 2536  blbdrive - ok
20:40:43.0307 2536  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:40:43.0403 2536  bowser - ok
20:40:43.0434 2536  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:40:43.0481 2536  BrFiltLo - ok
20:40:43.0487 2536  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:40:43.0558 2536  BrFiltUp - ok
20:40:43.0591 2536  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:40:43.0688 2536  Browser - ok
20:40:43.0718 2536  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:40:43.0945 2536  Brserid - ok
20:40:44.0017 2536  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:40:44.0119 2536  BrSerWdm - ok
20:40:44.0125 2536  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:40:44.0195 2536  BrUsbMdm - ok
20:40:44.0215 2536  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:40:44.0305 2536  BrUsbSer - ok
20:40:44.0337 2536  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:40:44.0421 2536  BTHMODEM - ok
20:40:44.0456 2536  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:40:44.0521 2536  cdfs - ok
20:40:44.0569 2536  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:40:44.0625 2536  cdrom - ok
20:40:44.0675 2536  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:40:44.0740 2536  CertPropSvc - ok
20:40:44.0769 2536  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:40:44.0841 2536  circlass - ok
20:40:44.0928 2536  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:40:45.0034 2536  CLFS - ok
20:40:45.0106 2536  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:45.0155 2536  clr_optimization_v2.0.50727_32 - ok
20:40:45.0250 2536  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:45.0293 2536  clr_optimization_v4.0.30319_32 - ok
20:40:45.0353 2536  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:45.0411 2536  CmBatt - ok
20:40:45.0445 2536  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:40:45.0476 2536  cmdide - ok
20:40:45.0503 2536  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:40:45.0535 2536  Compbatt - ok
20:40:45.0541 2536  COMSysApp - ok
20:40:45.0568 2536  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:40:45.0601 2536  crcdisk - ok
20:40:45.0607 2536  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:40:45.0664 2536  Crusoe - ok
20:40:45.0740 2536  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:40:45.0816 2536  CryptSvc - ok
20:40:45.0927 2536  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:40:46.0103 2536  DcomLaunch - ok
20:40:46.0157 2536  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:40:46.0222 2536  DfsC - ok
20:40:46.0366 2536  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:40:46.0861 2536  DFSR - ok
20:40:46.0976 2536  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:40:47.0085 2536  Dhcp - ok
20:40:47.0149 2536  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:40:47.0186 2536  disk - ok
20:40:47.0236 2536  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
20:40:47.0270 2536  DKbFltr - ok
20:40:47.0328 2536  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:40:47.0395 2536  Dnscache - ok
20:40:47.0480 2536  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:40:47.0582 2536  dot3svc - ok
20:40:47.0627 2536  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:40:47.0701 2536  DPS - ok
20:40:47.0726 2536  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:40:47.0804 2536  drmkaud - ok
20:40:48.0028 2536  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:40:48.0183 2536  DXGKrnl - ok
20:40:48.0214 2536  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:40:48.0273 2536  E1G60 - ok
20:40:48.0309 2536  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:40:48.0372 2536  EapHost - ok
20:40:48.0423 2536  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:40:48.0489 2536  Ecache - ok
20:40:48.0740 2536  [ B84E1ADEC9618ABD328AB6F8C9C7DC90 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
20:40:48.0811 2536  eDataSecurity Service ( UnsignedFile.Multi.Generic ) - warning
20:40:48.0811 2536  eDataSecurity Service - detected UnsignedFile.Multi.Generic (1)
20:40:49.0070 2536  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:40:49.0140 2536  ehRecvr - ok
20:40:49.0159 2536  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:40:49.0243 2536  ehSched - ok
20:40:49.0255 2536  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:40:49.0310 2536  ehstart - ok
20:40:49.0403 2536  [ E28516FED46251119ADDAF4CF33BA401 ] eLockService    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
20:40:49.0462 2536  eLockService ( UnsignedFile.Multi.Generic ) - warning
20:40:49.0463 2536  eLockService - detected UnsignedFile.Multi.Generic (1)
20:40:49.0512 2536  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:40:49.0576 2536  elxstor - ok
20:40:49.0644 2536  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:40:49.0770 2536  EMDMgmt - ok
20:40:49.0812 2536  [ 44E8E86CEEB0D9F0F934B5EDC21E0444 ] eNet Service    C:\Acer\Empowering Technology\eNet\eNet Service.exe
20:40:49.0869 2536  eNet Service ( UnsignedFile.Multi.Generic ) - warning
20:40:49.0869 2536  eNet Service - detected UnsignedFile.Multi.Generic (1)
20:40:49.0876 2536  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:40:49.0936 2536  ErrDev - ok
20:40:50.0086 2536  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
20:40:50.0149 2536  eSettingsService ( UnsignedFile.Multi.Generic ) - warning
20:40:50.0150 2536  eSettingsService - detected UnsignedFile.Multi.Generic (1)
20:40:50.0234 2536  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
20:40:50.0323 2536  EventSystem - ok
20:40:50.0423 2536  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
20:40:50.0508 2536  exfat - ok
20:40:50.0889 2536  [ 3DB7415150DFB85FCF470E10F4745FD3 ] F-Secure Gatekeeper C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
20:40:50.0953 2536  F-Secure Gatekeeper - ok
20:40:51.0264 2536  [ 60491923F1A2700B22E13D8236511DCC ] F-Secure HIPS   C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
20:40:51.0342 2536  F-Secure HIPS - ok
20:40:51.0463 2536  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:40:51.0548 2536  fastfat - ok
20:40:51.0622 2536  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:40:51.0697 2536  fdc - ok
20:40:51.0773 2536  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:40:51.0833 2536  fdPHost - ok
20:40:51.0850 2536  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:40:51.0935 2536  FDResPub - ok
20:40:51.0959 2536  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:40:51.0997 2536  FileInfo - ok
20:40:52.0003 2536  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:40:52.0081 2536  Filetrace - ok
20:40:52.0109 2536  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:52.0163 2536  flpydisk - ok
20:40:52.0201 2536  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:40:52.0280 2536  FltMgr - ok
20:40:52.0365 2536  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
20:40:52.0556 2536  FontCache - ok
20:40:52.0607 2536  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:40:52.0638 2536  FontCache3.0.0.0 - ok
20:40:52.0683 2536  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
20:40:52.0718 2536  fsbts - ok
