| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Serifef infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2013, 01:26
| #1 |
| |  Serifef infiziert Hallo. Gestern wollte eine Seite ein Flashplayer udate machen.. Ich hab leider auf ja geklickt und schon hat mein Virenscanner alarm geschlagen. Jetz hab ich meinen Rechner neu installiert mit eRecovery also den Dvds. Danach Malwarbyte durchlaufen lassen der nichts mehr gefunden hat. Kann ich mir da jetzt sicher sein das wieder alles passt oder könnte der Virus auch im MBR sitzen ? Danke schon mal für Antworten und eure Hilfe Hier sind auch noch die OTL.txt Code:
ATTFilter OTL logfile created on: 14.01.2013 00:25:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanjo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free 7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009.09.24 09:50:56 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2009.09.18 14:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 18:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.01.10 01:02:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.07 14:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 12:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 02:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009.11.25 02:05:05 | 001,664,560 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 20:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.02.03 22:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 18:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.22 04:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.06.19 23:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.02.23 02:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.08.04 21:46:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/01/13 17:55:36] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360113ln069f3g544k5qh813wv65 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE518 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170633FE%7D:20.1.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.13 19:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 19:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Extensions [2013.01.13 19:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\Firefox\Profiles\81d55giq.default\extensions [2013.01.13 19:34:40 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Hanjo\AppData\Roaming\mozilla\firefox\profiles\81d55giq.default\extensions\testpilot@labs.mozilla.com.xpi [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.13 19:55:35 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2013.01.13 19:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.01.10 01:03:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.10 01:57:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.10 01:57:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.10 01:57:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.10 01:57:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 01:57:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.10 01:57:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C958B319-DBB3-4C76-B4DE-10032A463DE5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 02:36:18 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.01.14 02:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.01.14 02:36:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:14:13 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Malwarebytes [2013.01.14 00:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 00:03:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.14 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.14 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Programs [2013.01.13 23:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 23:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.13 23:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.01.13 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.13 21:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.01.13 21:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.13 21:27:31 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.13 21:27:31 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.13 21:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.13 21:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.13 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.13 21:26:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.13 20:59:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.13 19:58:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.13 19:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.13 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.13 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Mozilla [2013.01.13 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Mozilla [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.13 19:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.13 19:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Adobe [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Google [2013.01.13 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Google [2013.01.13 19:17:34 | 000,057,288 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity [2013.01.13 19:17:31 | 000,042,952 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 19:17:19 | 000,034,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2013.01.13 19:10:39 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Downloaded Installations [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver [2013.01.13 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Macromedia [2013.01.13 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2013.01.13 18:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.01.13 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.01.13 18:05:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.01.13 18:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2013.01.13 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.01.13 18:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.01.13 18:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.01.13 18:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.01.13 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft Help [2013.01.13 17:59:15 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector [2013.01.13 17:55:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe [2013.01.13 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2013.01.13 17:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.01.13 17:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.01.13 17:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\EgisTec [2013.01.13 17:53:05 | 000,000,000 | ---D | C] -- C:\book [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.13 17:52:54 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.13 17:52:53 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Searches [2013.01.13 17:52:46 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Identities [2013.01.13 17:52:45 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Contacts [2013.01.13 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\VirtualStore [2013.01.13 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2013.01.13 17:51:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2013.01.13 17:51:32 | 000,000,000 | --SD | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Videos [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Saved