System der automatischen Informationskontrolle - Computer gesperrt

Golderto · 10.10.2012, 10:19

Hallo, als ich gestern Abend im Internet surfte wurde von einer Sekunde auf die andere der Bildschirm weiß und es kam die Meldung: "Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt." Rechts oben erscheint das Logo der österreichischen Polizei. Es werden auch einige Gründe benannt, z.B. dass man sich verbotene Websites angesehen habe. Es wird verlangt, dass man 100 € bezahlen soll (Ukash).

Ich habe dann die Anleitung hier befolgt (Malwarebytes Anti-Malware heruntergeladen und durchgeführt) und den Computer im Abgesicherten Modus gestartet. Anschließend habe ich die anderen Programme heruntergeladen und ausgeführt. Allerdings funktionierte das Programm gmer.exe nicht, nachdem es ein paar Sekunden gelaufen ist. Es hieß dann wegen eines Fehler müsse die Datei geschlossen werden, obwohl ich zuvor alle Sachen beim McAfee deaktiviert hatte!

Deswegen befinden sich weiter unten nur die Logs von der Anti-Malware und Schritt 2 (OTL, Extra)
Ich hoffe das passt so!
Lg, Golderto

PS: Wann kann ich den Re-enable Button vom defogger (Schritt 1) wieder drücken?

Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
media :: MEDIA-PC [Administrator]

Schutz: Deaktiviert

10.10.2012 09:44:04
mbam-log-2012-10-10 (09-44-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227148
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Gaycecodde (Backdoor.Agent) -> Daten: C:\Users\media\AppData\Roaming\Xogy\siad.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rqtppmbapjgtyju (Trojan.Winlock) -> Daten: C:\ProgramData\rqtppmba.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cbssreg (Trojan.Agent) -> Daten: C:\Users\media\AppData\Local\Temp\lurqjkle.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\media\AppData\Roaming\SystemProc (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 16
C:\Users\media\AppData\Roaming\Xogy\siad.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\rqtppmba.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dhcpsapi32.dll (Trojan.Tracur.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\audiohd.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\RECYCLER\S-1-5-21-7659959331-1071519505-604589256-6848\mgrls32.exe (Worm.Autorun.B) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\0.2519730864482337.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\ms.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\02000000ff557861922C.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\02000000ff557861922O.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\02000000ff557861922P.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\02000000ff557861922S.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Local\Temp\0.25751081556181643.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Local\Temp\0.8043754420957456.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Local\Temp\0.9280524519877272.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Local\Temp\lurqjkle.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\media\AppData\Roaming\SystemProc\upd.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.10.2012 10:08:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,43% Memory free
6,19 Gb Paging File | 5,74 Gb Available in Paging File | 92,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 177,26 Gb Free Space | 60,22% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS
 
Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 10:05:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL (1).exe
PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.08.03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.13 08:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 20:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.30 20:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.03.31 06:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.10.05 12:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.04.11 06:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.04.11 06:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007.12.08 07:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.12.08 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at"
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.23 20:07:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 20:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 11:26:52 | 000,000,000 | ---D | M]
 
[2009.09.08 17:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions
[2012.08.31 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions
[2012.04.01 20:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com
[2012.07.31 11:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml
[2012.07.31 11:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.23 20:07:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.09.30 20:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.01 20:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.30 20:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [mpkcomka] C:\Users\media\mpkcomka.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes
[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 09:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.09 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ofrvdjtupebarrp
[2012.10.09 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}
[2012.10.08 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}
[2012.10.08 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}
[2012.10.07 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}
[2012.10.07 09:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}
[2012.10.06 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}
[2012.10.05 17:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}
[2012.10.04 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}
[2012.10.03 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}
[2012.10.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}
[2012.10.02 08:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}
[2012.10.01 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}
[2012.09.30 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}
[2012.09.30 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}
[2012.09.27 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}
[2012.09.26 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}
[2012.09.25 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}
[2012.09.24 23:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}
[2012.09.24 11:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}
[2012.09.23 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}
[2012.09.20 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}
[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Xogy
[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Taype
[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Inpy
[2012.09.19 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}
[2012.09.18 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}
[2012.09.18 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}
[2012.09.17 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}
[2012.09.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}
[2012.09.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
[2012.09.14 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}
[2012.09.13 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}
[2012.09.12 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}
[2012.09.12 08:30:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}
[2012.09.11 13:49:21 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{2D586E6E-C0C5-4DA5-82D9-5A4E5EC8A246}
[2012.09.10 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{535CB8AD-6590-48EA-AC76-FE83DA5EE3F7}
[9 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 10:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable
[2012.10.10 10:04:14 | 000,693,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 10:04:14 | 000,660,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 10:04:14 | 000,150,112 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 10:04:14 | 000,127,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 10:00:54 | 000,022,158 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.10.10 09:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 09:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 09:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.09 20:44:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 20:44:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 20:07:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 20:03:45 | 000,074,137 | ---- | M] () -- C:\ProgramData\tnjymarzxnstcad
[2012.10.07 17:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf
[9 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 10:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable
[2012.10.10 09:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.09 20:03:16 | 000,074,137 | ---- | C] () -- C:\ProgramData\tnjymarzxnstcad
[2012.10.07 17:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf
[2011.07.14 13:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.27 18:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat
[2010.05.25 16:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat
[2009.03.21 18:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.20 12:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.05.09 16:01:14 | 000,000,000 | -HSD | M] -- C:\Users\media\AppData\Roaming\.#
[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console
[2010.05.05 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient
[2008.10.02 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games
[2008.09.11 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi
[2008.10.03 16:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames
[2011.11.28 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto
[2012.10.04 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express
[2012.09.19 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Inpy
[2008.09.29 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst
[2008.12.17 15:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache
[2011.12.03 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion
[2012.10.09 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Taype
[2012.01.20 13:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity
[2010.08.22 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch
[2012.10.10 09:50:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Xogy
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB26798$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.10.2012 10:08:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,43% Memory free
6,19 Gb Paging File | 5,74 Gb Available in Paging File | 92,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 177,26 Gb Free Space | 60,22% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS
 
Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {3DDE6A87-9A75-4CD6-A108-9C3A48C85A00},{2FC76DB2-719C-4570-9177-8E5A30E0FE49}
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {3DDE6A87-9A75-4CD6-A108-9C3A48C85A00},{2FC76DB2-719C-4570-9177-8E5A30E0FE49}
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A22A707-FF8C-4776-AB14-78853A732151}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0E0B4957-F93E-4298-9C43-BE875669B3A2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{16BFCF73-7ADF-44E6-A05C-8B0709285BE0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1FD61671-495C-4141-BC06-0E1D85E5D944}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2B170C4C-D89F-45AC-83B1-8B89001D1F7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FC6DFF1-5DD2-4CB2-962A-7A767AA63F8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{48C2311D-4DA6-437B-AD42-8693F3394410}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{64FD54B3-1E10-4133-805D-13F82DD28BAD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6DE3D63C-08E7-4BC6-8663-CA934ABF694B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{711288B1-A6EF-46CC-B0FB-F2F1A9B4A0CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{87833A98-0432-4997-B3D1-4AC9EAD3CD08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9ED5E038-1D88-4FA3-BF50-F45599EADE3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0062775-9BB4-404C-8965-D9E96A662A50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2302566-C71C-4EC4-B7B3-2CB66D951895}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B34F2389-5CB4-4553-BE7A-C9F6FE3003D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D3F18BC1-3F2E-4214-8817-A5303C86B4FE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D8A7CEB5-1AF0-4487-9478-C0C15180230A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E801CCF3-D2FC-48C3-8633-0F07538ACD01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{1FAA388C-2F6E-4DF1-B150-9845B3287AE9}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{2C472612-E62A-42E2-9F24-A83A16E3EC54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{3FD5FE58-BEE1-4681-A103-8D3CCA29B2EF}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{698EBFB9-DCF9-486F-9F98-038126DD1E3F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{771AC356-5F2A-4529-8244-379721E5AFC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{91D41245-48E4-4C16-8361-9697965A9C0E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{B44AA5D3-0CFD-44BE-9577-18C84291DF01}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{B48D270D-4A7D-4127-A4BD-465C0F76495E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{C2127F21-7A38-4482-96AD-37F2B351D5E4}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{D0696EF3-CD9F-4162-AD34-E829F50F9D8D}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D9275812-F4EB-4AD4-A134-7892951B266A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E5CDDB72-12BD-4F8C-8492-D7432E97C267}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{568502E8-5167-11DE-A65F-B57B56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010
"DivX Setup.divx.com" = DivX-Setup
"Farm Frenzy 3_is1" = Farm Frenzy 3
"HappyFoto-Designer_is1" = HappyFoto-Designer 4.4
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sudoku-Drucker" = Sudoku-Drucker 1.4 
"Tele2 Internet" = Tele2 Internet
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2012 14:29:46 | Computer Name = media-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2012 14:30:17 | Computer Name = media-PC | Source = Application Hang | ID = 1002
Description = Programm rqtppmba.exe, Version 1.0.0.1 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 738  Anfangszeit: 01cda64bedf28fcd  Zeitpunkt der Beendigung:
 0
 
Error - 09.10.2012 14:30:25 | Computer Name = media-PC | Source = Application Hang | ID = 1002
Description = Programm communicator.exe, Version 4.0.7577.4103 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 498  Anfangszeit: 01cda64bed167fdd  Zeitpunkt
 der Beendigung: 0
 
Error - 09.10.2012 14:35:45 | Computer Name = media-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.10.2012 14:47:02 | Computer Name = media-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 09.10.2012 14:48:22 | Computer Name = media-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.10.2012 03:08:27 | Computer Name = media-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.10.2012 03:09:38 | Computer Name = media-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.10.2012 04:00:13 | Computer Name = media-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.10.2012 04:01:32 | Computer Name = media-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.10.2012 04:00:14 | Computer Name = media-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.10.2012 04:00:21 | Computer Name = media-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.10.2012 04:01:34 | Computer Name = media-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.10.2012 04:04:05 | Computer Name = media-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.10.2012 04:04:05 | Computer Name = media-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

--- --- ---

Gmer:
Wurde nach wenigen Sekunden aufgrund von Problemen geschlossen!

Psychotic · 10.10.2012, 12:54

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Den Re-enable Button erst auf meine Anweisung betätigen!

Golderto · 11.10.2012, 06:58

Lieber Marius!

Vielen Dank im Voraus für deine Hilfe - Ich kann sie brauchen!

Zur Info: Schritt 1 wurde abgebrochen, zuerst findet das Programm die infizierte Datei: "C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Zeroot-B [Rtk]", dann kommt die Meldung: "avast! Antirootkit funktioniert nicht mehr" und schließt sich.

Schritt 2, TDSSKiller:

Code:

ATTFilter

07:54:15.0597 1892  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:54:16.0346 1892  ============================================================
07:54:16.0346 1892  Current date / time: 2012/10/11 07:54:16.0346
07:54:16.0346 1892  SystemInfo:
07:54:16.0346 1892  
07:54:16.0346 1892  OS Version: 6.0.6002 ServicePack: 2.0
07:54:16.0346 1892  Product type: Workstation
07:54:16.0346 1892  ComputerName: MEDIA-PC
07:54:16.0346 1892  UserName: media
07:54:16.0346 1892  Windows directory: C:\Windows
07:54:16.0346 1892  System windows directory: C:\Windows
07:54:16.0346 1892  Processor architecture: Intel x86
07:54:16.0346 1892  Number of processors: 4
07:54:16.0346 1892  Page size: 0x1000
07:54:16.0346 1892  Boot type: Safe boot with network
07:54:16.0346 1892  ============================================================
07:54:16.0658 1892  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:54:16.0658 1892  ============================================================
07:54:16.0658 1892  \Device\Harddisk0\DR0:
07:54:16.0658 1892  MBR partitions:
07:54:16.0658 1892  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000
07:54:16.0658 1892  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800
07:54:16.0658 1892  ============================================================
07:54:16.0689 1892  C: <-> \Device\Harddisk0\DR0\Partition1
07:54:16.0721 1892  D: <-> \Device\Harddisk0\DR0\Partition2
07:54:16.0721 1892  ============================================================
07:54:16.0721 1892  Initialize success
07:54:16.0721 1892  ============================================================
07:54:22.0961 1988  ============================================================
07:54:22.0961 1988  Scan started
07:54:22.0961 1988  Mode: Manual; 
07:54:22.0961 1988  ============================================================
07:54:23.0054 1988  ================ Scan system memory ========================
07:54:23.0054 1988  System memory - ok
07:54:23.0054 1988  ================ Scan services =============================
07:54:23.0148 1988  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
07:54:23.0148 1988  Acer HomeMedia Connect Service - ok
07:54:23.0179 1988  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
07:54:23.0179 1988  AcerMemUsageCheckService - ok
07:54:23.0288 1988  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
07:54:23.0304 1988  ACPI - ok
07:54:23.0335 1988  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:54:23.0335 1988  AdobeFlashPlayerUpdateSvc - ok
07:54:23.0382 1988  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:54:23.0382 1988  adp94xx - ok
07:54:23.0397 1988  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:54:23.0397 1988  adpahci - ok
07:54:23.0413 1988  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
07:54:23.0413 1988  adpu160m - ok
07:54:23.0460 1988  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:54:23.0460 1988  adpu320 - ok
07:54:23.0475 1988  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:54:23.0475 1988  AeLookupSvc - ok
07:54:23.0522 1988  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
07:54:23.0522 1988  AFD - ok
07:54:23.0553 1988  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:54:23.0553 1988  agp440 - ok
07:54:23.0569 1988  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
07:54:23.0569 1988  aic78xx - ok
07:54:23.0585 1988  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
07:54:23.0585 1988  ALG - ok
07:54:23.0600 1988  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:54:23.0600 1988  aliide - ok
07:54:23.0616 1988  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:54:23.0616 1988  amdagp - ok
07:54:23.0647 1988  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:54:23.0647 1988  amdide - ok
07:54:23.0678 1988  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
07:54:23.0678 1988  AmdK7 - ok
07:54:23.0694 1988  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:54:23.0694 1988  AmdK8 - ok
07:54:23.0897 1988  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
07:54:23.0897 1988  Appinfo - ok
07:54:23.0912 1988  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
07:54:23.0912 1988  arc - ok
07:54:23.0928 1988  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:54:23.0928 1988  arcsas - ok
07:54:23.0943 1988  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:54:23.0943 1988  AsyncMac - ok
07:54:23.0990 1988  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:54:23.0990 1988  atapi - ok
07:54:24.0006 1988  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:54:24.0021 1988  AudioEndpointBuilder - ok
07:54:24.0037 1988  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:54:24.0037 1988  Audiosrv - ok
07:54:24.0099 1988  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
07:54:24.0099 1988  BBSvc - ok
07:54:24.0162 1988  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
07:54:24.0162 1988  BcmSqlStartupSvc - ok
07:54:24.0177 1988  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:54:24.0177 1988  Beep - ok
07:54:24.0209 1988  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
07:54:24.0224 1988  BITS - ok
07:54:24.0271 1988  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:54:24.0271 1988  blbdrive - ok
07:54:24.0302 1988  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:54:24.0302 1988  bowser - ok
07:54:24.0302 1988  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
07:54:24.0318 1988  BrFiltLo - ok
07:54:24.0318 1988  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
07:54:24.0318 1988  BrFiltUp - ok
07:54:24.0349 1988  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
07:54:24.0349 1988  Browser - ok
07:54:24.0365 1988  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
07:54:24.0365 1988  Brserid - ok
07:54:24.0380 1988  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
07:54:24.0380 1988  BrSerWdm - ok
07:54:24.0396 1988  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
07:54:24.0396 1988  BrUsbMdm - ok
07:54:24.0411 1988  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
07:54:24.0411 1988  BrUsbSer - ok
07:54:24.0427 1988  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:54:24.0427 1988  BTHMODEM - ok
07:54:24.0458 1988  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:54:24.0458 1988  cdfs - ok
07:54:24.0489 1988  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:54:24.0489 1988  cdrom - ok
07:54:24.0505 1988  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:54:24.0505 1988  CertPropSvc - ok
07:54:24.0521 1988  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
07:54:24.0521 1988  circlass - ok
07:54:24.0552 1988  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
07:54:24.0552 1988  CLFS - ok
07:54:24.0599 1988  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:54:24.0599 1988  clr_optimization_v2.0.50727_32 - ok
07:54:24.0661 1988  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:54:24.0739 1988  clr_optimization_v4.0.30319_32 - ok
07:54:24.0755 1988  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:54:24.0755 1988  cmdide - ok
07:54:24.0770 1988  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:54:24.0770 1988  Compbatt - ok
07:54:24.0770 1988  COMSysApp - ok
07:54:24.0786 1988  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:54:24.0786 1988  crcdisk - ok
07:54:24.0801 1988  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
07:54:24.0801 1988  Crusoe - ok
07:54:24.0848 1988  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:54:24.0848 1988  CryptSvc - ok
07:54:24.0879 1988  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
07:54:24.0879 1988  CVirtA - ok
07:54:24.0957 1988  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
07:54:24.0973 1988  CVPND - ok
07:54:25.0004 1988  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
07:54:25.0020 1988  CVPNDRVA - ok
07:54:25.0067 1988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:54:25.0082 1988  DcomLaunch - ok
07:54:25.0129 1988  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:54:25.0129 1988  DfsC - ok
07:54:25.0176 1988  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
07:54:25.0207 1988  DFSR - ok
07:54:25.0254 1988  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
07:54:25.0254 1988  Dhcp - ok
07:54:25.0285 1988  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
07:54:25.0285 1988  disk - ok
07:54:25.0332 1988  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
07:54:25.0332 1988  DNE - ok
07:54:25.0363 1988  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:54:25.0363 1988  Dnscache - ok
07:54:25.0394 1988  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:54:25.0394 1988  dot3svc - ok
07:54:25.0441 1988  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
07:54:25.0441 1988  Dot4 - ok
07:54:25.0457 1988  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:54:25.0457 1988  Dot4Print - ok
07:54:25.0472 1988  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
07:54:25.0472 1988  dot4usb - ok
07:54:25.0503 1988  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
07:54:25.0503 1988  DPS - ok
07:54:25.0519 1988  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:54:25.0519 1988  drmkaud - ok
07:54:25.0550 1988  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:54:25.0566 1988  DXGKrnl - ok
07:54:25.0597 1988  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
07:54:25.0597 1988  E1G60 - ok
07:54:25.0613 1988  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
07:54:25.0613 1988  EapHost - ok
07:54:25.0659 1988  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
07:54:25.0659 1988  Ecache - ok
07:54:25.0691 1988  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
07:54:25.0706 1988  eDataSecurity Service - ok
07:54:25.0722 1988  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:54:25.0737 1988  ehRecvr - ok
07:54:25.0737 1988  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
07:54:25.0737 1988  ehSched - ok
07:54:25.0753 1988  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
07:54:25.0753 1988  ehstart - ok
07:54:25.0769 1988  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:54:25.0784 1988  elxstor - ok
07:54:25.0815 1988  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
07:54:25.0831 1988  EMDMgmt - ok
07:54:25.0878 1988  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
07:54:25.0878 1988  eRecoveryService - ok
07:54:25.0909 1988  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:54:25.0909 1988  ErrDev - ok
07:54:25.0956 1988  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
07:54:25.0956 1988  eSettingsService - ok
07:54:25.0987 1988  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
07:54:25.0987 1988  EventSystem - ok
07:54:26.0018 1988  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
07:54:26.0018 1988  exfat - ok
07:54:26.0049 1988  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:54:26.0049 1988  fastfat - ok
07:54:26.0065 1988  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:54:26.0065 1988  fdc - ok
07:54:26.0081 1988  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:54:26.0081 1988  fdPHost - ok
07:54:26.0096 1988  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:54:26.0096 1988  FDResPub - ok
07:54:26.0112 1988  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:54:26.0112 1988  FileInfo - ok
07:54:26.0112 1988  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:54:26.0127 1988  Filetrace - ok
07:54:26.0127 1988  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:54:26.0127 1988  flpydisk - ok
07:54:26.0159 1988  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:54:26.0159 1988  FltMgr - ok
07:54:26.0205 1988  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
07:54:26.0221 1988  FontCache - ok
07:54:26.0268 1988  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:54:26.0268 1988  FontCache3.0.0.0 - ok
07:54:26.0299 1988  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
07:54:26.0299 1988  fssfltr - ok
07:54:26.0377 1988  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:54:26.0408 1988  fsssvc - ok
07:54:26.0439 1988  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:54:26.0439 1988  Fs_Rec - ok
07:54:26.0455 1988  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:54:26.0455 1988  gagp30kx - ok
07:54:26.0486 1988  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:54:26.0502 1988  gpsvc - ok
07:54:26.0549 1988  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:54:26.0549 1988  HdAudAddService - ok
07:54:26.0595 1988  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:54:26.0611 1988  HDAudBus - ok
07:54:26.0627 1988  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:54:26.0627 1988  HidBth - ok
07:54:26.0642 1988  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:54:26.0642 1988  HidIr - ok
07:54:26.0673 1988  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
07:54:26.0673 1988  hidserv - ok
07:54:26.0705 1988  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:54:26.0705 1988  HidUsb - ok
07:54:26.0720 1988  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:54:26.0720 1988  hkmsvc - ok
07:54:26.0736 1988  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
07:54:26.0736 1988  HpCISSs - ok
07:54:26.0861 1988  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:54:26.0861 1988  hpqcxs08 - ok
07:54:26.0876 1988  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:54:26.0876 1988  hpqddsvc - ok
07:54:26.0907 1988  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:54:26.0907 1988  HTTP - ok
07:54:26.0923 1988  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
07:54:26.0923 1988  i2omp - ok
07:54:26.0939 1988  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:54:26.0939 1988  i8042prt - ok
07:54:26.0970 1988  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys
07:54:26.0970 1988  iaStor - ok
07:54:26.0985 1988  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
07:54:26.0985 1988  iaStorV - ok
07:54:27.0079 1988  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:54:27.0079 1988  IDriverT - ok
07:54:27.0141 1988  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:54:27.0157 1988  idsvc - ok
07:54:27.0173 1988  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:54:27.0173 1988  iirsp - ok
07:54:27.0204 1988  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:54:27.0219 1988  IKEEXT - ok
07:54:27.0235 1988  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
07:54:27.0251 1988  int15 - ok
07:54:27.0297 1988  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:54:27.0329 1988  IntcAzAudAddService - ok
07:54:27.0360 1988  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:54:27.0360 1988  intelide - ok
07:54:27.0360 1988  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:54:27.0360 1988  intelppm - ok
07:54:27.0391 1988  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:54:27.0391 1988  IPBusEnum - ok
07:54:27.0407 1988  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:54:27.0407 1988  IpFilterDriver - ok
07:54:27.0407 1988  IpInIp - ok
07:54:27.0422 1988  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
07:54:27.0422 1988  IPMIDRV - ok
07:54:27.0438 1988  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
07:54:27.0438 1988  IPNAT - ok
07:54:27.0453 1988  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:54:27.0469 1988  IRENUM - ok
07:54:27.0485 1988  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:54:27.0485 1988  isapnp - ok
07:54:27.0531 1988  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
07:54:27.0531 1988  iScsiPrt - ok
07:54:27.0547 1988  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
07:54:27.0547 1988  iteatapi - ok
07:54:27.0563 1988  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
07:54:27.0563 1988  iteraid - ok
07:54:27.0578 1988  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:54:27.0578 1988  kbdclass - ok
07:54:27.0625 1988  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:54:27.0625 1988  kbdhid - ok
07:54:27.0641 1988  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
07:54:27.0641 1988  KeyIso - ok
07:54:27.0672 1988  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:54:27.0672 1988  KSecDD - ok
07:54:27.0703 1988  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:54:27.0703 1988  KtmRm - ok
07:54:27.0734 1988  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:54:27.0750 1988  LanmanServer - ok
07:54:27.0797 1988  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:54:27.0812 1988  LanmanWorkstation - ok
07:54:27.0828 1988  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:54:27.0828 1988  LightScribeService - ok
07:54:27.0843 1988  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:54:27.0843 1988  lltdio - ok
07:54:27.0875 1988  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:54:27.0875 1988  lltdsvc - ok
07:54:27.0875 1988  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:54:27.0875 1988  lmhosts - ok
07:54:27.0906 1988  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:54:27.0906 1988  LSI_FC - ok
07:54:27.0921 1988  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:54:27.0921 1988  LSI_SAS - ok
07:54:27.0937 1988  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:54:27.0937 1988  LSI_SCSI - ok
07:54:27.0968 1988  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
07:54:27.0968 1988  luafv - ok
07:54:27.0984 1988  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:54:27.0984 1988  MBAMProtector - ok
07:54:28.0046 1988  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:54:28.0062 1988  MBAMScheduler - ok
07:54:28.0077 1988  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:54:28.0093 1988  MBAMService - ok
07:54:28.0187 1988  [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
07:54:28.0187 1988  McAfee SiteAdvisor Service - ok
07:54:28.0233 1988  [ CB3A8976DE2F65349322DA7627CEA223 ] mcmscsvc        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
07:54:28.0233 1988  mcmscsvc - ok
07:54:28.0327 1988  [ C69E71E00B30B60556D3E096699BD423 ] McNASvc         c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
07:54:28.0358 1988  McNASvc - ok
07:54:28.0421 1988  [ 21456F3051CBEFD1F2D60D8B9AB9C6EE ] McODS           C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
07:54:28.0421 1988  McODS - ok
07:54:28.0436 1988  [ 8CF3DA0BE6094C34D7C4A85493E60547 ] McProxy         c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
07:54:28.0436 1988  McProxy - ok
07:54:28.0467 1988  [ 33734ABFA52EC8D096A1254D645E9B4F ] McShield        C:\Program Files\McAfee\VirusScan\McShield.exe
07:54:28.0467 1988  McShield - ok
07:54:28.0499 1988  [ FD47DF2BCC3544DF65B01AD6B6062430 ] McSysmon        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
07:54:28.0514 1988  McSysmon - ok
07:54:28.0530 1988  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:54:28.0530 1988  Mcx2Svc - ok
07:54:28.0561 1988  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:54:28.0561 1988  megasas - ok
07:54:28.0577 1988  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
07:54:28.0577 1988  MegaSR - ok
07:54:28.0608 1988  [ C97CBFD71C1C215150A3B3E55F77A7A3 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
07:54:28.0608 1988  mfeavfk - ok
07:54:28.0623 1988  [ 5447338B83A1A2354FB2FEA7604387FD ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
07:54:28.0623 1988  mfebopk - ok
07:54:28.0639 1988  [ 6C9A6ED60B8FC3BAF72FE1B1D096445B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
07:54:28.0639 1988  mfehidk - ok
07:54:28.0655 1988  [ A551154B51D6A93FCCF70FC4E8EAF4BD ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys
07:54:28.0670 1988  mferkdk - ok
07:54:28.0670 1988  [ 299A86B780C9627AAA24E74292363ED2 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys
07:54:28.0670 1988  mfesmfk - ok
07:54:28.0717 1988  Microsoft SharePoint Workspace Audit Service - ok
07:54:28.0733 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
07:54:28.0733 1988  MMCSS - ok
07:54:28.0748 1988  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
07:54:28.0748 1988  Modem - ok
07:54:28.0764 1988  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:54:28.0764 1988  monitor - ok
07:54:28.0779 1988  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:54:28.0779 1988  mouclass - ok
07:54:28.0779 1988  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:54:28.0779 1988  mouhid - ok
07:54:28.0795 1988  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
07:54:28.0795 1988  MountMgr - ok
07:54:28.0826 1988  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:54:28.0826 1988  MozillaMaintenance - ok
07:54:28.0842 1988  [ 96CF5286BC370B558735A7B891232D92 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys
07:54:28.0842 1988  MPFP - ok
07:54:28.0873 1988  [ 346F30F1FF73553AA466F4AE7948DA00 ] MpfService      C:\Program Files\McAfee\MPF\MPFSrv.exe
07:54:28.0889 1988  MpfService - ok
07:54:28.0935 1988  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:54:28.0935 1988  mpio - ok
07:54:28.0935 1988  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:54:28.0935 1988  mpsdrv - ok
07:54:28.0951 1988  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
07:54:28.0951 1988  Mraid35x - ok
07:54:28.0982 1988  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:54:28.0982 1988  MRxDAV - ok
07:54:29.0013 1988  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:54:29.0013 1988  mrxsmb - ok
07:54:29.0029 1988  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:54:29.0029 1988  mrxsmb10 - ok
07:54:29.0045 1988  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:54:29.0045 1988  mrxsmb20 - ok
07:54:29.0060 1988  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
07:54:29.0060 1988  msahci - ok
07:54:29.0076 1988  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:54:29.0076 1988  msdsm - ok
07:54:29.0091 1988  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
07:54:29.0091 1988  MSDTC - ok
07:54:29.0091 1988  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:54:29.0091 1988  Msfs - ok
07:54:29.0138 1988  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:54:29.0138 1988  msisadrv - ok
07:54:29.0154 1988  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:54:29.0154 1988  MSiSCSI - ok
07:54:29.0169 1988  msiserver - ok
07:54:29.0201 1988  [ A05DE3535884270B8D292DCBDD6DED20 ] MSK80Service    C:\Program Files\McAfee\MSK\MskSrver.exe
07:54:29.0201 1988  MSK80Service - ok
07:54:29.0216 1988  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:54:29.0216 1988  MSKSSRV - ok
07:54:29.0247 1988  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:54:29.0247 1988  MSPCLOCK - ok
07:54:29.0263 1988  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:54:29.0263 1988  MSPQM - ok
07:54:29.0294 1988  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:54:29.0294 1988  MsRPC - ok
07:54:29.0310 1988  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:54:29.0310 1988  mssmbios - ok
07:54:29.0357 1988  MSSQL$MSSMLBIZ - ok
07:54:29.0419 1988  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
07:54:29.0419 1988  MSSQLServerADHelper100 - ok
07:54:29.0435 1988  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:54:29.0435 1988  MSTEE - ok
07:54:29.0435 1988  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
07:54:29.0435 1988  Mup - ok
07:54:29.0481 1988  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
07:54:29.0481 1988  napagent - ok
07:54:29.0528 1988  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:54:29.0528 1988  NativeWifiP - ok
07:54:29.0559 1988  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:54:29.0575 1988  NDIS - ok
07:54:29.0606 1988  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:54:29.0606 1988  NdisTapi - ok
07:54:29.0606 1988  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:54:29.0606 1988  Ndisuio - ok
07:54:29.0653 1988  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:54:29.0653 1988  NdisWan - ok
07:54:29.0669 1988  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:54:29.0669 1988  NDProxy - ok