20:40:52.0776 2536  [ A0F2C92F410EBAE832DFE507C7E4D6FA ] fshoster        C:\Program Files\F-Secure\fshoster32.exe
20:40:52.0831 2536  fshoster - ok
20:40:52.0984 2536  [ 890A13A30577ED60E0B0AA4112DA7E72 ] FSMA            C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
20:40:53.0081 2536  FSMA - ok
20:40:53.0172 2536  [ C99F532AB9B247C507ECBC7D7209AD99 ] fsni            C:\Program Files\F-Secure\apps\CCF_Scanning\fsni32.sys
20:40:53.0242 2536  fsni - ok
20:40:53.0308 2536  [ C67B42683036A503A2123EBEE9220AAA ] FSORSPClient    C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
20:40:53.0350 2536  FSORSPClient - ok
20:40:53.0390 2536  [ 2BD14F094AFD1E1856032702A12BF804 ] fsvista         C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
20:40:53.0437 2536  fsvista - ok
20:40:53.0495 2536  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:40:53.0572 2536  Fs_Rec - ok
20:40:53.0603 2536  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:40:53.0646 2536  gagp30kx - ok
20:40:53.0748 2536  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:40:53.0860 2536  gpsvc - ok
20:40:54.0003 2536  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:54.0082 2536  gupdate - ok
20:40:54.0091 2536  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:54.0154 2536  gupdatem - ok
20:40:54.0226 2536  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:40:54.0308 2536  HdAudAddService - ok
20:40:54.0374 2536  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:40:54.0533 2536  HDAudBus - ok
20:40:54.0586 2536  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:40:54.0686 2536  HidBth - ok
20:40:54.0713 2536  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:40:54.0753 2536  HidIr - ok
20:40:54.0807 2536  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
20:40:54.0862 2536  hidserv - ok
20:40:54.0885 2536  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:40:54.0955 2536  HidUsb - ok
20:40:55.0048 2536  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:40:55.0138 2536  hkmsvc - ok
20:40:55.0145 2536  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:40:55.0188 2536  HpCISSs - ok
20:40:55.0267 2536  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:40:55.0342 2536  HSFHWAZL - ok
20:40:55.0494 2536  [ 347385D69C15E3D045AA1CB46E4CB86D ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:40:55.0764 2536  HSF_DPV - ok
20:40:55.0821 2536  [ 919337D853703267DA203E79A0AC1F2B ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:40:55.0894 2536  HSXHWAZL - ok
20:40:55.0951 2536  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:40:56.0068 2536  HTTP - ok
20:40:56.0122 2536  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:40:56.0190 2536  hwdatacard - ok
20:40:56.0223 2536  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:40:56.0277 2536  i2omp - ok
20:40:56.0332 2536  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:40:56.0393 2536  i8042prt - ok
20:40:56.0463 2536  [ 681EF6E0CC7BBAA0C09ACABEB91F669E ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:40:56.0564 2536  IAANTMON - ok
20:40:56.0591 2536  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:40:56.0648 2536  iaStor - ok
20:40:56.0672 2536  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:40:56.0723 2536  iaStorV - ok
20:40:56.0914 2536  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:40:57.0012 2536  idsvc - ok
20:40:57.0071 2536  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:40:57.0106 2536  iirsp - ok
20:40:57.0232 2536  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:40:57.0321 2536  IKEEXT - ok
20:40:57.0329 2536  int15 - ok
20:40:57.0435 2536  [ 9F5898EBD3BBE82EADF2EFA595F02A72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:40:57.0647 2536  IntcAzAudAddService - ok
20:40:57.0676 2536  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:40:57.0736 2536  intelide - ok
20:40:57.0771 2536  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:40:57.0848 2536  intelppm - ok
20:40:57.0900 2536  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:40:57.0997 2536  IPBusEnum - ok
20:40:58.0033 2536  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:58.0110 2536  IpFilterDriver - ok
20:40:58.0160 2536  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:40:58.0309 2536  iphlpsvc - ok
20:40:58.0316 2536  IpInIp - ok
20:40:58.0327 2536  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:40:58.0428 2536  IPMIDRV - ok
20:40:58.0436 2536  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:40:58.0492 2536  IPNAT - ok
20:40:58.0510 2536  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:40:58.0558 2536  IRENUM - ok
20:40:58.0564 2536  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:40:58.0613 2536  isapnp - ok
20:40:58.0667 2536  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:40:58.0711 2536  iScsiPrt - ok
20:40:58.0717 2536  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:40:58.0749 2536  iteatapi - ok
20:40:58.0756 2536  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:40:58.0789 2536  iteraid - ok
20:40:58.0816 2536  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:40:58.0878 2536  kbdclass - ok
20:40:58.0893 2536  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:40:58.0950 2536  kbdhid - ok
20:40:59.0015 2536  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:40:59.0105 2536  KeyIso - ok
20:40:59.0283 2536  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:40:59.0393 2536  KSecDD - ok
20:40:59.0504 2536  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:40:59.0619 2536  KtmRm - ok
20:40:59.0684 2536  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:40:59.0775 2536  LanmanServer - ok
20:40:59.0838 2536  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:40:59.0912 2536  LanmanWorkstation - ok
20:40:59.0969 2536  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:41:00.0000 2536  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:41:00.0000 2536  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:41:00.0061 2536  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:41:00.0112 2536  lltdio - ok
20:41:00.0144 2536  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:41:00.0230 2536  lltdsvc - ok
20:41:00.0258 2536  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:41:00.0319 2536  lmhosts - ok
20:41:00.0346 2536  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:41:00.0383 2536  LSI_FC - ok
20:41:00.0400 2536  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:41:00.0437 2536  LSI_SAS - ok
20:41:00.0453 2536  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:41:00.0490 2536  LSI_SCSI - ok
20:41:00.0506 2536  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:41:00.0575 2536  luafv - ok
20:41:00.0602 2536  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:41:00.0670 2536  Mcx2Svc - ok
20:41:00.0683 2536  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:41:00.0721 2536  mdmxsdk - ok
20:41:00.0738 2536  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:41:00.0773 2536  megasas - ok
20:41:00.0798 2536  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:41:00.0852 2536  MegaSR - ok
20:41:00.0907 2536  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:41:00.0986 2536  MMCSS - ok