Games [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Pictures [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Music [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Links [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Favorites [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Downloads [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Documents [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\Desktop [2013.01.13 17:51:32 | 000,000,000 | R--D | C] -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Vorlagen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Verlauf [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Temporary Internet Files [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Startmenü [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\SendTo [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Recent [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Netzwerkumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Lokale Einstellungen [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Videos [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Musik [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Eigene Dateien [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Documents\Eigene Bilder [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Druckumgebung [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Cookies [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\AppData\Local\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -HSD | C] -- C:\Users\Hanjo\Anwendungsdaten [2013.01.13 17:51:32 | 000,000,000 | -H-D | C] -- C:\Users\Hanjo\AppData [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Temp [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Local\Microsoft [2013.01.13 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hanjo\AppData\Roaming\Media Center Programs [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.13 17:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.13 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.13 17:46:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.13 17:46:51 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.13 17:46:51 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.13 17:46:51 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.13 17:46:51 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.13 17:46:50 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.13 17:46:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.13 17:46:50 | 000,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.13 17:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.13 17:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.13 17:46:23 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 17:43:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.13 17:40:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2009.09.17 22:20:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.14 02:36:08 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:08 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.01.14 02:35:36 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.01.14 02:35:35 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.01.14 02:35:35 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.01.14 00:20:42 | 000,000,000 | ---- | M] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:14:13 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2013.01.14 00:03:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:55:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:52:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 23:52:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 23:52:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 23:52:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 23:52:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 23:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 23:47:34 | 3214,209,024 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 23:28:24 | 000,353,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 22:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:56:37 | 000,365,568 | ---- | M] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 20:59:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanjo\Desktop\OTL.exe [2013.01.13 20:57:50 | 000,050,477 | ---- | M] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:56:17 | 000,074,184 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.01.13 19:56:00 | 000,057,288 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.13 19:53:40 | 000,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.01.13 19:53:30 | 000,034,760 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.13 19:34:32 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:23:01 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.13 19:17:32 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 19:17:31 | 000,042,952 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.13 17:59:15 | 000,002,073 | ---- | M] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.13 17:51:02 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.13 17:48:26 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd [2012.12.29 11:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.29 11:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2013.01.14 02:36:40 | 000,653,928 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.01.14 02:36:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.01.14 02:36:40 | 000,129,800 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.01.14 02:36:40 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.01.14 00:20:42 | 000,000,000 | ---- | C] () -- C:\Users\Hanjo\defogger_reenable [2013.01.14 00:03:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 22:32:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.13 22:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.13 22:02:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.13 21:55:33 | 000,365,568 | ---- | C] () -- C:\Users\Hanjo\Desktop\gmer-2.0.18444.exe [2013.01.13 21:47:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.13 21:28:16 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.13 21:26:57 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.13 20:57:48 | 000,050,477 | ---- | C] () -- C:\Users\Hanjo\Desktop\Defogger.exe [2013.01.13 19:34:32 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 19:34:32 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 19:17:32 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2013.01.13 18:07:57 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2013.01.13 18:07:45 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2013.01.13 17:59:15 | 000,002,073 | ---- | C] () -- C:\Users\Hanjo\Desktop\CyberLink PowerDirector.lnk [2013.01.13 17:52:58 | 000,001,413 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.13 17:52:55 | 000,001,447 | ---- | C] () -- C:\Users\Hanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.13 17:40:30 | 3214,209,024 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Extra.txt Code:
ATTFilter OTL Extras logfile created on: 14.01.2013 00:25:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanjo\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,93% Memory free