07:54:29.0684 1988  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:54:29.0684 1988  Net Driver HPZ12 - ok
07:54:29.0715 1988  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:54:29.0715 1988  NetBIOS - ok
07:54:29.0731 1988  [ 12856F7F1E943F6762A5CA341BE5AC77 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
07:54:29.0731 1988  netbt ( Virus.Win32.ZAccess.g ) - infected
07:54:29.0731 1988  netbt - detected Virus.Win32.ZAccess.g (0)
07:54:29.0747 1988  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
07:54:29.0747 1988  Netlogon - ok
07:54:29.0762 1988  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
07:54:29.0762 1988  Netman - ok
07:54:29.0778 1988  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
07:54:29.0793 1988  netprofm - ok
07:54:29.0825 1988  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:54:29.0825 1988  NetTcpPortSharing - ok
07:54:29.0840 1988  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:54:29.0840 1988  nfrd960 - ok
07:54:29.0871 1988  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:54:29.0871 1988  NlaSvc - ok
07:54:29.0887 1988  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:54:29.0887 1988  Npfs - ok
07:54:29.0887 1988  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
07:54:29.0887 1988  nsi - ok
07:54:29.0918 1988  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:54:29.0918 1988  nsiproxy - ok
07:54:29.0965 1988  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:54:29.0981 1988  Ntfs - ok
07:54:29.0996 1988  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
07:54:29.0996 1988  NTIDrvr - ok
07:54:30.0012 1988  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
07:54:30.0012 1988  ntrigdigi - ok
07:54:30.0012 1988  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
07:54:30.0012 1988  Null - ok
07:54:30.0043 1988  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
07:54:30.0043 1988  NVENETFD - ok
07:54:30.0074 1988  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
07:54:30.0090 1988  NVHDA - ok
07:54:30.0277 1988  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:54:30.0417 1988  nvlddmkm - ok
07:54:30.0417 1988  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:54:30.0417 1988  nvraid - ok
07:54:30.0433 1988  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys
07:54:30.0433 1988  nvrd32 - ok
07:54:30.0433 1988  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
07:54:30.0433 1988  nvsmu - ok
07:54:30.0449 1988  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:54:30.0449 1988  nvstor - ok
07:54:30.0464 1988  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
07:54:30.0464 1988  nvstor32 - ok
07:54:30.0495 1988  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:54:30.0495 1988  nvsvc - ok
07:54:30.0511 1988  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:54:30.0511 1988  nv_agp - ok
07:54:30.0511 1988  NwlnkFlt - ok
07:54:30.0511 1988  NwlnkFwd - ok
07:54:30.0542 1988  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
07:54:30.0542 1988  ohci1394 - ok
07:54:30.0605 1988  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:54:30.0605 1988  ose - ok
07:54:30.0714 1988  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:54:30.0807 1988  osppsvc - ok
07:54:30.0854 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
07:54:30.0870 1988  p2pimsvc - ok
07:54:30.0885 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:54:30.0885 1988  p2psvc - ok
07:54:30.0901 1988  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
07:54:30.0901 1988  Parport - ok
07:54:30.0932 1988  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:54:30.0932 1988  partmgr - ok
07:54:30.0948 1988  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
07:54:30.0948 1988  Parvdm - ok
07:54:30.0963 1988  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:54:30.0963 1988  PcaSvc - ok
07:54:30.0995 1988  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
07:54:30.0995 1988  pci - ok
07:54:31.0010 1988  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
07:54:31.0010 1988  pciide - ok
07:54:31.0041 1988  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:54:31.0041 1988  pcmcia - ok
07:54:31.0073 1988  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:54:31.0088 1988  PEAUTH - ok
07:54:31.0135 1988  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
07:54:31.0151 1988  pla - ok
07:54:31.0197 1988  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:54:31.0197 1988  PlugPlay - ok
07:54:31.0229 1988  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:54:31.0229 1988  Pml Driver HPZ12 - ok
07:54:31.0229 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
07:54:31.0244 1988  PNRPAutoReg - ok
07:54:31.0244 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
07:54:31.0260 1988  PNRPsvc - ok
07:54:31.0291 1988  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:54:31.0291 1988  PolicyAgent - ok
07:54:31.0322 1988  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:54:31.0322 1988  PptpMiniport - ok
07:54:31.0338 1988  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
07:54:31.0338 1988  Processor - ok
07:54:31.0369 1988  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:54:31.0369 1988  ProfSvc - ok
07:54:31.0385 1988  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:54:31.0385 1988  ProtectedStorage - ok
07:54:31.0416 1988  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
07:54:31.0416 1988  PSched - ok
07:54:31.0447 1988  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
07:54:31.0447 1988  PSDFilter - ok
07:54:31.0447 1988  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
07:54:31.0447 1988  PSDNServ - ok
07:54:31.0463 1988  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
07:54:31.0463 1988  psdvdisk - ok
07:54:31.0478 1988  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
07:54:31.0478 1988  PxHelp20 - ok
07:54:31.0525 1988  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:54:31.0541 1988  ql2300 - ok
07:54:31.0556 1988  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:54:31.0556 1988  ql40xx - ok
07:54:31.0619 1988  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
07:54:31.0619 1988  QWAVE - ok
07:54:31.0634 1988  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:54:31.0634 1988  QWAVEdrv - ok
07:54:31.0697 1988  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
07:54:31.0697 1988  RapiMgr - ok
07:54:31.0712 1988  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:54:31.0712 1988  RasAcd - ok
07:54:31.0712 1988  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
07:54:31.0712 1988  RasAuto - ok
07:54:31.0728 1988  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:54:31.0728 1988  Rasl2tp - ok
07:54:31.0775 1988  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
07:54:31.0775 1988  RasMan - ok
07:54:31.0806 1988  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:54:31.0806 1988  RasPppoe - ok
07:54:31.0837 1988  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:54:31.0837 1988  RasSstp - ok
07:54:31.0868 1988  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:54:31.0868 1988  rdbss - ok
07:54:31.0884 1988  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:54:31.0884 1988  RDPCDD - ok
07:54:31.0899 1988  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
07:54:31.0899 1988  rdpdr - ok
07:54:31.0915 1988  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:54:31.0915 1988  RDPENCDD - ok
07:54:31.0946 1988  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:54:31.0946 1988  RDPWD - ok
07:54:31.0977 1988  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:54:31.0977 1988  RemoteAccess - ok
07:54:32.0009 1988  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:54:32.0009 1988  RemoteRegistry - ok
07:54:32.0055 1988  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
07:54:32.0055 1988  RichVideo - ok
07:54:32.0102 1988  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
07:54:32.0102 1988  RimUsb - ok
07:54:32.0118 1988  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
07:54:32.0118 1988  RimVSerPort - ok
07:54:32.0133 1988  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
07:54:32.0133 1988  ROOTMODEM - ok
07:54:32.0196 1988  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
07:54:32.0196 1988  Roxio UPnP Renderer 9 - ok
07:54:32.0227 1988  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
07:54:32.0227 1988  Roxio Upnp Server 9 - ok
07:54:32.0258 1988  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
07:54:32.0274 1988  RoxLiveShare9 - ok
07:54:32.0321 1988  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
07:54:32.0352 1988  RoxMediaDB9 - ok
07:54:32.0367 1988  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
07:54:32.0367 1988  RoxWatch9 - ok
07:54:32.0399 1988  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
07:54:32.0399 1988  RpcLocator - ok
07:54:32.0430 1988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
07:54:32.0445 1988  RpcSs - ok
07:54:32.0477 1988  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
07:54:32.0477 1988  RsFx0103 - ok
07:54:32.0492 1988  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:54:32.0492 1988  rspndr - ok
07:54:32.0508 1988  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
07:54:32.0508 1988  SamSs - ok
07:54:32.0523 1988  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:54:32.0523 1988  sbp2port - ok
07:54:32.0555 1988  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:54:32.0555 1988  SCardSvr - ok
07:54:32.0586 1988  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
07:54:32.0601 1988  Schedule - ok
07:54:32.0633 1988  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:54:32.0633 1988  SCPolicySvc - ok
07:54:32.0664 1988  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:54:32.0664 1988  SDRSVC - ok
07:54:32.0742 1988  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
07:54:32.0757 1988  SeaPort - ok
07:54:32.0757 1988  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:54:32.0757 1988  secdrv - ok
07:54:32.0773 1988  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
07:54:32.0773 1988  seclogon - ok
07:54:32.0789 1988  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
07:54:32.0789 1988  SENS - ok
07:54:32.0804 1988  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:54:32.0804 1988  Serenum - ok
07:54:32.0820 1988  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:54:32.0820 1988  Serial - ok
07:54:32.0835 1988  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:54:32.0835 1988  sermouse - ok
07:54:32.0851 1988  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:54:32.0867 1988  SessionEnv - ok
07:54:32.0867 1988  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:54:32.0867 1988  sffdisk - ok
07:54:32.0882 1988  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:54:32.0882 1988  sffp_mmc - ok
07:54:32.0898 1988  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:54:32.0898 1988  sffp_sd - ok
07:54:32.0913 1988  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:54:32.0913 1988  sfloppy - ok
07:54:32.0929 1988  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:54:32.0929 1988  SharedAccess - ok
07:54:32.0960 1988  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:54:32.0960 1988  ShellHWDetection - ok
07:54:32.0976 1988  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:54:32.0976 1988  sisagp - ok
07:54:32.0991 1988  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
07:54:32.0991 1988  SiSRaid2 - ok
07:54:33.0007 1988  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:54:33.0023 1988  SiSRaid4 - ok
07:54:33.0054 1988  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
07:54:33.0054 1988  SkypeUpdate - ok
07:54:33.0147 1988  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
07:54:33.0194 1988  slsvc - ok
07:54:33.0210 1988  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
07:54:33.0225 1988  SLUINotify - ok
07:54:33.0241 1988  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:54:33.0241 1988  Smb - ok
07:54:33.0257 1988  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:54:33.0272 1988  SNMPTRAP - ok
07:54:33.0272 1988  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
07:54:33.0272 1988  spldr - ok
07:54:33.0303 1988  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
07:54:33.0303 1988  Spooler - ok
07:54:33.0350 1988  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
07:54:33.0381 1988  SQLAgent$MSSMLBIZ - ok
07:54:33.0428 1988  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:54:33.0428 1988  SQLBrowser - ok
07:54:33.0444 1988  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:54:33.0444 1988  SQLWriter - ok
07:54:33.0475 1988  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:54:33.0491 1988  srv - ok
07:54:33.0522 1988  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:54:33.0522 1988  srv2 - ok
07:54:33.0553 1988  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:54:33.0553 1988  srvnet - ok
07:54:33.0569 1988  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:54:33.0569 1988  SSDPSRV - ok
07:54:33.0584 1988  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:54:33.0600 1988  SstpSvc - ok
07:54:33.0631 1988  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
07:54:33.0647 1988  stisvc - ok
07:54:33.0647 1988  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:54:33.0647 1988  swenum - ok
07:54:33.0693 1988  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
07:54:33.0693 1988  swprv - ok
07:54:33.0709 1988  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
07:54:33.0709 1988  Symc8xx - ok
07:54:33.0725 1988  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
07:54:33.0725 1988  Sym_hi - ok
07:54:33.0740 1988  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
07:54:33.0740 1988  Sym_u3 - ok
07:54:33.0787 1988  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
07:54:33.0803 1988  SysMain - ok
07:54:33.0803 1988  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:54:33.0818 1988  TabletInputService - ok
07:54:33.0849 1988  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:54:33.0865 1988  TapiSrv - ok
07:54:33.0865 1988  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
07:54:33.0865 1988  TBS - ok
07:54:33.0927 1988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:54:33.0927 1988  Tcpip - ok
07:54:33.0959 1988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
07:54:33.0959 1988  Tcpip6 - ok
07:54:33.0990 1988  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:54:33.0990 1988  tcpipreg - ok
07:54:34.0005 1988  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:54:34.0005 1988  TDPIPE - ok
07:54:34.0005 1988  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:54:34.0005 1988  TDTCP - ok
07:54:34.0037 1988  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:54:34.0037 1988  tdx - ok
07:54:34.0052 1988  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:54:34.0052 1988  TermDD - ok
07:54:34.0068 1988  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
07:54:34.0083 1988  TermService - ok
07:54:34.0099 1988  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
07:54:34.0099 1988  Themes - ok
07:54:34.0115 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
07:54:34.0115 1988  THREADORDER - ok
07:54:34.0130 1988  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
07:54:34.0130 1988  TrkWks - ok
07:54:34.0161 1988  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:54:34.0161 1988  TrustedInstaller - ok
07:54:34.0177 1988  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:54:34.0177 1988  tssecsrv - ok
07:54:34.0193 1988  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
07:54:34.0193 1988  tunmp - ok
07:54:34.0208 1988  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:54:34.0208 1988  tunnel - ok
07:54:34.0239 1988  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys
07:54:34.0239 1988  tvicport - ok
07:54:34.0255 1988  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:54:34.0255 1988  uagp35 - ok
07:54:34.0286 1988  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:54:34.0286 1988  udfs - ok
07:54:34.0302 1988  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:54:34.0302 1988  UI0Detect - ok
07:54:34.0317 1988  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:54:34.0317 1988  uliagpkx - ok
07:54:34.0333 1988  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
07:54:34.0349 1988  uliahci - ok
07:54:34.0364 1988  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
07:54:34.0364 1988  UlSata - ok
07:54:34.0380 1988  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
07:54:34.0380 1988  ulsata2 - ok
07:54:34.0380 1988  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:54:34.0380 1988  umbus - ok
07:54:34.0395 1988  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
07:54:34.0411 1988  upnphost - ok
07:54:34.0442 1988  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:54:34.0442 1988  usbaudio - ok
07:54:34.0458 1988  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:54:34.0458 1988  usbccgp - ok
07:54:34.0473 1988  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:54:34.0473 1988  usbcir - ok
07:54:34.0520 1988  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:54:34.0520 1988  usbehci - ok
07:54:34.0536 1988  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:54:34.0536 1988  usbhub - ok
07:54:34.0536 1988  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
07:54:34.0536 1988  usbohci - ok
07:54:34.0551 1988  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:54:34.0551 1988  usbprint - ok
07:54:34.0583 1988  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:54:34.0583 1988  usbscan - ok
07:54:34.0583 1988  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:54:34.0583 1988  USBSTOR - ok
07:54:34.0598 1988  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:54:34.0598 1988  usbuhci - ok
07:54:34.0645 1988  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys
07:54:34.0645 1988  USB_RNDIS - ok
07:54:34.0661 1988  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
07:54:34.0676 1988  UxSms - ok
07:54:34.0723 1988  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
07:54:34.0723 1988  vds - ok
07:54:34.0754 1988  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:54:34.0754 1988  vga - ok
07:54:34.0770 1988  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:54:34.0770 1988  VgaSave - ok
07:54:34.0785 1988  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:54:34.0785 1988  viaagp - ok
07:54:34.0801 1988  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
07:54:34.0801 1988  ViaC7 - ok
07:54:34.0801 1988  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
07:54:34.0817 1988  viaide - ok
07:54:34.0817 1988  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:54:34.0817 1988  volmgr - ok
07:54:34.0848 1988  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:54:34.0848 1988  volmgrx - ok
07:54:34.0879 1988  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:54:34.0879 1988  volsnap - ok
07:54:34.0895 1988  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:54:34.0895 1988  vsmraid - ok
07:54:34.0926 1988  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
07:54:34.0957 1988  VSS - ok
07:54:34.0973 1988  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
07:54:34.0973 1988  W32Time - ok
07:54:34.0988 1988  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:54:34.0988 1988  WacomPen - ok
07:54:35.0004 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:54:35.0004 1988  Wanarp - ok
07:54:35.0004 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:54:35.0004 1988  Wanarpv6 - ok
07:54:35.0035 1988  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
07:54:35.0035 1988  WcesComm - ok
07:54:35.0066 1988  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:54:35.0082 1988  wcncsvc - ok
07:54:35.0097 1988  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:54:35.0097 1988  WcsPlugInService - ok
07:54:35.0113 1988  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
07:54:35.0113 1988  Wd - ok
07:54:35.0129 1988  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:54:35.0129 1988  Wdf01000 - ok
07:54:35.0144 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:54:35.0144 1988  WdiServiceHost - ok
07:54:35.0144 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:54:35.0144 1988  WdiSystemHost - ok
07:54:35.0175 1988  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
07:54:35.0175 1988  WebClient - ok
07:54:35.0207 1988  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:54:35.0207 1988  Wecsvc - ok
07:54:35.0222 1988  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:54:35.0222 1988  wercplsupport - ok
07:54:35.0238 1988  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:54:35.0238 1988  WerSvc - ok
07:54:35.0238 1988  WinHttpAutoProxySvc - ok
07:54:35.0269 1988  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:54:35.0269 1988  Winmgmt - ok
07:54:35.0300 1988  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:54:35.0331 1988  WinRM - ok
07:54:35.0363 1988  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
07:54:35.0363 1988  winusb - ok
07:54:35.0394 1988  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:54:35.0409 1988  Wlansvc - ok
07:54:35.0456 1988  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:54:35.0456 1988  wlcrasvc - ok
07:54:35.0534 1988  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:54:35.0565 1988  wlidsvc - ok
07:54:35.0565 1988  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:54:35.0565 1988  WmiAcpi - ok
07:54:35.0612 1988  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:54:35.0612 1988  wmiApSrv - ok
07:54:35.0643 1988  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:54:35.0659 1988  WMPNetworkSvc - ok
07:54:35.0675 1988  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:54:35.0690 1988  WPCSvc - ok
07:54:35.0737 1988  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:54:35.0753 1988  WPDBusEnum - ok
07:54:35.0831 1988  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:54:35.0862 1988  WPFFontCache_v0400 - ok
07:54:35.0877 1988  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:54:35.0877 1988  ws2ifsl - ok
07:54:35.0877 1988  WSearch - ok
07:54:35.0940 1988  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:54:35.0987 1988  wuauserv - ok
07:54:35.0987 1988  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:54:36.0002 1988  WUDFRd - ok
07:54:36.0018 1988  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:54:36.0018 1988  wudfsvc - ok
07:54:36.0033 1988  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys
07:54:36.0033 1988  zntport - ok
07:54:36.0049 1988  ================ Scan global ===============================
07:54:36.0065 1988  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
07:54:36.0096 1988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:54:36.0111 1988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:54:36.0143 1988  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
07:54:36.0143 1988  [Global] - ok
07:54:36.0143 1988  ================ Scan MBR ==================================
07:54:36.0158 1988  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
07:54:38.0233 1988  \Device\Harddisk0\DR0 - ok
07:54:38.0233 1988  ================ Scan VBR ==================================
07:54:38.0233 1988  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1
07:54:38.0233 1988  \Device\Harddisk0\DR0\Partition1 - ok
07:54:38.0249 1988  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2
07:54:38.0249 1988  \Device\Harddisk0\DR0\Partition2 - ok
07:54:38.0249 1988  ============================================================
07:54:38.0249 1988  Scan finished
07:54:38.0249 1988  ============================================================
07:54:38.0264 1336  Detected object count: 1
07:54:38.0264 1336  Actual detected object count: 1
07:54:53.0802 1336  netbt ( Virus.Win32.ZAccess.g ) - skipped by user
07:54:53.0802 1336  netbt ( Virus.Win32.ZAccess.g ) - User select action: Skip