20:41:01.0019 2536  MobilityService - ok
20:41:01.0033 2536  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:41:01.0088 2536  Modem - ok
20:41:01.0102 2536  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:41:01.0166 2536  monitor - ok
20:41:01.0185 2536  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:41:01.0220 2536  mouclass - ok
20:41:01.0237 2536  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:41:01.0304 2536  mouhid - ok
20:41:01.0323 2536  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:41:01.0362 2536  MountMgr - ok
20:41:01.0399 2536  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:41:01.0446 2536  MozillaMaintenance - ok
20:41:01.0470 2536  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:41:01.0509 2536  mpio - ok
20:41:01.0527 2536  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:41:01.0597 2536  mpsdrv - ok
20:41:01.0648 2536  [ D92A1F65A1197E69CE953171A581E321 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:41:01.0737 2536  MpsSvc ( UnsignedFile.Multi.Generic ) - warning
20:41:01.0737 2536  MpsSvc - detected UnsignedFile.Multi.Generic (1)
20:41:01.0777 2536  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:41:01.0814 2536  Mraid35x - ok
20:41:01.0861 2536  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:41:01.0927 2536  MRxDAV - ok
20:41:01.0971 2536  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:02.0059 2536  mrxsmb - ok
20:41:02.0070 2536  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:02.0138 2536  mrxsmb10 - ok
20:41:02.0146 2536  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:02.0215 2536  mrxsmb20 - ok
20:41:02.0250 2536  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:41:02.0297 2536  msahci - ok
20:41:02.0330 2536  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:41:02.0383 2536  msdsm - ok
20:41:02.0415 2536  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:41:02.0490 2536  MSDTC - ok
20:41:02.0517 2536  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:41:02.0572 2536  Msfs - ok
20:41:02.0608 2536  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:41:02.0642 2536  msisadrv - ok
20:41:02.0675 2536  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:41:02.0777 2536  MSiSCSI - ok
20:41:02.0785 2536  msiserver - ok
20:41:02.0813 2536  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:41:02.0871 2536  MSKSSRV - ok
20:41:02.0890 2536  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:02.0941 2536  MSPCLOCK - ok
20:41:02.0973 2536  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:41:03.0055 2536  MSPQM - ok
20:41:03.0117 2536  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:41:03.0171 2536  MsRPC - ok
20:41:03.0218 2536  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:41:03.0257 2536  mssmbios - ok
20:41:03.0263 2536  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:41:03.0314 2536  MSTEE - ok
20:41:03.0358 2536  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:41:03.0423 2536  Mup - ok
20:41:03.0510 2536  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:41:03.0606 2536  napagent - ok
20:41:03.0653 2536  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:41:03.0715 2536  NativeWifiP - ok
20:41:03.0818 2536  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:41:03.0917 2536  NDIS - ok
20:41:03.0970 2536  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:04.0020 2536  NdisTapi - ok
20:41:04.0053 2536  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:04.0112 2536  Ndisuio - ok
20:41:04.0175 2536  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:04.0225 2536  NdisWan - ok
20:41:04.0254 2536  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:41:04.0311 2536  NDProxy - ok
20:41:04.0326 2536  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:41:04.0433 2536  NetBIOS - ok
20:41:04.0536 2536  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:41:04.0616 2536  netbt - ok
20:41:04.0672 2536  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:41:04.0712 2536  Netlogon - ok
20:41:04.0747 2536  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:41:04.0837 2536  Netman - ok
20:41:04.0855 2536  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:41:04.0949 2536  netprofm - ok
20:41:05.0000 2536  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:05.0037 2536  NetTcpPortSharing - ok
20:41:05.0158 2536  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
20:41:05.0404 2536  NETw3v32 - ok
20:41:05.0481 2536  [ 38D720E0C8B0ECB9A019980265679798 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
20:41:05.0797 2536  NETw4v32 - ok
20:41:05.0840 2536  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:41:05.0886 2536  nfrd960 - ok
20:41:05.0921 2536  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:41:06.0005 2536  NlaSvc - ok
20:41:06.0045 2536  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:41:06.0102 2536  Npfs - ok
20:41:06.0166 2536  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:41:06.0227 2536  nsi - ok
20:41:06.0277 2536  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:41:06.0350 2536  nsiproxy - ok
20:41:06.0495 2536  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:41:06.0601 2536  Ntfs - ok
20:41:06.0614 2536  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:41:06.0697 2536  NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
20:41:06.0697 2536  NTIDrvr - detected UnsignedFile.Multi.Generic (1)
20:41:06.0763 2536  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:41:06.0837 2536  ntrigdigi - ok
20:41:06.0843 2536  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:41:06.0896 2536  Null - ok
20:41:07.0371 2536  [ 9E8222B2EF8130DB3EA6669FDA358453 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:41:07.0943 2536  nvlddmkm - ok
20:41:07.0952 2536  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:41:07.0996 2536  nvraid - ok
20:41:08.0018 2536  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:41:08.0057 2536  nvstor - ok
20:41:08.0064 2536  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:41:08.0114 2536  nv_agp - ok
20:41:08.0120 2536  NwlnkFlt - ok
20:41:08.0128 2536  NwlnkFwd - ok
20:41:08.0410 2536  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:41:08.0503 2536  odserv - ok
20:41:08.0625 2536  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:41:08.0687 2536  ohci1394 - ok
20:41:08.0727 2536  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:41:08.0776 2536  ose - ok
20:41:08.0925 2536  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:41:09.0060 2536  p2pimsvc - ok
20:41:09.0074 2536  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:41:09.0148 2536  p2psvc - ok
20:41:09.0398 2536  [ 1011C779C9FCD01AFA96490C86A50421 ] PanService      C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
20:41:09.0757 2536  PanService - ok
20:41:09.0841 2536  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:41:09.0911 2536  Parport - ok
20:41:09.0988 2536  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:41:10.0025 2536  partmgr - ok
20:41:10.0048 2536  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:41:10.0152 2536  Parvdm - ok