7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,95 Gb Total Space | 647,15 Gb Free Space | 93,66% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 428,02 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: HANJO-PC | User Name: Hanjo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D182A33-2536-4F6D-AA08-69E9348A86C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{0DA08E88-910B-4D0B-9C9E-9412FED640C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{111134F4-6449-48CD-A2D8-FD3D2E2A7083}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{123930EB-7782-4153-8728-D259B33B6FA0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{21188573-04C8-4769-A9B0-182BF094C1AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{2CE65C0C-1D1F-43A5-96A6-F030A0DC1051}" = lport=138 | protocol=17 | dir=in | app=system |
"{322BAB24-7718-434D-9130-B7AE961F83E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F8FDBFA-A7DD-444C-919D-E4924FCFC485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D84BC75-4F65-462B-8C26-C12BA74F654B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7278DC5C-37AC-465D-B712-91A5BF8F499D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{79E70220-DDF6-4DF2-9873-A3A76792F19B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B6A151C-4F8A-4AA4-A4C5-9DFF63E73077}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E715805-2FA1-428F-96FA-8D5CDB4908CE}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA9B47EA-8382-4AA0-8EAF-FC2DB704D9B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B360D86E-3062-462C-9C33-E4BD308F9D94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0D53CFA-E3D3-4670-A401-B1CB6A2ED102}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D519220A-A026-49F8-AAE9-17A1030FFC21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCCA4D9A-5813-4C7E-8F04-6678EF7A0CC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D58135-3D41-4713-99BE-B0BFFFB4DE59}" = lport=139 | protocol=6 | dir=in | app=system |
"{F08AC10C-14C7-4210-A00A-72D5B7705E21}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0AE9548-EC85-4462-BFC8-0DE4D3AEBFE7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F542F958-594F-4135-926F-CA13E768ED0E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDA42F62-7CE3-44FE-9AC4-60CD7929BE35}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01899D30-22CB-4EB0-823D-93AD09F8AB2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{061ACA92-2AC8-4ED3-A705-EFE46857A9E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B4E74BF-D106-4567-9D86-B55EDB78B02F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10C9C447-9CE3-404E-A353-19F4833715F5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{16EAE5F3-F5CD-46B4-8B18-6C8CAFA06691}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1AD45C24-F07F-4AEE-B038-5A123605B55D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{20F7CEAB-0D65-4D91-BA54-40C698AF2F3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2675394C-8CCF-42B9-A7CF-140931A3C63E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{2719A9F0-C0CC-48DB-A167-10431748D4BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36021A1A-3574-4354-A2E1-766830A52B57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F0332F8-8DCB-4889-8369-45082C52EE63}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{517D1294-8C84-4CAE-9754-DF180B3DBC2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B31D413-914D-4623-B512-80801239C120}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D466A36-9ADF-4913-A241-76B7DBD94694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E99A6B9-BEAE-4703-8891-0E3B0B4E8EC9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75208F4D-00D7-4108-A18E-4E7A50A2AD37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BAEEFF3-A347-4E33-BB81-89486AE0B1AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6D448C-C9F0-4A1E-A508-FCCA2CEA8672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FB4488F-47DD-46C8-99FA-F73A482EAF07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{82A4F512-3604-4251-B938-3F85CC8C7482}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{91B1DF4A-9F31-4D49-AA78-828262C72AB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{94071892-8278-4912-947D-37796F09BEE5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{A247DBEC-BE5E-4DD1-B5E5-8355CDA1A9F4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6ED6865-66B8-4C3F-8F97-4E46A5D60E36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9B1F871-A9B5-4203-A95F-F713617DB662}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F13B77E5-A73D-4920-93A9-8001B1480007}" = protocol=6 | dir=out | app=system |
"{F15DFD40-B69F-4E8C-A9E6-ABF79B1AFB83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3BAF5A5-C544-4ED8-8AED-507E473B7CA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA071859-66EB-45CF-88CB-47402F09E7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18c5b800-77b3-4e83-9bcd-967c26a1d75a}" = Nero 9 Essentials
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mufin player D" = mufin player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.01.2013 13:53:48 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.01.2013 13:54:58 | Computer Name = Hanjo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 13.01.2013 12:44:13 | Computer Name = WIN-OSE6VQP48UE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%2
Error - 13.01.2013 12:44:31 | Computer Name = WIN-OSE6VQP48UE | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 13.01.2013 12:45:07 | Computer Name = WIN-OSE6VQP48UE | Source = DCOM | ID = 10010
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 01:03:14
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST315003 rev.CC4H 1397,27GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Hanjo\AppData\Local\Temp\fwloipow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes [4F, 77]
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes [4F, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes [4F, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes [4F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes [4F, 77]
---- Devices - GMER 2.0 ----
Device \Driver\iaStor \Device\Dev_fffffa8004b06050 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006728b70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa8006728b70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672db70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672db70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa8006732b70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa8006732b70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672eb70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672eb70 ws\system32\DRIVERS\kbdclass.sys
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa800672fb70 fffffa8004738aa4
Device \Driver\USBSTOR \Device\Dev_fffffa800672fb70 ws\system32\DRIVERS\kbdclass.sys
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1460] 0000000077572e3e
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1476] 0000000074e67587
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2620] 000000001000bd90
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2676] 000000001000bd90
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4516] 0000000004b55f30