Psychotic · 11.10.2012, 07:04

Au fein, da haben wir ein richtiges Herzchen mit dabei!

Schritt 1: Software deinstallieren

Klicke Start-->Systemsteuerung.
Öffne Programme und Funktionen.
Suche und deinstalliere folgende Einträge:

Zitat:

Ask Toolbar
Schließe das Fenster.

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Golderto · 11.10.2012, 07:35

Zu Schritt 1:
Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.

Soll ich Schritt 2 nun trotzdem ausführen?

Lg

Psychotic · 11.10.2012, 07:41

Das liegt am abgesicherten Modus - fahre fort mit Schritt 2!

Golderto · 11.10.2012, 09:37

Hallo Marius!

Irgendwie bin ich zu blöd, den McAfee zu deaktivieren... hatte alles deaktiviert, und plötzlich heißt es, dass ich immer noch Sachen offen hätte von McAfee... habe dann alle McAfee-Sachen mit dem Task Manager beendet und Combofix durchlaufen lassen.. mehr als 40 Minuten.. habe irgendwie das Gefühl, dass sich das Programm aufgehängt hat...

Was soll ich tun?
LG

Psychotic · 11.10.2012, 09:40

Warte noch etwas ab - dann starte den Rechner im abgesicherten Modus mit Netzwerktreibern, lösche die vorhandene combofix und beginne von vorn!

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Golderto · 11.10.2012, 12:47

Habe dies ca. 2-3 Mal gemacht und es findet immer noch nix, bzw. der Suchlauf kommt nicht zu einem Ergebnis/Ende... weiß nicht mehr was ich tun soll!

Psychotic · 11.10.2012, 12:51

Verdammt!

FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Golderto · 11.10.2012, 13:17

Jetzt hat mal was funktioniert

...