20:41:10.0200 2536  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:41:10.0262 2536  PcaSvc - ok
20:41:10.0289 2536  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
20:41:10.0341 2536  pci - ok
20:41:10.0348 2536  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
20:41:10.0383 2536  pciide - ok
20:41:10.0409 2536  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:41:10.0463 2536  pcmcia - ok
20:41:10.0498 2536  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:41:10.0635 2536  PEAUTH - ok
20:41:10.0706 2536  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:41:10.0900 2536  pla - ok
20:41:10.0959 2536  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:41:11.0017 2536  PlugPlay - ok
20:41:11.0052 2536  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:41:11.0162 2536  PNRPAutoReg - ok
20:41:11.0177 2536  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:41:11.0235 2536  PNRPsvc - ok
20:41:11.0258 2536  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:41:11.0382 2536  PolicyAgent - ok
20:41:11.0410 2536  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:41:11.0489 2536  PptpMiniport - ok
20:41:11.0504 2536  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:41:11.0573 2536  Processor - ok
20:41:11.0597 2536  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:41:11.0657 2536  ProfSvc - ok
20:41:11.0675 2536  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:41:11.0712 2536  ProtectedStorage - ok
20:41:11.0757 2536  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:41:11.0822 2536  PSched - ok
20:41:11.0844 2536  [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
20:41:11.0881 2536  PSDFilter - ok
20:41:11.0892 2536  [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
20:41:11.0923 2536  PSDNServ - ok
20:41:11.0945 2536  [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
20:41:11.0978 2536  psdvdisk - ok
20:41:12.0036 2536  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:41:12.0134 2536  ql2300 - ok
20:41:12.0142 2536  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:41:12.0182 2536  ql40xx - ok
20:41:12.0238 2536  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:41:12.0299 2536  QWAVE - ok
20:41:12.0317 2536  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:41:12.0357 2536  QWAVEdrv - ok
20:41:12.0374 2536  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:41:12.0443 2536  RasAcd - ok
20:41:12.0472 2536  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:41:12.0550 2536  RasAuto - ok
20:41:12.0587 2536  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:12.0647 2536  Rasl2tp - ok
20:41:12.0701 2536  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:41:12.0780 2536  RasMan - ok
20:41:12.0833 2536  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:12.0880 2536  RasPppoe - ok
20:41:12.0922 2536  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:41:12.0966 2536  RasSstp - ok
20:41:13.0013 2536  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:41:13.0081 2536  rdbss - ok
20:41:13.0104 2536  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:13.0152 2536  RDPCDD - ok
20:41:13.0203 2536  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:41:13.0293 2536  rdpdr - ok
20:41:13.0299 2536  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:41:13.0358 2536  RDPENCDD - ok
20:41:13.0413 2536  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:41:13.0474 2536  RDPWD - ok
20:41:13.0509 2536  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:41:13.0561 2536  RemoteAccess - ok
20:41:13.0612 2536  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:41:13.0699 2536  RemoteRegistry - ok
20:41:13.0775 2536  [ 0A468612A19FEB657D127E7C4810F6FC ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:41:13.0845 2536  RichVideo ( UnsignedFile.Multi.Generic ) - warning
20:41:13.0845 2536  RichVideo - detected UnsignedFile.Multi.Generic (1)
20:41:13.0875 2536  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
20:41:13.0924 2536  rimmptsk - ok
20:41:13.0959 2536  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
20:41:14.0021 2536  rimsptsk - ok
20:41:14.0027 2536  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
20:41:14.0080 2536  rismxdp - ok
20:41:14.0111 2536  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:41:14.0154 2536  RpcLocator - ok
20:41:14.0180 2536  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
20:41:14.0263 2536  RpcSs - ok
20:41:14.0290 2536  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:41:14.0360 2536  rspndr - ok
20:41:14.0377 2536  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
20:41:14.0448 2536  SamSs - ok
20:41:14.0478 2536  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:41:14.0522 2536  sbp2port - ok
20:41:14.0578 2536  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:41:14.0630 2536  SCardSvr - ok
20:41:14.0693 2536  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:41:14.0879 2536  Schedule - ok
20:41:14.0924 2536  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:41:14.0963 2536  SCPolicySvc - ok
20:41:15.0036 2536  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:41:15.0111 2536  sdbus - ok
20:41:15.0170 2536  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:41:15.0283 2536  SDRSVC - ok
20:41:15.0313 2536  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:41:15.0390 2536  secdrv - ok
20:41:15.0420 2536  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:41:15.0466 2536  seclogon - ok
20:41:15.0487 2536  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:41:15.0540 2536  SENS - ok
20:41:15.0564 2536  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:41:15.0639 2536  Serenum - ok
20:41:15.0647 2536  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:41:15.0725 2536  Serial - ok
20:41:15.0731 2536  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:41:15.0783 2536  sermouse - ok
20:41:15.0882 2536  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:41:15.0932 2536  SessionEnv - ok
20:41:15.0967 2536  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:41:16.0006 2536  sffdisk - ok
20:41:16.0013 2536  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:41:16.0097 2536  sffp_mmc - ok
20:41:16.0124 2536  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:41:16.0181 2536  sffp_sd - ok
20:41:16.0189 2536  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:41:16.0289 2536  sfloppy - ok
20:41:16.0332 2536  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:41:16.0406 2536  SharedAccess - ok
20:41:16.0458 2536  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:41:16.0530 2536  ShellHWDetection - ok
20:41:16.0537 2536  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:41:16.0588 2536  sisagp - ok
20:41:16.0597 2536  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:41:16.0631 2536  SiSRaid2 - ok
20:41:16.0638 2536  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:41:16.0676 2536  SiSRaid4 - ok
20:41:16.0748 2536  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:41:16.0851 2536  SkypeUpdate - ok
20:41:17.0032 2536  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
20:41:17.0387 2536  slsvc - ok
20:41:17.0439 2536  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:41:17.0508 2536  SLUINotify - ok