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3216] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2188] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1076] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:932] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3008] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3048] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3056] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3836] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4408] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2156] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:2000] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3368] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1980] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5000] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4636] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3508] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:3436] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4648] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5008] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:5076] 000000001000bb20
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:1768] 0000000077573e59
Thread C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1452:4584] 0000000077573e59
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4312] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4316] 0000000010015e40
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4320] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4324] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4328] 000000007c3494f6
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4892] 0000000010024040
Thread C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432:4540] 0000000010024040
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4172] 0000000074e67587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4588] 0000000073300cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4532] 0000000077572e3e
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:4704] 0000000077573e59
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4388:1468] 0000000077573e59
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [1432] 0000000076c00000
---- EOF - GMER 2.0 ----
|
|
14.01.2013, 15:10
| #2 |
| /// Malware-holic   | Serifef infiziert hi
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
15.01.2013, 01:35
| #3 |
| | Serifef infiziert Hi
__________________so hab tdss killer durchlaufen lassen hat auch was gefunden (FirebirdServerMAGIXInstance) aber keine ahnung was das sein soll ! hier der log Code:
ATTFilter 01:25:20.0486 4816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:25:22.0498 4816 ============================================================
01:25:22.0498 4816 Current date / time: 2013/01/15 01:25:22.0498
01:25:22.0498 4816 SystemInfo:
01:25:22.0498 4816
01:25:22.0498 4816 OS Version: 6.1.7601 ServicePack: 1.0
01:25:22.0498 4816 Product type: Workstation
01:25:22.0498 4816 ComputerName: HANJO-PC
01:25:22.0498 4816 UserName: Hanjo
01:25:22.0498 4816 Windows directory: C:\Windows
01:25:22.0498 4816 System windows directory: C:\Windows
01:25:22.0498 4816 Running under WOW64
01:25:22.0498 4816 Processor architecture: Intel x64
01:25:22.0498 4816 Number of processors: 4
01:25:22.0498 4816 Page size: 0x1000
01:25:22.0498 4816 Boot type: Normal boot
01:25:22.0498 4816 ============================================================
01:25:23.0653 4816 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:25:23.0684 4816 ============================================================
01:25:23.0684 4816 \Device\Harddisk0\DR0:
01:25:23.0684 4816 MBR partitions:
01:25:23.0684 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
01:25:23.0684 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x565E7000
01:25:23.0684 4816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x58419800, BlocksNum 0x5666D800
01:25:23.0684 4816 ============================================================
01:25:23.0731 4816 C: <-> \Device\Harddisk0\DR0\Partition2
01:25:24.0089 4816 D: <-> \Device\Harddisk0\DR0\Partition3
01:25:24.0089 4816 ============================================================
01:25:24.0089 4816 Initialize success
01:25:24.0089 4816 ============================================================
01:27:24.0174 2360 ============================================================
01:27:24.0174 2360 Scan started
01:27:24.0174 2360 Mode: Manual; SigCheck; TDLFS;
01:27:24.0174 2360 ============================================================
01:27:25.0500 2360 ================ Scan system memory ========================
01:27:25.0500 2360 System memory - ok
01:27:25.0500 2360 ================ Scan services =============================
01:27:25.0609 2360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:27:25.0796 2360 1394ohci - ok
01:27:25.0827 2360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:27:25.0859 2360 ACPI - ok
01:27:25.0874 2360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:27:25.0921 2360 AcpiPmi - ok
01:27:25.0952 2360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:27:25.0999 2360 adp94xx - ok
01:27:25.0999 2360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:27:26.0030 2360 adpahci - ok
01:27:26.0046 2360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:27:26.0077 2360 adpu320 - ok
01:27:26.0108 2360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:27:26.0233 2360 AeLookupSvc - ok
01:27:26.0280 2360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:27:26.0373 2360 AFD - ok
01:27:26.0389 2360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:27:26.0405 2360 agp440 - ok
01:27:26.0436 2360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:27:26.0483 2360 ALG - ok
01:27:26.0529 2360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:27:26.0545 2360 aliide - ok
01:27:26.0576 2360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:27:26.0592 2360 amdide - ok
01:27:26.0623 2360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:27:26.0685 2360 AmdK8 - ok
01:27:26.0701 2360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:27:26.0732 2360 AmdPPM - ok
01:27:26.0748 2360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:27:26.0779 2360 amdsata - ok
01:27:26.0795 2360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:27:26.0810 2360 amdsbs - ok
01:27:26.0841 2360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:27:26.0857 2360 amdxata - ok
01:27:26.0888 2360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:27:27.0029 2360 AppID - ok
01:27:27.0044 2360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:27:27.0091 2360 AppIDSvc - ok
01:27:27.0122 2360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:27:27.0169 2360 Appinfo - ok
01:27:27.0169 2360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:27:27.0200 2360 arc - ok
01:27:27.0200 2360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:27:27.0231 2360 arcsas - ok
01:27:27.0247 2360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:27.0294 2360 AsyncMac - ok
01:27:27.0325 2360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:27:27.0341 2360 atapi - ok
01:27:27.0450 2360 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
01:27:27.0621 2360 atikmdag - ok
01:27:27.0653 2360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:27:27.0746 2360 AudioEndpointBuilder - ok
01:27:27.0762 2360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:27:27.0824 2360 AudioSrv - ok
01:27:28.0058 2360 [ 780AC17E6C1B5A35AB5A2BA58212EA55 ] AVKProxy C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
01:27:28.0183 2360 AVKProxy - ok
01:27:28.0339 2360 [ EB024C7DFCFBC24117BABD07B4020D81 ] AVKService C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
01:27:28.0401 2360 AVKService - ok