>>>

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 11-10-2012 14:14:21
Running from J:\
Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [582992 2007-08-03] (McAfee, Inc.)
HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]
HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eRecoveryService]  [x]
HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: []  [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\media\...\Run: [mpkcomka] C:\Users\media\mpkcomka.exe [x]
HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()

==================== Services (Whitelisted) ===================

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)
2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()
2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95232 2012-06-15] (McAfee, Inc.)
2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.)
3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-11-06] (McAfee, Inc.)
2 McShield; C:\Program Files\McAfee\VirusScan\McShield.exe [144704 2007-07-24] (McAfee, Inc.)
3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)
2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [856864 2007-07-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [23880 2007-11-26] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()
4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]
2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]

==================== Drivers (Whitelisted) ====================

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)
3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-21] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-21] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-21] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-21] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)
2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST
2012-10-11 03:59 - 2012-10-11 03:59 - 00000973 ____A C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk
2012-10-11 02:03 - 2012-10-11 02:04 - 00000000 ___SD C:\ComboFix
2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe
2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe
2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox
2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt
2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Downloads\tdsskiller.exe
2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe
2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp
2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe
2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt
2012-10-10 00:18 - 2012-10-10 00:18 - 00086202 ____A C:\Users\media\Desktop\OTL.Txt
2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt
2012-10-10 00:15 - 2012-10-10 00:15 - 00086202 ____A C:\Users\media\Downloads\OTL.Txt
2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt
2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe
2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe
2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log
2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable
2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe
2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes
2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-09 10:03 - 2012-10-09 10:03 - 00074137 ____A C:\Users\All Users\tnjymarzxnstcad
2012-10-09 10:03 - 2012-10-09 10:03 - 00000000 ____D C:\Users\All Users\ofrvdjtupebarrp
2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}
2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}
2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}
2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}
2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}
2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}
2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}
2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}
2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}
2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}
2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}
2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}
2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}
2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}
2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}
2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}
2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}
2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}
2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}
2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}
2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}
2012-09-19 10:17 - 2012-10-09 23:50 - 00000000 ____D C:\Users\media\AppData\Roaming\Xogy
2012-09-19 10:17 - 2012-10-09 10:04 - 00000000 ____D C:\Users\media\AppData\Roaming\Taype
2012-09-19 10:17 - 2012-09-19 10:17 - 00000000 ____D C:\Users\media\AppData\Roaming\Inpy
2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}
2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}
2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}
2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}
2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}
2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
2012-09-14 11:24 - 2012-09-14 11:24 - 00000000 ____D C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}
2012-09-13 10:21 - 2012-09-13 10:22 - 00000000 ____D C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}
2012-09-12 10:30 - 2012-09-12 10:30 - 00000000 ____D C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}
2012-09-11 22:30 - 2012-09-11 22:30 - 00000000 ____D C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}
2012-09-11 03:49 - 2012-09-11 03:49 - 00000000 ____D C:\Users\media\AppData\Local\{2D586E6E-C0C5-4DA5-82D9-5A4E5EC8A246}

==================== 3 Months Modified Files ==================

2012-10-11 04:12 - 2008-03-21 06:15 - 00022584 ____A C:\Windows\System32\Config.MPF
2012-10-11 04:09 - 2008-01-20 18:47 - 08086906 ____A C:\Windows\PFRO.log
2012-10-11 04:02 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-11 03:59 - 2012-10-11 03:59 - 00000973 ____A C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk
2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe
2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe
2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat
2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt
2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Downloads\tdsskiller.exe
2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe
2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt
2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp
2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP
2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe
2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt
2012-10-10 00:18 - 2012-10-10 00:18 - 00086202 ____A C:\Users\media\Desktop\OTL.Txt
2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt
2012-10-10 00:15 - 2012-10-10 00:15 - 00086202 ____A C:\Users\media\Downloads\OTL.Txt
2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe
2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe
2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log
2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable
2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe
2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-09 10:44 - 2008-09-03 06:04 - 01819520 ____A C:\Windows\WindowsUpdate.log
2012-10-09 10:44 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-09 10:44 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-09 10:44 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-09 10:44 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-09 10:07 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-09 10:03 - 2012-10-09 10:03 - 00074137 ____A C:\Users\All Users\tnjymarzxnstcad
2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-08 11:26 - 2012-07-29 00:47 - 00085504 ____A C:\Users\media\Desktop\Trainings Reinhard.xls
2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini
2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log
2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

ZeroAccess:
C:\Users\media\AppData\Local\6eb1f9e0
C:\Users\media\AppData\Local\6eb1f9e0\@
C:\Users\media\AppData\Local\6eb1f9e0\loader.tlb
C:\Users\media\AppData\Local\6eb1f9e0\U
C:\Users\media\AppData\Local\6eb1f9e0\X
C:\Users\media\AppData\Local\6eb1f9e0\U\00000001.@
C:\Users\media\AppData\Local\6eb1f9e0\U\000000c0.@
C:\Users\media\AppData\Local\6eb1f9e0\U\000000cb.@
C:\Users\media\AppData\Local\6eb1f9e0\U\000000cf.@
C:\Users\media\AppData\Local\6eb1f9e0\U\80000000.@
C:\Users\media\AppData\Local\6eb1f9e0\U\800000c0.@
C:\Users\media\AppData\Local\6eb1f9e0\U\800000cb.@
C:\Users\media\AppData\Local\6eb1f9e0\U\800000cf.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-08-24 09:58:27
Restore point made on: 2012-08-25 08:52:20
Restore point made on: 2012-08-26 10:29:49
Restore point made on: 2012-08-31 08:51:25
Restore point made on: 2012-09-01 00:01:22
Restore point made on: 2012-09-02 07:50:43
Restore point made on: 2012-09-04 10:29:58
Restore point made on: 2012-09-06 09:56:51
Restore point made on: 2012-09-07 07:57:32
Restore point made on: 2012-09-08 01:02:50
Restore point made on: 2012-09-11 04:36:25
Restore point made on: 2012-09-12 10:19:30
Restore point made on: 2012-09-13 10:26:53
Restore point made on: 2012-09-15 09:51:06
Restore point made on: 2012-09-18 09:38:55
Restore point made on: 2012-09-24 01:16:46
Restore point made on: 2012-09-26 02:56:58
Restore point made on: 2012-09-27 10:17:34
Restore point made on: 2012-09-29 00:28:15
Restore point made on: 2012-09-30 01:21:32
Restore point made on: 2012-10-01 00:18:57
Restore point made on: 2012-10-01 23:14:16
Restore point made on: 2012-10-04 07:03:22
Restore point made on: 2012-10-04 21:10:54
Restore point made on: 2012-10-06 00:45:10
Restore point made on: 2012-10-07 02:08:04
Restore point made on: 2012-10-09 09:33:17

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 4094.44 MB
Available physical RAM: 3697.63 MB
Total Pagefile: 3959.92 MB
Available Pagefile: 3781.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:176.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS
8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32
9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       596 GB  1083 KB         
  Disk 1    No Media        0 B      0 B         
  Disk 2    No Media        0 B      0 B         
  Disk 3    No Media        0 B      0 B         
  Disk 4    No Media        0 B      0 B         
  Disk 5    Online      7904 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               7993 MB    32 KB
  Partition 2    Primary            294 GB  7994 MB
  Partition 3    Primary            294 GB   302 GB

=========================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 06
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     C   ACER         NTFS   Partition    294 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     D   DATA         NTFS   Partition    294 GB  Healthy            

=========================================================

Partitions of Disk 5:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7904 MB    32 KB

=========================================================

Disk: 5
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     J   BMW          FAT32  Removable   7904 MB  Healthy            

=========================================================

Last Boot: 2012-10-11 02:16

==================== End Of Log ============================

Psychotic · 11.10.2012, 13:32

Schritt 1: Fix mit FRST

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\media\...\Run: [mpkcomka] C:\Users\media\mpkcomka.exe

C:\Users\media\mpkcomka.exe
C:\Users\All Users\tnjymarzxnstcad
C:\Users\All Users\ofrvdjtupebarrp
C:\Users\media\AppData\Roaming\Xogy
C:\Users\media\AppData\Roaming\Taype
C:\Users\media\AppData\Roaming\Inpy
C:\Users\All Users\tnjymarzxnstcad
C:\Users\media\AppData\Local\6eb1f9e0

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Starte den Rechner im normalen Modus!

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Golderto · 11.10.2012, 14:57

Hallo Marius!

Schritt 1:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-11 14:52:50 Run:1
Running from J:\

==============================================

HKEY_USERS\media\Software\Microsoft\Windows\CurrentVersion\Run\\mpkcomka Value deleted successfully.
C:\Users\media\mpkcomka.exe not found.
C:\Users\All Users\tnjymarzxnstcad moved successfully.
C:\Users\All Users\ofrvdjtupebarrp moved successfully.
C:\Users\media\AppData\Roaming\Xogy moved successfully.
C:\Users\media\AppData\Roaming\Taype moved successfully.
C:\Users\media\AppData\Roaming\Inpy moved successfully.
C:\Users\All Users\tnjymarzxnstcad not found.
C:\Users\media\AppData\Local\6eb1f9e0 moved successfully.

==== End of Fixlog ====

Schritt 2:
Ich habe den PC im normalen Modus gestartet, passt "soweit", aber immer noch das Problem mit Combofix, läuft schon ca. 30 Minuten... und es kommt keine Meldung... ?!

lg

Psychotic · 11.10.2012, 15:07

hmmm...mach bitte ein neues OTL-Log!

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Golderto · 11.10.2012, 15:36

OTL:

Code:

ATTFilter

OTL logfile created on: 11.10.2012 16:25:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,76% Memory free
6,22 Gb Paging File | 4,64 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 173,59 Gb Free Space | 58,98% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS
Drive J: | 7,70 Gb Total Space | 7,70 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 10:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL.exe
PRC - [2012.10.09 20:01:28 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009.04.11 08:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.13 08:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2005.10.20 11:36:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 11:36:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 20:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.30 20:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.03.31 06:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\media\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.10.05 12:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.04.11 06:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.04.11 06:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007.12.08 07:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.12.08 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at"
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.23 20:07:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 20:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 11:26:52 | 000,000,000 | ---D | M]
 
[2009.09.08 17:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions
[2012.08.31 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions
[2012.04.01 20:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com
[2012.07.31 11:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml
[2012.07.31 11:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.23 20:07:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.09.30 20:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.01 20:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.30 20:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 15:02:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.10.11 15:00:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.10.11 14:11:46 | 000,000,000 | ---D | C] -- C:\FRST
[2012.10.11 12:01:48 | 004,765,263 | R--- | C] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe
[2012.10.11 08:50:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.11 08:50:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.11 08:50:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.11 08:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.11 08:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.11 07:54:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe
[2012.10.10 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes
[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 09:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.09 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}
[2012.10.08 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}
[2012.10.08 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}
[2012.10.07 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}
[2012.10.07 09:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}
[2012.10.06 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}
[2012.10.05 17:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}
[2012.10.04 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}
[2012.10.03 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}
[2012.10.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}
[2012.10.02 08:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}
[2012.10.01 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}
[2012.09.30 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}
[2012.09.30 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}
[2012.09.27 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}
[2012.09.26 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}
[2012.09.25 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}
[2012.09.24 23:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}
[2012.09.24 11:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}
[2012.09.23 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}
[2012.09.20 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}
[2012.09.19 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}
[2012.09.18 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}
[2012.09.18 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}
[2012.09.17 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}
[2012.09.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}
[2012.09.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
[2012.09.14 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}
[2012.09.13 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}
[2012.09.12 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}
[2012.09.12 08:30:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}
[9 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 16:01:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 15:02:39 | 000,693,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.11 15:02:39 | 000,661,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.11 15:02:39 | 000,150,490 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.11 15:02:39 | 000,128,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.11 14:58:01 | 000,022,584 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.10.11 14:54:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 14:54:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 14:54:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 14:54:46 | 3220,299,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 13:59:16 | 000,000,973 | ---- | M] () -- C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk
[2012.10.11 12:01:30 | 004,765,263 | R--- | M] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe
[2012.10.11 10:32:16 | 000,001,356 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat
[2012.10.11 07:54:15 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe
[2012.10.10 10:29:02 | 239,283,638 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.10 10:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable
[2012.10.10 09:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 09:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.07 17:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf
[9 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.11 14:54:46 | 3220,299,776 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.11 13:59:16 | 000,000,973 | ---- | C] () -- C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk
[2012.10.11 08:50:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.11 08:50:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.11 08:50:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.11 08:50:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.11 08:50:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.10 10:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable
[2012.10.10 09:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 17:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf
[2011.07.14 13:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.27 18:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat
[2010.05.25 16:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat
[2009.03.21 18:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.20 12:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.05.09 16:01:14 | 000,000,000 | -HSD | M] -- C:\Users\media\AppData\Roaming\.#
[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console
[2010.05.05 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient
[2008.10.02 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games
[2008.09.11 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi
[2008.10.03 16:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames
[2011.11.28 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto
[2012.10.04 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express
[2008.09.29 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst
[2008.12.17 15:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache
[2011.12.03 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion
[2012.01.20 13:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity
[2010.08.22 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB26798$] ->  -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25

< End of report >

TDSSKiller:

Code:

ATTFilter

16:35:17.0646 5432  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:35:17.0849 5432  ============================================================
16:35:17.0849 5432  Current date / time: 2012/10/11 16:35:17.0849
16:35:17.0849 5432  SystemInfo:
16:35:17.0849 5432  
16:35:17.0849 5432  OS Version: 6.0.6002 ServicePack: 2.0
16:35:17.0849 5432  Product type: Workstation
16:35:17.0849 5432  ComputerName: MEDIA-PC
16:35:17.0849 5432  UserName: media
16:35:17.0849 5432  Windows directory: C:\Windows
16:35:17.0849 5432  System windows directory: C:\Windows
16:35:17.0849 5432  Processor architecture: Intel x86
16:35:17.0849 5432  Number of processors: 4
16:35:17.0849 5432  Page size: 0x1000
16:35:17.0849 5432  Boot type: Normal boot
16:35:17.0849 5432  ============================================================
16:35:18.0208 5432  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:35:18.0239 5432  Drive \Device\Harddisk5\DR5 - Size: 0x1EE000000 (7.72 Gb), SectorSize: 0x200, Cylinders: 0x3EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:35:18.0239 5432  ============================================================
16:35:18.0239 5432  \Device\Harddisk0\DR0:
16:35:18.0239 5432  MBR partitions:
16:35:18.0239 5432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000
16:35:18.0239 5432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800
16:35:18.0239 5432  \Device\Harddisk5\DR5:
16:35:18.0239 5432  MBR partitions:
16:35:18.0239 5432  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xF6FFC0
16:35:18.0239 5432  ============================================================
16:35:18.0270 5432  C: <-> \Device\Harddisk0\DR0\Partition1
16:35:18.0301 5432  D: <-> \Device\Harddisk0\DR0\Partition2
16:35:18.0301 5432  ============================================================
16:35:18.0301 5432  Initialize success
16:35:18.0301 5432  ============================================================
16:35:24.0713 5864  ============================================================
16:35:24.0713 5864  Scan started
16:35:24.0713 5864  Mode: Manual; 
16:35:24.0713 5864  ============================================================
16:35:25.0040 5864  ================ Scan system memory ========================
16:35:25.0040 5864  System memory - ok
16:35:25.0040 5864  ================ Scan services =============================
16:35:25.0150 5864  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
16:35:25.0150 5864  Acer HomeMedia Connect Service - ok
16:35:25.0181 5864  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
16:35:25.0181 5864  AcerMemUsageCheckService - ok
16:35:25.0789 5864  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:35:25.0789 5864  ACPI - ok
16:35:25.0820 5864  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:35:25.0836 5864  AdobeFlashPlayerUpdateSvc - ok
16:35:25.0867 5864  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:35:25.0867 5864  adp94xx - ok
16:35:25.0883 5864  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:35:25.0914 5864  adpahci - ok
16:35:25.0945 5864  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:35:25.0945 5864  adpu160m - ok
16:35:25.0961 5864  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:35:25.0961 5864  adpu320 - ok
16:35:25.0992 5864  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:35:25.0992 5864  AeLookupSvc - ok
16:35:26.0039 5864  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:35:26.0039 5864  AFD - ok
16:35:26.0054 5864  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:35:26.0054 5864  agp440 - ok
16:35:26.0070 5864  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:35:26.0070 5864  aic78xx - ok
16:35:26.0086 5864  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:35:26.0086 5864  ALG - ok
16:35:26.0101 5864  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:35:26.0101 5864  aliide - ok
16:35:26.0117 5864  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:35:26.0117 5864  amdagp - ok
16:35:26.0132 5864  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:35:26.0132 5864  amdide - ok
16:35:26.0148 5864  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:35:26.0148 5864  AmdK7 - ok
16:35:26.0164 5864  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:35:26.0164 5864  AmdK8 - ok
16:35:26.0195 5864  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:35:26.0195 5864  Appinfo - ok
16:35:26.0210 5864  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:35:26.0210 5864  arc - ok
16:35:26.0242 5864  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:35:26.0242 5864  arcsas - ok
16:35:26.0273 5864  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:26.0288 5864  AsyncMac - ok
16:35:26.0320 5864  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:35:26.0320 5864  atapi - ok
16:35:26.0351 5864  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:35:26.0351 5864  AudioEndpointBuilder - ok
16:35:26.0366 5864  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:35:26.0366 5864  Audiosrv - ok
16:35:26.0444 5864  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:35:26.0460 5864  BBSvc - ok
16:35:26.0507 5864  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:35:26.0522 5864  BcmSqlStartupSvc - ok
16:35:26.0522 5864  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:35:26.0522 5864  Beep - ok
16:35:26.0569 5864  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:35:26.0569 5864  BFE - ok
16:35:26.0616 5864  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:35:26.0616 5864  BITS - ok
16:35:26.0647 5864  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:35:26.0663 5864  blbdrive - ok
16:35:26.0678 5864  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:35:26.0678 5864  bowser - ok
16:35:26.0694 5864  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:35:26.0694 5864  BrFiltLo - ok
16:35:26.0710 5864  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:35:26.0710 5864  BrFiltUp - ok
16:35:26.0725 5864  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:35:26.0741 5864  Browser - ok
16:35:26.0741 5864  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:35:26.0741 5864  Brserid - ok
16:35:26.0756 5864  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:35:26.0772 5864  BrSerWdm - ok
16:35:26.0772 5864  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:35:26.0788 5864  BrUsbMdm - ok
16:35:26.0788 5864  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:35:26.0788 5864  BrUsbSer - ok
16:35:26.0803 5864  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:35:26.0803 5864  BTHMODEM - ok
16:35:26.0990 5864  catchme - ok
16:35:27.0115 5864  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:35:27.0115 5864  cdfs - ok
16:35:27.0131 5864  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:35:27.0131 5864  cdrom - ok
16:35:27.0162 5864  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:35:27.0162 5864  CertPropSvc - ok
16:35:27.0178 5864  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
16:35:27.0178 5864  circlass - ok
16:35:27.0209 5864  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:35:27.0224 5864  CLFS - ok
16:35:27.0271 5864  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:27.0271 5864  clr_optimization_v2.0.50727_32 - ok
16:35:27.0334 5864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:27.0334 5864  clr_optimization_v4.0.30319_32 - ok
16:35:27.0349 5864  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:35:27.0349 5864  cmdide - ok
16:35:27.0365 5864  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:35:27.0365 5864  Compbatt - ok
16:35:27.0380 5864  COMSysApp - ok
16:35:27.0380 5864  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:35:27.0380 5864  crcdisk - ok
16:35:27.0396 5864  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:35:27.0396 5864  Crusoe - ok
16:35:27.0427 5864  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:35:27.0427 5864  CryptSvc - ok
16:35:27.0458 5864  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
16:35:27.0458 5864  CVirtA - ok
16:35:27.0568 5864  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
16:35:27.0583 5864  CVPND - ok
16:35:27.0614 5864  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
16:35:27.0614 5864  CVPNDRVA - ok
16:35:27.0646 5864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:35:27.0661 5864  DcomLaunch - ok
16:35:27.0708 5864  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:35:27.0708 5864  DfsC - ok
16:35:27.0770 5864  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:35:27.0802 5864  DFSR - ok
16:35:27.0833 5864  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:35:27.0833 5864  Dhcp - ok
16:35:27.0864 5864  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:35:27.0864 5864  disk - ok
16:35:27.0895 5864  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
16:35:27.0895 5864  DNE - ok
16:35:27.0942 5864  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:35:27.0942 5864  Dnscache - ok
16:35:27.0973 5864  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:35:27.0973 5864  dot3svc - ok
16:35:28.0004 5864  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:35:28.0020 5864  Dot4 - ok
16:35:28.0036 5864  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:35:28.0036 5864  Dot4Print - ok
16:35:28.0051 5864  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:35:28.0051 5864  dot4usb - ok
16:35:28.0082 5864  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:35:28.0082 5864  DPS - ok
16:35:28.0098 5864  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:35:28.0098 5864  drmkaud - ok
16:35:28.0129 5864  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:35:28.0145 5864  DXGKrnl - ok
16:35:28.0160 5864  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:35:28.0160 5864  E1G60 - ok
16:35:28.0192 5864  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:35:28.0192 5864  EapHost - ok
16:35:28.0238 5864  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:35:28.0238 5864  Ecache - ok
16:35:28.0270 5864  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
16:35:28.0270 5864  eDataSecurity Service - ok
16:35:28.0301 5864  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:35:28.0316 5864  ehRecvr - ok
16:35:28.0348 5864  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:35:28.0348 5864  ehSched - ok
16:35:28.0348 5864  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:35:28.0348 5864  ehstart - ok
16:35:28.0379 5864  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:35:28.0379 5864  elxstor - ok
16:35:28.0410 5864  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:35:28.0426 5864  EMDMgmt - ok
16:35:28.0472 5864  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
16:35:28.0472 5864  eRecoveryService - ok
16:35:28.0488 5864  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:35:28.0504 5864  ErrDev - ok
16:35:28.0550 5864  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
16:35:28.0550 5864  eSettingsService - ok
16:35:28.0582 5864  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:35:28.0582 5864  EventSystem - ok
16:35:28.0613 5864  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:35:28.0613 5864  exfat - ok
16:35:28.0644 5864  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:35:28.0644 5864  fastfat - ok
16:35:28.0660 5864  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:35:28.0660 5864  fdc - ok
16:35:28.0675 5864  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:35:28.0675 5864  fdPHost - ok
16:35:28.0691 5864  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:35:28.0691 5864  FDResPub - ok
16:35:28.0706 5864  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:35:28.0706 5864  FileInfo - ok
16:35:28.0722 5864  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:35:28.0722 5864  Filetrace - ok
16:35:28.0722 5864  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:28.0722 5864  flpydisk - ok
16:35:28.0769 5864  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:35:28.0769 5864  FltMgr - ok
16:35:28.0816 5864  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:35:28.0816 5864  FontCache - ok
16:35:28.0878 5864  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:35:28.0878 5864  FontCache3.0.0.0 - ok
16:35:28.0909 5864  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:35:28.0909 5864  fssfltr - ok
16:35:29.0003 5864  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:35:29.0034 5864  fsssvc - ok
16:35:29.0065 5864  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:35:29.0065 5864  Fs_Rec - ok
16:35:29.0081 5864  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:35:29.0081 5864  gagp30kx - ok
16:35:29.0112 5864  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:35:29.0112 5864  gpsvc - ok
16:35:29.0143 5864  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:35:29.0143 5864  HdAudAddService - ok
16:35:29.0190 5864  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:35:29.0190 5864  HDAudBus - ok
16:35:29.0206 5864  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:35:29.0206 5864  HidBth - ok
16:35:29.0221 5864  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:35:29.0221 5864  HidIr - ok
16:35:29.0252 5864  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
16:35:29.0252 5864  hidserv - ok
16:35:29.0268 5864  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:35:29.0268 5864  HidUsb - ok
16:35:29.0299 5864  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:35:29.0299 5864  hkmsvc - ok
16:35:29.0315 5864  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:35:29.0315 5864  HpCISSs - ok
16:35:29.0424 5864  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:35:29.0424 5864  hpqcxs08 - ok
16:35:29.0424 5864  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:35:29.0424 5864  hpqddsvc - ok
16:35:29.0455 5864  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:35:29.0471 5864  HTTP - ok
16:35:29.0486 5864  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:35:29.0486 5864  i2omp - ok
16:35:29.0502 5864  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:35:29.0502 5864  i8042prt - ok
16:35:29.0533 5864  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys
16:35:29.0533 5864  iaStor - ok
16:35:29.0549 5864  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:35:29.0549 5864  iaStorV - ok
16:35:29.0642 5864  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:35:29.0642 5864  IDriverT - ok
16:35:29.0689 5864  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:35:29.0689 5864  idsvc - ok
16:35:29.0736 5864  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:35:29.0736 5864  iirsp - ok
16:35:29.0767 5864  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:35:29.0783 5864  IKEEXT - ok
16:35:29.0814 5864  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
16:35:29.0814 5864  int15 - ok
16:35:29.0861 5864  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:35:29.0908 5864  IntcAzAudAddService - ok
16:35:29.0923 5864  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:35:29.0923 5864  intelide - ok
16:35:29.0939 5864  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:35:29.0939 5864  intelppm - ok
16:35:29.0954 5864  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:35:29.0954 5864  IPBusEnum - ok
16:35:29.0970 5864  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:35:29.0970 5864  IpFilterDriver - ok
16:35:29.0970 5864  IpInIp - ok
16:35:30.0001 5864  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:35:30.0001 5864  IPMIDRV - ok
16:35:30.0017 5864  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:35:30.0032 5864  IPNAT - ok
16:35:30.0048 5864  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:35:30.0048 5864  IRENUM - ok
16:35:30.0064 5864  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:35:30.0064 5864  isapnp - ok
16:35:30.0095 5864  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:35:30.0095 5864  iScsiPrt - ok
16:35:30.0110 5864  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:35:30.0110 5864  iteatapi - ok
16:35:30.0142 5864  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:35:30.0142 5864  iteraid - ok
16:35:30.0157 5864  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:35:30.0157 5864  kbdclass - ok
16:35:30.0188 5864  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:35:30.0188 5864  kbdhid - ok
16:35:30.0204 5864  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
16:35:30.0204 5864  KeyIso - ok