20:41:17.0563 2536  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:41:17.0631 2536  Smb - ok
20:41:17.0667 2536  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:41:17.0704 2536  SNMPTRAP - ok
20:41:17.0808 2536  [ 1C550748F896E53B7B0FE7717845132B ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
20:41:17.0977 2536  SNP2UVC - ok
20:41:18.0005 2536  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:41:18.0039 2536  spldr - ok
20:41:18.0094 2536  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
20:41:18.0165 2536  Spooler - ok
20:41:18.0271 2536  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:41:18.0368 2536  srv - ok
20:41:18.0440 2536  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:41:18.0511 2536  srv2 - ok
20:41:18.0519 2536  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:41:18.0570 2536  srvnet - ok
20:41:18.0607 2536  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:41:18.0663 2536  SSDPSRV - ok
20:41:18.0745 2536  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:41:18.0806 2536  SstpSvc - ok
20:41:18.0922 2536  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
20:41:19.0006 2536  stisvc - ok
20:41:19.0111 2536  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:41:19.0144 2536  swenum - ok
20:41:19.0294 2536  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
20:41:19.0395 2536  swprv - ok
20:41:19.0418 2536  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:41:19.0457 2536  Symc8xx - ok
20:41:19.0465 2536  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:41:19.0502 2536  Sym_hi - ok
20:41:19.0510 2536  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:41:19.0547 2536  Sym_u3 - ok
20:41:19.0573 2536  [ C5F25D490D0915732508FD421BF76D93 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:41:19.0622 2536  SynTP - ok
20:41:19.0717 2536  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
20:41:19.0909 2536  SysMain - ok
20:41:19.0993 2536  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:41:20.0061 2536  TabletInputService - ok
20:41:20.0185 2536  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:41:20.0311 2536  TapiSrv - ok
20:41:20.0356 2536  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:41:20.0419 2536  TBS - ok
20:41:20.0482 2536  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:41:20.0593 2536  Tcpip - ok
20:41:20.0614 2536  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:41:20.0706 2536  Tcpip6 - ok
20:41:20.0782 2536  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:41:20.0892 2536  tcpipreg - ok
20:41:20.0947 2536  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:41:20.0994 2536  TDPIPE - ok
20:41:21.0014 2536  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:41:21.0062 2536  TDTCP - ok
20:41:21.0123 2536  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:41:21.0195 2536  tdx - ok
20:41:21.0228 2536  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:41:21.0279 2536  TermDD - ok
20:41:21.0374 2536  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
20:41:21.0471 2536  TermService - ok
20:41:21.0509 2536  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
20:41:21.0572 2536  Themes - ok
20:41:21.0595 2536  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:41:21.0645 2536  THREADORDER - ok
20:41:21.0696 2536  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:41:21.0767 2536  TrkWks - ok
20:41:21.0893 2536  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:41:21.0943 2536  TrustedInstaller - ok
20:41:22.0009 2536  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:22.0143 2536  tssecsrv - ok
20:41:22.0207 2536  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:41:22.0263 2536  tunmp - ok
20:41:22.0293 2536  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:41:22.0360 2536  tunnel - ok
20:41:22.0369 2536  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:41:22.0423 2536  uagp35 - ok
20:41:22.0508 2536  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:41:22.0606 2536  udfs - ok
20:41:22.0713 2536  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:41:22.0760 2536  UI0Detect - ok
20:41:22.0798 2536  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:41:22.0861 2536  uliagpkx - ok
20:41:22.0967 2536  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:41:23.0095 2536  uliahci - ok
20:41:23.0103 2536  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:41:23.0145 2536  UlSata - ok
20:41:23.0185 2536  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:41:23.0242 2536  ulsata2 - ok
20:41:23.0297 2536  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:41:23.0352 2536  umbus - ok
20:41:23.0438 2536  [ 6E30C47050124B12D55ECF7F516F28E2 ] Updater Service for AMZN C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
20:41:23.0509 2536  Updater Service for AMZN - ok
20:41:23.0569 2536  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:41:23.0633 2536  upnphost - ok
20:41:23.0681 2536  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:23.0726 2536  usbccgp - ok
20:41:23.0757 2536  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:41:23.0831 2536  usbcir - ok
20:41:23.0878 2536  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:41:23.0945 2536  usbehci - ok
20:41:23.0993 2536  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:41:24.0072 2536  usbhub - ok
20:41:24.0092 2536  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:41:24.0164 2536  usbohci - ok
20:41:24.0199 2536  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:41:24.0252 2536  usbprint - ok
20:41:24.0294 2536  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:41:24.0358 2536  usbscan - ok
20:41:24.0381 2536  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:24.0433 2536  USBSTOR - ok
20:41:24.0454 2536  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:41:24.0513 2536  usbuhci - ok
20:41:24.0563 2536  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
20:41:24.0637 2536  UxSms - ok
20:41:24.0684 2536  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
20:41:24.0829 2536  vds - ok
20:41:24.0858 2536  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:24.0937 2536  vga - ok
20:41:25.0024 2536  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:41:25.0084 2536  VgaSave - ok
20:41:25.0092 2536  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:41:25.0128 2536  viaagp - ok
20:41:25.0135 2536  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:41:25.0183 2536  ViaC7 - ok
20:41:25.0190 2536  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:41:25.0222 2536  viaide - ok
20:41:25.0252 2536  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:41:25.0289 2536  volmgr - ok
20:41:25.0349 2536  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:41:25.0402 2536  volmgrx - ok
20:41:25.0455 2536  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:41:25.0505 2536  volsnap - ok
20:41:25.0545 2536  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:41:25.0590 2536  vsmraid - ok
20:41:25.0665 2536  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
20:41:25.0803 2536  VSS - ok
20:41:25.0857 2536  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