01:27:28.0448 2360 [ 393118F933D70AAFB7D3519F73CB6971 ] AVKWCtl C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
01:27:28.0542 2360 AVKWCtl - ok
01:27:28.0604 2360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:27:28.0667 2360 AxInstSV - ok
01:27:28.0729 2360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:27:28.0776 2360 b06bdrv - ok
01:27:28.0807 2360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:27:28.0869 2360 b57nd60a - ok
01:27:28.0901 2360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:27:28.0947 2360 BDESVC - ok
01:27:28.0963 2360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:27:29.0010 2360 Beep - ok
01:27:29.0072 2360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:27:29.0135 2360 BFE - ok
01:27:29.0197 2360 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
01:27:29.0244 2360 BingDesktopUpdate - ok
01:27:29.0275 2360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:27:29.0353 2360 BITS - ok
01:27:29.0369 2360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:27:29.0400 2360 blbdrive - ok
01:27:29.0431 2360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:27:29.0478 2360 bowser - ok
01:27:29.0478 2360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:27:29.0525 2360 BrFiltLo - ok
01:27:29.0525 2360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:27:29.0540 2360 BrFiltUp - ok
01:27:29.0571 2360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:27:29.0587 2360 Browser - ok
01:27:29.0618 2360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:27:29.0681 2360 Brserid - ok
01:27:29.0681 2360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:27:29.0712 2360 BrSerWdm - ok
01:27:29.0712 2360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:27:29.0743 2360 BrUsbMdm - ok
01:27:29.0743 2360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:27:29.0759 2360 BrUsbSer - ok
01:27:29.0774 2360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:27:29.0805 2360 BTHMODEM - ok
01:27:29.0837 2360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:27:29.0883 2360 bthserv - ok
01:27:29.0899 2360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:27:29.0946 2360 cdfs - ok
01:27:29.0993 2360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:27:30.0039 2360 cdrom - ok
01:27:30.0086 2360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:27:30.0117 2360 CertPropSvc - ok
01:27:30.0149 2360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:27:30.0195 2360 circlass - ok
01:27:30.0211 2360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:27:30.0242 2360 CLFS - ok
01:27:30.0398 2360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:30.0429 2360 clr_optimization_v2.0.50727_32 - ok
01:27:30.0523 2360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:30.0554 2360 clr_optimization_v2.0.50727_64 - ok
01:27:30.0726 2360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:30.0757 2360 clr_optimization_v4.0.30319_32 - ok
01:27:30.0882 2360 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:30.0913 2360 clr_optimization_v4.0.30319_64 - ok
01:27:30.0929 2360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:30.0960 2360 CmBatt - ok
01:27:30.0991 2360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:27:31.0007 2360 cmdide - ok
01:27:31.0053 2360 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
01:27:31.0100 2360 CNG - ok
01:27:31.0131 2360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:27:31.0163 2360 Compbatt - ok
01:27:31.0178 2360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:27:31.0225 2360 CompositeBus - ok
01:27:31.0225 2360 COMSysApp - ok
01:27:31.0241 2360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:27:31.0272 2360 crcdisk - ok
01:27:31.0303 2360 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:27:31.0334 2360 CryptSvc - ok
01:27:31.0365 2360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:27:31.0428 2360 DcomLaunch - ok
01:27:31.0459 2360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:27:31.0521 2360 defragsvc - ok
01:27:31.0553 2360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:27:31.0599 2360 DfsC - ok
01:27:31.0631 2360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:27:31.0677 2360 Dhcp - ok
01:27:31.0677 2360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:27:31.0709 2360 discache - ok
01:27:31.0724 2360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:27:31.0755 2360 Disk - ok
01:27:31.0771 2360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:27:31.0833 2360 Dnscache - ok
01:27:31.0865 2360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:27:31.0911 2360 dot3svc - ok
01:27:31.0943 2360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:27:31.0989 2360 DPS - ok
01:27:32.0021 2360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:27:32.0052 2360 drmkaud - ok
01:27:32.0067 2360 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:27:32.0145 2360 DXGKrnl - ok
01:27:32.0223 2360 [ 04DDDEA79B9E616F50B9132752F656FC ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
01:27:32.0255 2360 e1kexpress - ok
01:27:32.0317 2360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:27:32.0364 2360 EapHost - ok
01:27:32.0442 2360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:27:32.0567 2360 ebdrv - ok
01:27:32.0582 2360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:27:32.0629 2360 EFS - ok
01:27:32.0723 2360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:27:32.0816 2360 ehRecvr - ok
01:27:32.0832 2360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:27:32.0879 2360 ehSched - ok
01:27:32.0910 2360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:27:32.0957 2360 elxstor - ok
01:27:32.0988 2360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:27:33.0019 2360 ErrDev - ok
01:27:33.0066 2360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:27:33.0128 2360 EventSystem - ok
01:27:33.0128 2360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:27:33.0175 2360 exfat - ok
01:27:33.0222 2360 Fabs - ok
01:27:33.0237 2360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:27:33.0284 2360 fastfat - ok
01:27:33.0331 2360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:27:33.0393 2360 Fax - ok
01:27:33.0393 2360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:27:33.0425 2360 fdc - ok
01:27:33.0440 2360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:27:33.0487 2360 fdPHost - ok
01:27:33.0487 2360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:27:33.0534 2360 FDResPub - ok
01:27:33.0534 2360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:27:33.0565 2360 FileInfo - ok
01:27:33.0565 2360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:27:33.0612 2360 Filetrace - ok
01:27:33.0705 2360 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
01:27:33.0893 2360 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
01:27:33.0893 2360 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
01:27:33.0908 2360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:33.0924 2360 flpydisk - ok
01:27:33.0955 2360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:27:34.0017 2360 FltMgr - ok
01:27:34.0049 2360 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:27:34.0127 2360 FontCache - ok
01:27:34.0220 2360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:34.0251 2360 FontCache3.0.0.0 - ok
01:27:34.0251 2360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:27:34.0283 2360 FsDepends - ok
01:27:34.0298 2360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:27:34.0329 2360 Fs_Rec - ok