16:35:30.0251 5864  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:35:30.0251 5864  KSecDD - ok
16:35:30.0282 5864  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:35:30.0282 5864  KtmRm - ok
16:35:30.0313 5864  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:35:30.0313 5864  LanmanServer - ok
16:35:30.0360 5864  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:35:30.0360 5864  LanmanWorkstation - ok
16:35:30.0391 5864  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:35:30.0391 5864  LightScribeService - ok
16:35:30.0407 5864  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:35:30.0407 5864  lltdio - ok
16:35:30.0422 5864  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:35:30.0422 5864  lltdsvc - ok
16:35:30.0438 5864  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:35:30.0438 5864  lmhosts - ok
16:35:30.0454 5864  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:35:30.0454 5864  LSI_FC - ok
16:35:30.0469 5864  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:35:30.0469 5864  LSI_SAS - ok
16:35:30.0500 5864  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:35:30.0500 5864  LSI_SCSI - ok
16:35:30.0516 5864  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:35:30.0516 5864  luafv - ok
16:35:30.0547 5864  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:35:30.0547 5864  MBAMProtector - ok
16:35:30.0594 5864  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:35:30.0610 5864  MBAMScheduler - ok
16:35:30.0625 5864  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:35:30.0641 5864  MBAMService - ok
16:35:30.0719 5864  [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
16:35:30.0719 5864  McAfee SiteAdvisor Service - ok
16:35:30.0766 5864  [ CB3A8976DE2F65349322DA7627CEA223 ] mcmscsvc        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
16:35:30.0766 5864  mcmscsvc - ok
16:35:30.0875 5864  [ C69E71E00B30B60556D3E096699BD423 ] McNASvc         c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
16:35:30.0890 5864  McNASvc - ok
16:35:30.0953 5864  [ 21456F3051CBEFD1F2D60D8B9AB9C6EE ] McODS           C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
16:35:30.0953 5864  McODS - ok
16:35:30.0968 5864  [ 8CF3DA0BE6094C34D7C4A85493E60547 ] McProxy         c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
16:35:30.0968 5864  McProxy - ok
16:35:30.0984 5864  [ 33734ABFA52EC8D096A1254D645E9B4F ] McShield        C:\Program Files\McAfee\VirusScan\McShield.exe
16:35:30.0984 5864  McShield - ok
16:35:31.0015 5864  [ FD47DF2BCC3544DF65B01AD6B6062430 ] McSysmon        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
16:35:31.0015 5864  McSysmon - ok
16:35:31.0046 5864  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:35:31.0046 5864  Mcx2Svc - ok
16:35:31.0078 5864  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:35:31.0078 5864  megasas - ok
16:35:31.0109 5864  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:35:31.0109 5864  MegaSR - ok
16:35:31.0124 5864  [ C97CBFD71C1C215150A3B3E55F77A7A3 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
16:35:31.0124 5864  mfeavfk - ok
16:35:31.0140 5864  [ 5447338B83A1A2354FB2FEA7604387FD ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
16:35:31.0140 5864  mfebopk - ok
16:35:31.0171 5864  [ 6C9A6ED60B8FC3BAF72FE1B1D096445B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
16:35:31.0171 5864  mfehidk - ok
16:35:31.0187 5864  [ A551154B51D6A93FCCF70FC4E8EAF4BD ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys
16:35:31.0187 5864  mferkdk - ok
16:35:31.0202 5864  [ 299A86B780C9627AAA24E74292363ED2 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys
16:35:31.0202 5864  mfesmfk - ok
16:35:31.0249 5864  Microsoft SharePoint Workspace Audit Service - ok
16:35:31.0265 5864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:35:31.0265 5864  MMCSS - ok
16:35:31.0280 5864  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:35:31.0280 5864  Modem - ok
16:35:31.0280 5864  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:35:31.0296 5864  monitor - ok
16:35:31.0343 5864  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:35:31.0343 5864  mouclass - ok
16:35:31.0358 5864  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:35:31.0358 5864  mouhid - ok
16:35:31.0374 5864  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:35:31.0374 5864  MountMgr - ok
16:35:31.0405 5864  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:35:31.0421 5864  MozillaMaintenance - ok
16:35:31.0436 5864  [ 96CF5286BC370B558735A7B891232D92 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys
16:35:31.0436 5864  MPFP - ok
16:35:31.0468 5864  [ 346F30F1FF73553AA466F4AE7948DA00 ] MpfService      C:\Program Files\McAfee\MPF\MPFSrv.exe
16:35:31.0468 5864  MpfService - ok
16:35:31.0499 5864  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:35:31.0499 5864  mpio - ok
16:35:31.0499 5864  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:35:31.0514 5864  mpsdrv - ok
16:35:31.0530 5864  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:35:31.0530 5864  Mraid35x - ok
16:35:31.0561 5864  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:35:31.0561 5864  MRxDAV - ok
16:35:31.0592 5864  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:35:31.0592 5864  mrxsmb - ok
16:35:31.0608 5864  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:35:31.0608 5864  mrxsmb10 - ok
16:35:31.0624 5864  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:35:31.0624 5864  mrxsmb20 - ok
16:35:31.0639 5864  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:35:31.0639 5864  msahci - ok
16:35:31.0655 5864  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:35:31.0655 5864  msdsm - ok
16:35:31.0670 5864  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:35:31.0670 5864  MSDTC - ok
16:35:31.0686 5864  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:35:31.0686 5864  Msfs - ok
16:35:31.0717 5864  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:35:31.0717 5864  msisadrv - ok
16:35:31.0748 5864  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:35:31.0748 5864  MSiSCSI - ok
16:35:31.0748 5864  msiserver - ok
16:35:31.0795 5864  [ A05DE3535884270B8D292DCBDD6DED20 ] MSK80Service    C:\Program Files\McAfee\MSK\MskSrver.exe
16:35:31.0795 5864  MSK80Service - ok
16:35:31.0811 5864  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:35:31.0811 5864  MSKSSRV - ok
16:35:31.0842 5864  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:35:31.0842 5864  MSPCLOCK - ok
16:35:31.0842 5864  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:35:31.0842 5864  MSPQM - ok
16:35:31.0873 5864  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:35:31.0873 5864  MsRPC - ok
16:35:31.0889 5864  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:35:31.0889 5864  mssmbios - ok
16:35:31.0920 5864  MSSQL$MSSMLBIZ - ok
16:35:31.0998 5864  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:35:31.0998 5864  MSSQLServerADHelper100 - ok
16:35:32.0014 5864  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:35:32.0014 5864  MSTEE - ok
16:35:32.0014 5864  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:35:32.0014 5864  Mup - ok
16:35:32.0060 5864  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
16:35:32.0060 5864  napagent - ok
16:35:32.0107 5864  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:35:32.0107 5864  NativeWifiP - ok
16:35:32.0138 5864  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:35:32.0138 5864  NDIS - ok
16:35:32.0154 5864  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:35:32.0154 5864  NdisTapi - ok
16:35:32.0154 5864  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:35:32.0154 5864  Ndisuio - ok
16:35:32.0201 5864  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:35:32.0201 5864  NdisWan - ok
16:35:32.0216 5864  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:35:32.0216 5864  NDProxy - ok
16:35:32.0232 5864  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:35:32.0248 5864  Net Driver HPZ12 - ok
16:35:32.0248 5864  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:35:32.0248 5864  NetBIOS - ok
16:35:32.0279 5864  [ 12856F7F1E943F6762A5CA341BE5AC77 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:35:32.0279 5864  netbt ( Virus.Win32.ZAccess.g ) - infected
16:35:32.0279 5864  netbt - detected Virus.Win32.ZAccess.g (0)
16:35:32.0279 5864  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
16:35:32.0279 5864  Netlogon - ok
16:35:32.0310 5864  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:35:32.0310 5864  Netman - ok
16:35:32.0326 5864  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:35:32.0326 5864  netprofm - ok
16:35:32.0357 5864  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:35:32.0357 5864  NetTcpPortSharing - ok
16:35:32.0372 5864  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:35:32.0372 5864  nfrd960 - ok
16:35:32.0404 5864  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:35:32.0404 5864  NlaSvc - ok
16:35:32.0419 5864  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:35:32.0419 5864  Npfs - ok
16:35:32.0419 5864  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:35:32.0419 5864  nsi - ok
16:35:32.0450 5864  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:35:32.0450 5864  nsiproxy - ok
16:35:32.0497 5864  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:35:32.0497 5864  Ntfs - ok
16:35:32.0513 5864  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:35:32.0528 5864  NTIDrvr - ok
16:35:32.0528 5864  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:35:32.0528 5864  ntrigdigi - ok
16:35:32.0544 5864  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:35:32.0544 5864  Null - ok
16:35:32.0575 5864  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:35:32.0575 5864  NVENETFD - ok
16:35:32.0622 5864  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
16:35:32.0622 5864  NVHDA - ok
16:35:32.0794 5864  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:35:32.0934 5864  nvlddmkm - ok
16:35:32.0965 5864  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:35:32.0965 5864  nvraid - ok
16:35:32.0965 5864  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys
16:35:32.0981 5864  nvrd32 - ok
16:35:32.0996 5864  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
16:35:32.0996 5864  nvsmu - ok
16:35:33.0012 5864  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:35:33.0012 5864  nvstor - ok
16:35:33.0012 5864  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
16:35:33.0012 5864  nvstor32 - ok
16:35:33.0043 5864  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:35:33.0043 5864  nvsvc - ok
16:35:33.0059 5864  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:35:33.0074 5864  nv_agp - ok
16:35:33.0074 5864  NwlnkFlt - ok
16:35:33.0074 5864  NwlnkFwd - ok
16:35:33.0121 5864  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:35:33.0121 5864  ohci1394 - ok
16:35:33.0168 5864  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:35:33.0168 5864  ose - ok
16:35:33.0308 5864  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:35:33.0340 5864  osppsvc - ok
16:35:33.0371 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:35:33.0371 5864  p2pimsvc - ok
16:35:33.0386 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:35:33.0402 5864  p2psvc - ok
16:35:33.0418 5864  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:35:33.0418 5864  Parport - ok
16:35:33.0449 5864  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:35:33.0449 5864  partmgr - ok
16:35:33.0464 5864  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:35:33.0464 5864  Parvdm - ok
16:35:33.0464 5864  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:35:33.0480 5864  PcaSvc - ok
16:35:33.0496 5864  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
16:35:33.0511 5864  pci - ok
16:35:33.0511 5864  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
16:35:33.0511 5864  pciide - ok
16:35:33.0542 5864  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:35:33.0542 5864  pcmcia - ok
16:35:33.0574 5864  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:35:33.0574 5864  PEAUTH - ok
16:35:33.0636 5864  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:35:33.0667 5864  pla - ok
16:35:33.0698 5864  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:35:33.0698 5864  PlugPlay - ok
16:35:33.0730 5864  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:35:33.0730 5864  Pml Driver HPZ12 - ok
16:35:33.0745 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:35:33.0745 5864  PNRPAutoReg - ok
16:35:33.0761 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:35:33.0761 5864  PNRPsvc - ok
16:35:33.0792 5864  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:35:33.0808 5864  PolicyAgent - ok
16:35:33.0823 5864  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:35:33.0823 5864  PptpMiniport - ok
16:35:33.0839 5864  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
16:35:33.0854 5864  Processor - ok
16:35:33.0870 5864  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:35:33.0870 5864  ProfSvc - ok
16:35:33.0886 5864  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:35:33.0886 5864  ProtectedStorage - ok
16:35:33.0917 5864  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:35:33.0917 5864  PSched - ok
16:35:33.0932 5864  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
16:35:33.0932 5864  PSDFilter - ok
16:35:33.0948 5864  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
16:35:33.0948 5864  PSDNServ - ok
16:35:33.0948 5864  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
16:35:33.0948 5864  psdvdisk - ok
16:35:33.0964 5864  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
16:35:33.0979 5864  PxHelp20 - ok
16:35:34.0010 5864  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:35:34.0026 5864  ql2300 - ok
16:35:34.0057 5864  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:35:34.0057 5864  ql40xx - ok
16:35:34.0073 5864  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:35:34.0073 5864  QWAVE - ok
16:35:34.0088 5864  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:35:34.0088 5864  QWAVEdrv - ok
16:35:34.0151 5864  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
16:35:34.0151 5864  RapiMgr - ok
16:35:34.0166 5864  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:35:34.0166 5864  RasAcd - ok
16:35:34.0166 5864  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:35:34.0182 5864  RasAuto - ok
16:35:34.0182 5864  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:35:34.0198 5864  Rasl2tp - ok
16:35:34.0229 5864  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
16:35:34.0229 5864  RasMan - ok
16:35:34.0260 5864  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:35:34.0260 5864  RasPppoe - ok
16:35:34.0291 5864  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:35:34.0291 5864  RasSstp - ok
16:35:34.0322 5864  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:35:34.0322 5864  rdbss - ok
16:35:34.0322 5864  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:35:34.0338 5864  RDPCDD - ok
16:35:34.0354 5864  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:35:34.0354 5864  rdpdr - ok
16:35:34.0354 5864  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:35:34.0354 5864  RDPENCDD - ok
16:35:34.0385 5864  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:35:34.0385 5864  RDPWD - ok
16:35:34.0416 5864  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:35:34.0416 5864  RemoteAccess - ok
16:35:34.0447 5864  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:35:34.0447 5864  RemoteRegistry - ok
16:35:34.0494 5864  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:35:34.0494 5864  RichVideo - ok
16:35:34.0525 5864  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
16:35:34.0525 5864  RimUsb - ok
16:35:34.0556 5864  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
16:35:34.0572 5864  RimVSerPort - ok
16:35:34.0572 5864  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
16:35:34.0588 5864  ROOTMODEM - ok
16:35:34.0634 5864  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
16:35:34.0634 5864  Roxio UPnP Renderer 9 - ok
16:35:34.0666 5864  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
16:35:34.0666 5864  Roxio Upnp Server 9 - ok
16:35:34.0697 5864  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
16:35:34.0697 5864  RoxLiveShare9 - ok