20:41:25.0929 2536  W32Time - ok
20:41:26.0011 2536  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:41:26.0101 2536  WacomPen - ok
20:41:26.0160 2536  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:41:26.0205 2536  Wanarp - ok
20:41:26.0210 2536  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:41:26.0254 2536  Wanarpv6 - ok
20:41:26.0356 2536  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:41:26.0448 2536  wcncsvc - ok
20:41:26.0480 2536  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:41:26.0544 2536  WcsPlugInService - ok
20:41:26.0550 2536  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:41:26.0589 2536  Wd - ok
20:41:26.0652 2536  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:41:26.0751 2536  Wdf01000 - ok
20:41:26.0774 2536  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:41:26.0851 2536  WdiServiceHost - ok
20:41:26.0856 2536  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:41:26.0906 2536  WdiSystemHost - ok
20:41:26.0977 2536  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
20:41:27.0050 2536  WebClient - ok
20:41:27.0144 2536  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:41:27.0216 2536  Wecsvc - ok
20:41:27.0235 2536  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:41:27.0305 2536  wercplsupport - ok
20:41:27.0368 2536  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:41:27.0421 2536  WerSvc - ok
20:41:27.0457 2536  [ 3344B5C3209E538291398FF12F895155 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:41:27.0538 2536  winachsf - ok
20:41:27.0590 2536  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
20:41:27.0638 2536  winbondcir - ok
20:41:27.0717 2536  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:41:27.0772 2536  WinDefend - ok
20:41:27.0780 2536  WinHttpAutoProxySvc - ok
20:41:27.0960 2536  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:41:28.0022 2536  Winmgmt - ok
20:41:28.0092 2536  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:41:28.0213 2536  WinRM - ok
20:41:28.0290 2536  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:41:28.0460 2536  Wlansvc - ok
20:41:28.0483 2536  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:41:28.0548 2536  WmiAcpi - ok
20:41:28.0598 2536  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:41:28.0665 2536  wmiApSrv - ok
20:41:28.0721 2536  [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService      C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
20:41:28.0787 2536  WMIService ( UnsignedFile.Multi.Generic ) - warning
20:41:28.0787 2536  WMIService - detected UnsignedFile.Multi.Generic (1)
20:41:28.0886 2536  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:41:28.0995 2536  WMPNetworkSvc - ok
20:41:29.0058 2536  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:41:29.0129 2536  WPCSvc - ok
20:41:29.0181 2536  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:41:29.0233 2536  WPDBusEnum - ok
20:41:29.0357 2536  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:41:29.0489 2536  WPFFontCache_v0400 - ok
20:41:29.0529 2536  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:41:29.0573 2536  ws2ifsl - ok
20:41:29.0617 2536  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
20:41:29.0664 2536  wscsvc - ok
20:41:29.0669 2536  WSearch - ok
20:41:29.0775 2536  [ A583F4BF607EBC5709578433207A76A8 ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
20:41:29.0839 2536  WTGService - ok
20:41:29.0928 2536  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:41:30.0070 2536  wuauserv - ok
20:41:30.0116 2536  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:41:30.0172 2536  WudfPf - ok
20:41:30.0204 2536  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:41:30.0256 2536  WUDFRd - ok
20:41:30.0324 2536  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:41:30.0376 2536  wudfsvc - ok
20:41:30.0409 2536  [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
20:41:30.0468 2536  XAudio - ok
20:41:30.0516 2536  [ F82FC2C30A19442B95AE554215837C46 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
20:41:30.0612 2536  XAudioService - ok
20:41:30.0727 2536  [ 5867CE254625645345C833510D24F124 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
20:41:30.0814 2536  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
20:41:30.0820 2536  ================ Scan global ===============================
20:41:30.0875 2536  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:41:30.0925 2536  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:41:30.0947 2536  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:41:31.0008 2536  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:41:31.0018 2536  [Global] - ok
20:41:31.0018 2536  ================ Scan MBR ==================================
20:41:31.0027 2536  [ BEEDF9B7F43A72A91456F7131AFC11B2 ] \Device\Harddisk0\DR0
20:41:32.0488 2536  \Device\Harddisk0\DR0 - ok
20:41:32.0494 2536  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:41:32.0658 2536  \Device\Harddisk1\DR1 - ok
20:41:32.0659 2536  ================ Scan VBR ==================================
20:41:32.0681 2536  [ 8FC2728CA75FC45259A3870F4992EC61 ] \Device\Harddisk0\DR0\Partition1
20:41:32.0701 2536  \Device\Harddisk0\DR0\Partition1 - ok
20:41:32.0706 2536  [ 9B40E0AC55C7741DE965318A05C83713 ] \Device\Harddisk1\DR1\Partition1
20:41:32.0710 2536  \Device\Harddisk1\DR1\Partition1 - ok
20:41:32.0710 2536  ============================================================
20:41:32.0710 2536  Scan finished
20:41:32.0710 2536  ============================================================
20:41:32.0722 2684  Detected object count: 9
20:41:32.0722 2684  Actual detected object count: 9
20:44:39.0553 2684  eDataSecurity Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0553 2684  eDataSecurity Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0554 2684  eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0554 2684  eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0556 2684  eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0556 2684  eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0558 2684  eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0559 2684  eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0561 2684  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0561 2684  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0563 2684  MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0563 2684  MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0566 2684  NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0566 2684  NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0568 2684  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0568 2684  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:39.0571 2684  WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:39.0571 2684  WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 25.04.2013, 22:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.04.2013, 09:24   #11
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Ich glaube jetzt hat sich was getan!!! Kann man sehen woher das kommt? Mein Mann meinte gestern Abend nämlich dass das Netbook jetzt das gleiche Problem habe?!