01:27:34.0392 2360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:27:34.0439 2360 fvevol - ok
01:27:34.0454 2360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:27:34.0470 2360 gagp30kx - ok
01:27:34.0517 2360 [ 98C64A79D282A6D043D8C9447CE0AD8C ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
01:27:34.0532 2360 GDBehave - ok
01:27:34.0641 2360 [ AF0F1C4F67953C3E2EEE44C2FAE515A9 ] GDFwSvc C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
01:27:34.0719 2360 GDFwSvc - ok
01:27:34.0813 2360 [ 001D282B8A56C0FB94D14033F5F94EED ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
01:27:34.0829 2360 GDMnIcpt - ok
01:27:34.0875 2360 [ 7818102C1ED42C17CD834645FC0CF4ED ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
01:27:34.0891 2360 GDPkIcpt - ok
01:27:34.0922 2360 [ D31F31342349964E245EAAC1BDC5F6A6 ] GDScan C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
01:27:34.0969 2360 GDScan - ok
01:27:35.0000 2360 [ FC9B3D24E18D08200F31AA3BACE42F6A ] gdwfpcd C:\Windows\system32\DRIVERS\gdwfpcd64.sys
01:27:35.0016 2360 gdwfpcd - ok
01:27:35.0016 2360 [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
01:27:35.0031 2360 GearAspiWDM - ok
01:27:35.0078 2360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:27:35.0156 2360 gpsvc - ok
01:27:35.0187 2360 [ FFA07D1D1D7F16D5A08846A28AFF59EF ] GRD C:\Windows\system32\drivers\GRD.sys
01:27:35.0203 2360 GRD - ok
01:27:35.0234 2360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:27:35.0265 2360 hcw85cir - ok
01:27:35.0312 2360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:27:35.0359 2360 HdAudAddService - ok
01:27:35.0390 2360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:27:35.0437 2360 HDAudBus - ok
01:27:35.0468 2360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:27:35.0499 2360 HidBatt - ok
01:27:35.0499 2360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:27:35.0531 2360 HidBth - ok
01:27:35.0531 2360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:27:35.0577 2360 HidIr - ok
01:27:35.0593 2360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:27:35.0655 2360 hidserv - ok
01:27:35.0671 2360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:27:35.0687 2360 HidUsb - ok
01:27:35.0702 2360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:27:35.0749 2360 hkmsvc - ok
01:27:35.0796 2360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:27:35.0827 2360 HomeGroupListener - ok
01:27:35.0858 2360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:27:35.0905 2360 HomeGroupProvider - ok
01:27:35.0936 2360 [ 3440D5C74EDD0792A6AA943D1BE985E2 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
01:27:35.0952 2360 HookCentre - ok
01:27:35.0983 2360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:27:36.0014 2360 HpSAMD - ok
01:27:36.0061 2360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:27:36.0186 2360 HTTP - ok
01:27:36.0201 2360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:27:36.0217 2360 hwpolicy - ok
01:27:36.0279 2360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:27:36.0295 2360 i8042prt - ok
01:27:36.0342 2360 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
01:27:36.0389 2360 IAANTMON - ok
01:27:36.0420 2360 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:27:36.0451 2360 iaStor - ok
01:27:36.0529 2360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:27:36.0623 2360 iaStorV - ok
01:27:36.0669 2360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:36.0732 2360 idsvc - ok
01:27:36.0747 2360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:27:36.0763 2360 iirsp - ok
01:27:36.0841 2360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:27:36.0935 2360 IKEEXT - ok
01:27:37.0013 2360 [ 135856AC71116CCFF05ED8481745241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:27:37.0091 2360 IntcAzAudAddService - ok
01:27:37.0106 2360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:27:37.0137 2360 intelide - ok
01:27:37.0137 2360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:27:37.0184 2360 intelppm - ok
01:27:37.0200 2360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:27:37.0231 2360 IPBusEnum - ok
01:27:37.0247 2360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:37.0309 2360 IpFilterDriver - ok
01:27:37.0356 2360 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:27:37.0403 2360 iphlpsvc - ok
01:27:37.0418 2360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:27:37.0449 2360 IPMIDRV - ok
01:27:37.0449 2360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:27:37.0496 2360 IPNAT - ok
01:27:37.0512 2360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:27:37.0543 2360 IRENUM - ok
01:27:37.0559 2360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:27:37.0574 2360 isapnp - ok
01:27:37.0605 2360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:27:37.0652 2360 iScsiPrt - ok
01:27:37.0839 2360 [ 2224ABC439D115A44EDB5630A92C1D7E ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
01:27:37.0871 2360 JRAID - ok
01:27:37.0902 2360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:27:37.0933 2360 kbdclass - ok
01:27:37.0995 2360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:27:38.0027 2360 kbdhid - ok
01:27:38.0042 2360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:27:38.0058 2360 KeyIso - ok
01:27:38.0089 2360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:27:38.0120 2360 KSecDD - ok
01:27:38.0167 2360 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:27:38.0198 2360 KSecPkg - ok
01:27:38.0229 2360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:27:38.0276 2360 ksthunk - ok
01:27:38.0307 2360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:27:38.0354 2360 KtmRm - ok
01:27:38.0401 2360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:27:38.0448 2360 LanmanServer - ok
01:27:38.0479 2360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:27:38.0541 2360 LanmanWorkstation - ok
01:27:38.0573 2360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:27:38.0635 2360 lltdio - ok
01:27:38.0651 2360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:27:38.0713 2360 lltdsvc - ok
01:27:38.0744 2360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:27:38.0775 2360 lmhosts - ok
01:27:38.0791 2360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:27:38.0822 2360 LSI_FC - ok
01:27:38.0822 2360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:27:38.0853 2360 LSI_SAS - ok
01:27:38.0853 2360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:27:38.0869 2360 LSI_SAS2 - ok
01:27:38.0885 2360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:27:38.0900 2360 LSI_SCSI - ok
01:27:38.0916 2360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:27:38.0978 2360 luafv - ok
01:27:39.0009 2360 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:27:39.0025 2360 MBAMProtector - ok
01:27:39.0087 2360 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:27:39.0134 2360 MBAMScheduler - ok
01:27:39.0165 2360 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:27:39.0228 2360 MBAMService - ok
01:27:39.0243 2360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:27:39.0290 2360 Mcx2Svc - ok
01:27:39.0290 2360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:27:39.0306 2360 megasas - ok
01:27:39.0321 2360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:27:39.0368 2360 MegaSR - ok
01:27:39.0368 2360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:27:39.0399 2360 MMCSS - ok