16:35:34.0744 5864  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:35:34.0775 5864  RoxMediaDB9 - ok
16:35:34.0790 5864  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
16:35:34.0790 5864  RoxWatch9 - ok
16:35:34.0806 5864  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:35:34.0806 5864  RpcLocator - ok
16:35:34.0837 5864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
16:35:34.0853 5864  RpcSs - ok
16:35:34.0884 5864  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
16:35:34.0884 5864  RsFx0103 - ok
16:35:34.0900 5864  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:35:34.0900 5864  rspndr - ok
16:35:34.0915 5864  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
16:35:34.0915 5864  SamSs - ok
16:35:34.0931 5864  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:35:34.0931 5864  sbp2port - ok
16:35:34.0962 5864  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:35:34.0962 5864  SCardSvr - ok
16:35:34.0993 5864  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
16:35:34.0993 5864  Schedule - ok
16:35:35.0024 5864  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:35:35.0040 5864  SCPolicySvc - ok
16:35:35.0056 5864  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:35:35.0056 5864  SDRSVC - ok
16:35:35.0134 5864  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:35:35.0134 5864  SeaPort - ok
16:35:35.0149 5864  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:35:35.0149 5864  secdrv - ok
16:35:35.0165 5864  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:35:35.0165 5864  seclogon - ok
16:35:35.0180 5864  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:35:35.0180 5864  SENS - ok
16:35:35.0196 5864  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:35:35.0196 5864  Serenum - ok
16:35:35.0212 5864  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:35:35.0212 5864  Serial - ok
16:35:35.0227 5864  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:35:35.0227 5864  sermouse - ok
16:35:35.0243 5864  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:35:35.0243 5864  SessionEnv - ok
16:35:35.0258 5864  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:35:35.0274 5864  sffdisk - ok
16:35:35.0274 5864  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:35:35.0274 5864  sffp_mmc - ok
16:35:35.0290 5864  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:35:35.0290 5864  sffp_sd - ok
16:35:35.0305 5864  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:35:35.0305 5864  sfloppy - ok
16:35:35.0321 5864  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:35:35.0321 5864  SharedAccess - ok
16:35:35.0352 5864  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:35:35.0352 5864  ShellHWDetection - ok
16:35:35.0368 5864  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:35:35.0368 5864  sisagp - ok
16:35:35.0383 5864  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:35:35.0383 5864  SiSRaid2 - ok
16:35:35.0399 5864  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:35:35.0399 5864  SiSRaid4 - ok
16:35:35.0446 5864  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:35:35.0446 5864  SkypeUpdate - ok
16:35:35.0539 5864  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
16:35:35.0586 5864  slsvc - ok
16:35:35.0602 5864  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:35:35.0617 5864  SLUINotify - ok
16:35:35.0648 5864  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:35:35.0664 5864  Smb - ok
16:35:35.0664 5864  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:35:35.0680 5864  SNMPTRAP - ok
16:35:35.0680 5864  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:35:35.0680 5864  spldr - ok
16:35:35.0711 5864  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:35:35.0711 5864  Spooler - ok
16:35:35.0758 5864  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
16:35:35.0758 5864  SQLAgent$MSSMLBIZ - ok
16:35:35.0804 5864  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:35:35.0804 5864  SQLBrowser - ok
16:35:35.0836 5864  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:35:35.0836 5864  SQLWriter - ok
16:35:35.0867 5864  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:35:35.0867 5864  srv - ok
16:35:35.0898 5864  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:35:35.0898 5864  srv2 - ok
16:35:35.0929 5864  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:35:35.0929 5864  srvnet - ok
16:35:35.0960 5864  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:35:35.0960 5864  SSDPSRV - ok
16:35:35.0976 5864  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:35:35.0976 5864  SstpSvc - ok
16:35:36.0023 5864  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
16:35:36.0023 5864  stisvc - ok
16:35:36.0038 5864  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:35:36.0038 5864  swenum - ok
16:35:36.0070 5864  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
16:35:36.0085 5864  swprv - ok
16:35:36.0085 5864  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:35:36.0085 5864  Symc8xx - ok
16:35:36.0101 5864  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:35:36.0101 5864  Sym_hi - ok
16:35:36.0116 5864  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:35:36.0116 5864  Sym_u3 - ok
16:35:36.0148 5864  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
16:35:36.0163 5864  SysMain - ok
16:35:36.0179 5864  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:35:36.0179 5864  TabletInputService - ok
16:35:36.0210 5864  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:35:36.0210 5864  TapiSrv - ok
16:35:36.0226 5864  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:35:36.0226 5864  TBS - ok
16:35:36.0272 5864  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:35:36.0272 5864  Tcpip - ok
16:35:36.0319 5864  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:35:36.0319 5864  Tcpip6 - ok
16:35:36.0350 5864  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:35:36.0350 5864  tcpipreg - ok
16:35:36.0366 5864  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:35:36.0397 5864  TDPIPE - ok
16:35:36.0397 5864  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:35:36.0397 5864  TDTCP - ok
16:35:36.0444 5864  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:35:36.0444 5864  tdx - ok
16:35:36.0444 5864  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:35:36.0460 5864  TermDD - ok
16:35:36.0475 5864  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
16:35:36.0475 5864  TermService - ok
16:35:36.0491 5864  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
16:35:36.0491 5864  Themes - ok
16:35:36.0506 5864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:35:36.0506 5864  THREADORDER - ok
16:35:36.0522 5864  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:35:36.0522 5864  TrkWks - ok
16:35:36.0569 5864  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:35:36.0569 5864  TrustedInstaller - ok
16:35:36.0584 5864  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:35:36.0584 5864  tssecsrv - ok
16:35:36.0600 5864  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:35:36.0600 5864  tunmp - ok
16:35:36.0616 5864  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:35:36.0616 5864  tunnel - ok
16:35:36.0647 5864  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys
16:35:36.0647 5864  tvicport - ok
16:35:36.0662 5864  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:35:36.0662 5864  uagp35 - ok
16:35:36.0678 5864  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:35:36.0678 5864  udfs - ok
16:35:36.0694 5864  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:35:36.0709 5864  UI0Detect - ok
16:35:36.0725 5864  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:35:36.0725 5864  uliagpkx - ok
16:35:36.0740 5864  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:35:36.0740 5864  uliahci - ok
16:35:36.0756 5864  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:35:36.0756 5864  UlSata - ok
16:35:36.0772 5864  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:35:36.0772 5864  ulsata2 - ok
16:35:36.0787 5864  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:35:36.0787 5864  umbus - ok
16:35:36.0803 5864  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:35:36.0803 5864  upnphost - ok
16:35:36.0834 5864  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:35:36.0850 5864  usbaudio - ok
16:35:36.0865 5864  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:35:36.0865 5864  usbccgp - ok
16:35:36.0881 5864  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:35:36.0881 5864  usbcir - ok
16:35:36.0912 5864  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:35:36.0912 5864  usbehci - ok
16:35:36.0928 5864  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:35:36.0943 5864  usbhub - ok
16:35:36.0943 5864  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:35:36.0943 5864  usbohci - ok
16:35:36.0959 5864  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:35:36.0959 5864  usbprint - ok
16:35:36.0974 5864  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:35:36.0974 5864  usbscan - ok
16:35:36.0974 5864  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:35:36.0974 5864  USBSTOR - ok
16:35:37.0021 5864  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:35:37.0021 5864  usbuhci - ok
16:35:37.0052 5864  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys
16:35:37.0052 5864  USB_RNDIS - ok
16:35:37.0068 5864  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
16:35:37.0068 5864  UxSms - ok
16:35:37.0115 5864  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
16:35:37.0115 5864  vds - ok
16:35:37.0162 5864  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:35:37.0162 5864  vga - ok
16:35:37.0162 5864  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:35:37.0162 5864  VgaSave - ok
16:35:37.0193 5864  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:35:37.0193 5864  viaagp - ok
16:35:37.0193 5864  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:35:37.0193 5864  ViaC7 - ok
16:35:37.0208 5864  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:35:37.0208 5864  viaide - ok
16:35:37.0208 5864  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:35:37.0208 5864  volmgr - ok
16:35:37.0240 5864  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:35:37.0240 5864  volmgrx - ok
16:35:37.0271 5864  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:35:37.0271 5864  volsnap - ok
16:35:37.0286 5864  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:35:37.0286 5864  vsmraid - ok
16:35:37.0318 5864  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
16:35:37.0333 5864  VSS - ok
16:35:37.0349 5864  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
16:35:37.0349 5864  W32Time - ok
16:35:37.0364 5864  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:35:37.0364 5864  WacomPen - ok
16:35:37.0380 5864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:35:37.0380 5864  Wanarp - ok
16:35:37.0380 5864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:35:37.0380 5864  Wanarpv6 - ok
16:35:37.0411 5864  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
16:35:37.0411 5864  WcesComm - ok
16:35:37.0442 5864  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:35:37.0442 5864  wcncsvc - ok
16:35:37.0474 5864  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:35:37.0474 5864  WcsPlugInService - ok
16:35:37.0489 5864  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:35:37.0489 5864  Wd - ok
16:35:37.0505 5864  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:35:37.0505 5864  Wdf01000 - ok
16:35:37.0505 5864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:35:37.0505 5864  WdiServiceHost - ok
16:35:37.0520 5864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:35:37.0520 5864  WdiSystemHost - ok
16:35:37.0552 5864  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
16:35:37.0552 5864  WebClient - ok
16:35:37.0583 5864  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:35:37.0583 5864  Wecsvc - ok
16:35:37.0598 5864  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:35:37.0598 5864  wercplsupport - ok
16:35:37.0614 5864  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:35:37.0614 5864  WerSvc - ok
16:35:37.0645 5864  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:35:37.0645 5864  WinDefend - ok
16:35:37.0645 5864  WinHttpAutoProxySvc - ok
16:35:37.0676 5864  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:35:37.0676 5864  Winmgmt - ok
16:35:37.0739 5864  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:35:37.0754 5864  WinRM - ok
16:35:37.0801 5864  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
16:35:37.0801 5864  winusb - ok
16:35:37.0832 5864  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:35:37.0848 5864  Wlansvc - ok
16:35:37.0895 5864  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:35:37.0895 5864  wlcrasvc - ok
16:35:37.0957 5864  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:35:37.0973 5864  wlidsvc - ok
16:35:37.0988 5864  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:35:37.0988 5864  WmiAcpi - ok
16:35:38.0020 5864  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:35:38.0020 5864  wmiApSrv - ok
16:35:38.0051 5864  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:35:38.0066 5864  WMPNetworkSvc - ok
16:35:38.0066 5864  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:35:38.0066 5864  WPCSvc - ok
16:35:38.0098 5864  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:35:38.0098 5864  WPDBusEnum - ok
16:35:38.0191 5864  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:35:38.0191 5864  WPFFontCache_v0400 - ok
16:35:38.0222 5864  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:35:38.0222 5864  ws2ifsl - ok
16:35:38.0269 5864  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
16:35:38.0269 5864  wscsvc - ok
16:35:38.0269 5864  WSearch - ok
16:35:38.0332 5864  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:35:38.0363 5864  wuauserv - ok
16:35:38.0378 5864  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:35:38.0378 5864  WUDFRd - ok
16:35:38.0410 5864  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:35:38.0410 5864  wudfsvc - ok
16:35:38.0410 5864  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys
16:35:38.0410 5864  zntport - ok
16:35:38.0425 5864  ================ Scan global ===============================
16:35:38.0441 5864  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:35:38.0472 5864  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:35:38.0503 5864  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:35:38.0534 5864  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:35:38.0534 5864  [Global] - ok
16:35:38.0534 5864  ================ Scan MBR ==================================
16:35:38.0550 5864  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
16:35:40.0594 5864  \Device\Harddisk0\DR0 - ok
16:35:40.0594 5864  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5
16:35:45.0445 5864  \Device\Harddisk5\DR5 - ok
16:35:45.0445 5864  ================ Scan VBR ==================================
16:35:45.0445 5864  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1
16:35:45.0445 5864  \Device\Harddisk0\DR0\Partition1 - ok
16:35:45.0461 5864  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2
16:35:45.0461 5864  \Device\Harddisk0\DR0\Partition2 - ok
16:35:45.0461 5864  [ 8A7B805CE3A7A9BCEAD31B11A223A38B ] \Device\Harddisk5\DR5\Partition1
16:35:45.0461 5864  \Device\Harddisk5\DR5\Partition1 - ok
16:35:45.0461 5864  ============================================================
16:35:45.0461 5864  Scan finished
16:35:45.0461 5864  ============================================================
16:35:45.0476 4740  Detected object count: 1
16:35:45.0476 4740  Actual detected object count: 1
16:35:49.0735 4740  netbt ( Virus.Win32.ZAccess.g ) - skipped by user
16:35:49.0735 4740  netbt ( Virus.Win32.ZAccess.g ) - User select action: Skip

11.10.2012, 07:41	#6
Psychotic /// Malwareteam	System der automatischen Informationskontrolle - Computer gesperrt Das liegt am abgesicherten Modus - fahre fort mit Schritt 2! __________________ --> System der automatischen Informationskontrolle - Computer gesperrt

System der automatischen Informationskontrolle - Computer gesperrt

Plagegeister aller Art und deren Bekämpfung: System der automatischen Informationskontrolle - Computer gesperrt