Auf jeden Fall schon mal ein ganz dickes Dankeschön!!!

Aber hier erstmal die log-Datei:
Code:
ATTFilter
ComboFix 13-04-25.01 - *** 26.04.2013   9:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1978 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.5976.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-22 15:41 . 2013-04-22 15:42	--------	d-----w-	c:\users\***\AppData\Local\Amazon
2013-04-19 10:58 . 2013-04-19 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\FLEXnet
2013-04-19 10:57 . 2013-04-19 10:57	--------	d-----w-	c:\users\***\AppData\Roaming\ScanSoft
2013-04-14 11:00 . 2013-04-14 11:00	--------	d-----w-	c:\users\***\AppData\Local\Amazon Browser Bar
2013-04-14 10:59 . 2013-04-14 11:00	--------	d-----w-	c:\program files\Amazon Browser Bar
2013-04-14 10:58 . 2013-04-14 11:06	--------	d-----w-	c:\users\***\AppData\Roaming\Systweak
2013-04-10 09:57 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 09:57 . 2013-03-11 13:25	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-10 09:57 . 2013-03-11 13:25	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 09:57 . 2013-03-09 03:45	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 09:57 . 2013-03-09 01:28	64000	----a-w-	c:\windows\system32\smss.exe
2013-04-10 09:57 . 2013-03-08 03:52	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 09:57 . 2013-03-08 03:53	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-04-10 09:57 . 2013-03-05 01:40	2049024	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 11:21 . 2012-12-27 11:34	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 11:21 . 2012-12-27 11:34	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-23 07:34 . 2013-03-23 07:35	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 07:34 . 2012-12-29 14:17	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-23 07:34 . 2012-12-29 14:17	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-09 14:27 . 2013-03-09 14:27	1207568	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-05 23:18 . 2012-12-27 10:34	44240	----a-w-	c:\windows\system32\drivers\fsbts.sys
2013-02-23 18:00 . 2013-02-23 18:01	860928	----a-w-	c:\windows\system32\drivers\mod7700.sys
2013-02-23 18:00 . 2013-02-23 18:01	11136	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-02-23 18:00 . 2013-02-23 18:01	102784	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2013-02-23 18:00 . 2013-02-23 18:01	23424	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2013-02-23 18:00 . 2013-02-23 18:01	116736	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2013-02-23 18:00 . 2013-02-23 18:01	106880	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2013-02-12 01:57 . 2013-03-19 16:21	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 16:53 . 2013-03-16 23:28	4659712	----a-w-	c:\windows\system32\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	569344	----a-w-	c:\windows\system32\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52	491520	----a-w-	c:\windows\system32\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	245760	----a-w-	c:\windows\system32\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52	200704	----a-w-	c:\windows\system32\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52	155648	----a-w-	c:\windows\system32\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	143360	----a-w-	c:\windows\system32\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52	135168	----a-w-	c:\windows\system32\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	122880	----a-w-	c:\windows\system32\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52	118784	----a-w-	c:\windows\system32\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2013-02-05 16:52 . 2013-03-16 23:28	821824	----a-w-	c:\windows\system32\dgderapi.dll
2013-02-05 16:52 . 2013-03-16 23:28	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2013-02-05 16:52 . 2012-12-26 19:56	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2013-04-12 09:33 . 2013-04-12 09:33	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-08-15 19:35	2162272	----a-w-	c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-08-15 2162272]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00	39472	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2013\mshaktuell.exe [2013-1-30 1397840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Hoster (666)]
2013-01-18 10:06	188400	----a-w-	c:\program files\F-Secure\fshoster32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2013-01-03 14:56	311432	----a-w-	c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\***\Downloads\EMSISOFTEMERGENCYKIT_3.0.0.3\RUN\a2ddax86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-02 09:54]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-02 09:54]
.
2013-04-26 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe [2012-12-27 14:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9rdhqelb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-04-20 11:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9rdhqelb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-OpAgent - OpAgent.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-26 10:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2432)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\PANDORA.TV\PanService\PandoraService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe
c:\program files\Verbindungsassistent\WTGService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
c:\windows\system32\conime.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-26  10:05:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-26 08:05
.
Vor Suchlauf: 11 Verzeichnis(se), 75.620.040.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 76.481.355.776 Bytes frei
.
- - End Of File - - C5414638042F96E2BE7F106110BD0329
         