01:27:39.0431 2360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:27:39.0477 2360 Modem - ok
01:27:39.0524 2360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:27:39.0555 2360 monitor - ok
01:27:39.0587 2360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:27:39.0602 2360 mouclass - ok
01:27:39.0618 2360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:27:39.0633 2360 mouhid - ok
01:27:39.0665 2360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:27:39.0696 2360 mountmgr - ok
01:27:39.0711 2360 [ F5E6770295C24A131E5769E6D87E8CF0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:27:39.0758 2360 MozillaMaintenance - ok
01:27:39.0774 2360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:27:39.0805 2360 mpio - ok
01:27:39.0805 2360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:27:39.0867 2360 mpsdrv - ok
01:27:39.0914 2360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:27:39.0992 2360 MpsSvc - ok
01:27:40.0023 2360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:27:40.0070 2360 MRxDAV - ok
01:27:40.0101 2360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:40.0164 2360 mrxsmb - ok
01:27:40.0164 2360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:40.0211 2360 mrxsmb10 - ok
01:27:40.0226 2360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:40.0257 2360 mrxsmb20 - ok
01:27:40.0273 2360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:27:40.0304 2360 msahci - ok
01:27:40.0320 2360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:27:40.0351 2360 msdsm - ok
01:27:40.0382 2360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:27:40.0413 2360 MSDTC - ok
01:27:40.0429 2360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:27:40.0476 2360 Msfs - ok
01:27:40.0476 2360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:27:40.0523 2360 mshidkmdf - ok
01:27:40.0538 2360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:27:40.0554 2360 msisadrv - ok
01:27:40.0616 2360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:27:40.0663 2360 MSiSCSI - ok
01:27:40.0663 2360 msiserver - ok
01:27:40.0679 2360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:27:40.0725 2360 MSKSSRV - ok
01:27:40.0741 2360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:27:40.0772 2360 MSPCLOCK - ok
01:27:40.0788 2360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:27:40.0835 2360 MSPQM - ok
01:27:40.0913 2360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:27:40.0959 2360 MsRPC - ok
01:27:40.0975 2360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:27:40.0991 2360 mssmbios - ok
01:27:41.0006 2360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:27:41.0053 2360 MSTEE - ok
01:27:41.0053 2360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:27:41.0069 2360 MTConfig - ok
01:27:41.0100 2360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:27:41.0115 2360 Mup - ok
01:27:41.0147 2360 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:27:41.0162 2360 mwlPSDFilter - ok
01:27:41.0193 2360 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:27:41.0209 2360 mwlPSDNServ - ok
01:27:41.0225 2360 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:27:41.0240 2360 mwlPSDVDisk - ok
01:27:41.0271 2360 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
01:27:41.0318 2360 MWLService - ok
01:27:41.0396 2360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:27:41.0459 2360 napagent - ok
01:27:41.0474 2360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:27:41.0521 2360 NativeWifiP - ok
01:27:41.0568 2360 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:27:41.0630 2360 NDIS - ok
01:27:41.0646 2360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:27:41.0693 2360 NdisCap - ok
01:27:41.0693 2360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:41.0724 2360 NdisTapi - ok
01:27:41.0771 2360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:41.0833 2360 Ndisuio - ok
01:27:41.0880 2360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:41.0942 2360 NdisWan - ok
01:27:41.0958 2360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:27:42.0020 2360 NDProxy - ok
01:27:42.0161 2360 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:27:42.0239 2360 Nero BackItUp Scheduler 4.0 - ok
01:27:42.0254 2360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:27:42.0301 2360 NetBIOS - ok
01:27:42.0332 2360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:27:42.0395 2360 NetBT - ok
01:27:42.0410 2360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:27:42.0426 2360 Netlogon - ok
01:27:42.0519 2360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:27:42.0597 2360 Netman - ok
01:27:42.0597 2360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:27:42.0675 2360 netprofm - ok
01:27:42.0769 2360 [ D66596DB0A0739A89C25B590CE36D628 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
01:27:42.0847 2360 netr28x - ok
01:27:42.0878 2360 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:42.0909 2360 NetTcpPortSharing - ok
01:27:42.0925 2360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:27:42.0941 2360 nfrd960 - ok
01:27:42.0972 2360 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:27:43.0003 2360 NlaSvc - ok
01:27:43.0003 2360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:27:43.0050 2360 Npfs - ok
01:27:43.0065 2360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:27:43.0128 2360 nsi - ok
01:27:43.0128 2360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:27:43.0175 2360 nsiproxy - ok
01:27:43.0221 2360 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:27:43.0362 2360 Ntfs - ok
01:27:43.0424 2360 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
01:27:43.0455 2360 NTI IScheduleSvc - ok
01:27:43.0471 2360 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
01:27:43.0487 2360 NTIDrvr - ok
01:27:43.0502 2360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:27:43.0565 2360 Null - ok
01:27:43.0611 2360 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:27:43.0643 2360 NVHDA - ok
01:27:43.0877 2360 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:27:44.0111 2360 nvlddmkm - ok
01:27:44.0142 2360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:27:44.0173 2360 nvraid - ok
01:27:44.0204 2360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:27:44.0235 2360 nvstor - ok
01:27:44.0282 2360 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:27:44.0329 2360 nvsvc - ok
01:27:44.0391 2360 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:27:44.0469 2360 nvUpdatusService - ok
01:27:44.0485 2360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:27:44.0501 2360 nv_agp - ok
01:27:44.0563 2360 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:27:44.0610 2360 odserv - ok
01:27:44.0641 2360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:27:44.0672 2360 ohci1394 - ok
01:27:44.0688 2360 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:27:44.0735 2360 ose - ok
01:27:44.0766 2360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:27:44.0797 2360 p2pimsvc - ok
01:27:44.0828 2360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:27:44.0859 2360 p2psvc - ok
01:27:44.0891 2360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:27:44.0922 2360 Parport - ok
01:27:44.0953 2360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:27:44.0984 2360 partmgr - ok
01:27:44.0984 2360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:27:45.0031 2360 PcaSvc - ok
01:27:45.0047 2360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:27:45.0093 2360 pci - ok