Geändert von Abby81 (26.04.2013 um 09:40 Uhr)

Alt 26.04.2013, 09:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.04.2013, 11:15   #13
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Leider gibt es hier ein Problem:

obwohl ich als Administrator gestartet habe, habe auch ein zweites mal den Download vollführt, aber ohne Erfolg...

Alt 26.04.2013, 15:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Das hier mal machen => http://www.trojaner-board.de/72647-b...tml#post433187

Erfordert einen Neustart, danach JRT nochmal probieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.04.2013, 19:14   #15
Abby81
 
Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Standard

Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr



Leider kein Erfolg einmal dieses:

und bei weiteren Versuchen die Fehlermeldung von davor. Wenn ich die Benutzerkontensteuerung deaktiviere dann kommt ein Dosfenster wo steht erfolgreich beendet steht. Dann habe ich OK geklickt und neu gestartet...aber es ändert sich nichts....

war doch korrekt so oder?

Antwort

Themen zu Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr
acer, beendet, beendet und geschlossen, einstellungen, ergebnis, fehlermeldung, festplatte, firewall, folge, funktioniert, funktioniert nicht, funktioniert nicht mehr, inprocserver32, microsoft, neustart, nicht mehr, online, online banking, problem, rootkits, schutz, speicher, starten, trace.registry.alexa, trace.registry.alexatoolbar, traces, update, vista, windows, zugriff



Ähnliche Themen: Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr


  1. Windows 8.1 Task host beim Herunterfahren des PC nicht beendet
    Log-Analyse und Auswertung - 18.08.2015 (6)
  2. Windows Vista: Mindspark Toolbar Plattform funktioniert nicht mehr
    Alles rund um Windows - 26.03.2015 (15)
  3. Vista: "Windows Problem Reporting funktioniert nicht mehr", Sperrbildschirm
    Log-Analyse und Auswertung - 29.11.2014 (14)
  4. Catalyst Control Center - Host Application funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 15.08.2014 (3)
  5. Windows Vista Pro 32Bit: Internet (insb. Downloads) funktioniert nicht mehr
    Log-Analyse und Auswertung - 28.05.2014 (9)
  6. Windows Vista funktioniert nicht mehr
    Log-Analyse und Auswertung - 17.05.2014 (68)
  7. Windows 7 Firewall funktioniert nicht mehr Fehlercode 0x80070424
    Log-Analyse und Auswertung - 09.12.2012 (12)
  8. Windows-Hostprozess (Rundll32) funktioniert nicht mehr - VISTA
    Log-Analyse und Auswertung - 16.11.2012 (9)
  9. Firewall windows 7 und Update funktioniert nicht mehr
    Log-Analyse und Auswertung - 11.09.2012 (3)
  10. Firewall Vista funktioniert nicht, kein Internetzugang, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (64)
  11. Windows Reporting funktioniert nicht mehr, Firewall startet nicht, Windows Explorer stürzt ab
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (11)
  12. Catalyst Control Centre: Host application funktioniert nicht mehr !
    Alles rund um Windows - 12.10.2011 (1)
  13. Catalyst Control Center - Host Application funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (17)
  14. Catalyst Control Center - Host Application funktioniert nicht mehr
    Log-Analyse und Auswertung - 06.06.2011 (17)
  15. Windows Vista funktioniert nicht mehr
    Log-Analyse und Auswertung - 06.02.2010 (1)
  16. ashampoo firewall funktioniert nicht mehr
    Mülltonne - 30.01.2008 (0)
  17. Vista Windows Explorer funktioniert nicht mehr
    Alles rund um Windows - 01.01.2008 (3)

Zum Thema Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr - Hallo nac dem Starten von Windows bekomme ich immer die o.g, Fehlermeldung (Hostprozess für Windows Dienste wurde beendet und geschlossen), außerdem ist meine Firewall F-Secure inkl. Online Banking Schutz funktioniert - Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr...
Archiv
Du betrachtest: Vista: Windows Host wurde beendet und Firewall (F-Secure) funktioniert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.