01:27:45.0093 2360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:27:45.0125 2360 pciide - ok
01:27:45.0140 2360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:27:45.0171 2360 pcmcia - ok
01:27:45.0171 2360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:27:45.0187 2360 pcw - ok
01:27:45.0203 2360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:27:45.0281 2360 PEAUTH - ok
01:27:45.0359 2360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:27:45.0390 2360 PerfHost - ok
01:27:45.0515 2360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:27:45.0671 2360 pla - ok
01:27:45.0702 2360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:27:45.0749 2360 PlugPlay - ok
01:27:45.0764 2360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:27:45.0795 2360 PNRPAutoReg - ok
01:27:45.0811 2360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:27:45.0842 2360 PNRPsvc - ok
01:27:45.0873 2360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:27:45.0936 2360 PolicyAgent - ok
01:27:45.0967 2360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:27:46.0029 2360 Power - ok
01:27:46.0076 2360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:27:46.0154 2360 PptpMiniport - ok
01:27:46.0170 2360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:27:46.0201 2360 Processor - ok
01:27:46.0232 2360 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:27:46.0279 2360 ProfSvc - ok
01:27:46.0295 2360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:27:46.0310 2360 ProtectedStorage - ok
01:27:46.0357 2360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:27:46.0404 2360 Psched - ok
01:27:46.0451 2360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:27:46.0513 2360 ql2300 - ok
01:27:46.0529 2360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:27:46.0544 2360 ql40xx - ok
01:27:46.0560 2360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:27:46.0607 2360 QWAVE - ok
01:27:46.0607 2360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:27:46.0653 2360 QWAVEdrv - ok
01:27:46.0669 2360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:27:46.0700 2360 RasAcd - ok
01:27:46.0731 2360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:27:46.0778 2360 RasAgileVpn - ok
01:27:46.0778 2360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:27:46.0841 2360 RasAuto - ok
01:27:46.0841 2360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:46.0903 2360 Rasl2tp - ok
01:27:46.0934 2360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:27:47.0012 2360 RasMan - ok
01:27:47.0043 2360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:47.0090 2360 RasPppoe - ok
01:27:47.0106 2360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:27:47.0137 2360 RasSstp - ok
01:27:47.0168 2360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:27:47.0231 2360 rdbss - ok
01:27:47.0246 2360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:27:47.0277 2360 rdpbus - ok
01:27:47.0277 2360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:47.0324 2360 RDPCDD - ok
01:27:47.0324 2360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:27:47.0371 2360 RDPENCDD - ok
01:27:47.0387 2360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:27:47.0418 2360 RDPREFMP - ok
01:27:47.0480 2360 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:27:47.0511 2360 RdpVideoMiniport - ok
01:27:47.0527 2360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:27:47.0589 2360 RDPWD - ok
01:27:47.0636 2360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:27:47.0667 2360 rdyboost - ok
01:27:47.0699 2360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:27:47.0745 2360 RemoteAccess - ok
01:27:47.0761 2360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:27:47.0808 2360 RemoteRegistry - ok
01:27:47.0870 2360 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
01:27:47.0917 2360 RichVideo - ok
01:27:47.0933 2360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:27:47.0964 2360 RpcEptMapper - ok
01:27:47.0979 2360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:27:48.0026 2360 RpcLocator - ok
01:27:48.0057 2360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:27:48.0104 2360 RpcSs - ok
01:27:48.0151 2360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:27:48.0198 2360 rspndr - ok
01:27:48.0198 2360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:27:48.0229 2360 SamSs - ok
01:27:48.0260 2360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:27:48.0291 2360 sbp2port - ok
01:27:48.0307 2360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:27:48.0369 2360 SCardSvr - ok
01:27:48.0401 2360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:27:48.0463 2360 scfilter - ok
01:27:48.0479 2360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:27:48.0572 2360 Schedule - ok
01:27:48.0603 2360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:27:48.0635 2360 SCPolicySvc - ok
01:27:48.0666 2360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:27:48.0713 2360 SDRSVC - ok
01:27:48.0759 2360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:27:48.0806 2360 secdrv - ok
01:27:48.0822 2360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:27:48.0869 2360 seclogon - ok
01:27:48.0900 2360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:27:48.0947 2360 SENS - ok
01:27:48.0962 2360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:27:48.0993 2360 SensrSvc - ok
01:27:49.0025 2360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:27:49.0056 2360 Serenum - ok
01:27:49.0056 2360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:27:49.0071 2360 Serial - ok
01:27:49.0103 2360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:27:49.0118 2360 sermouse - ok
01:27:49.0149 2360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:27:49.0212 2360 SessionEnv - ok
01:27:49.0243 2360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:27:49.0274 2360 sffdisk - ok
01:27:49.0290 2360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:27:49.0305 2360 sffp_mmc - ok
01:27:49.0305 2360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:27:49.0337 2360 sffp_sd - ok
01:27:49.0352 2360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:27:49.0368 2360 sfloppy - ok
01:27:49.0383 2360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:27:49.0461 2360 SharedAccess - ok
01:27:49.0477 2360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:27:49.0539 2360 ShellHWDetection - ok
01:27:49.0539 2360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:27:49.0555 2360 SiSRaid2 - ok
01:27:49.0571 2360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:27:49.0586 2360 SiSRaid4 - ok
01:27:49.0617 2360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:27:49.0680 2360 Smb - ok
01:27:49.0711 2360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:27:49.0727 2360 SNMPTRAP - ok
01:27:49.0727 2360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:27:49.0758 2360 spldr - ok
01:27:49.0789 2360 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:27:49.0836 2360 Spooler - ok
01:27:49.0898 2360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:27:49.0976 2360 sppsvc - ok
01:27:49.0992 2360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:27:50.0039 2360 sppuinotify - ok
01:27:50.0070 2360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:27:50.0163 2360 srv - ok
01:27:50.0179 2360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:27:50.0257 2360 srv2 - ok
01:27:50.0288 2360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:27:50.0335 2360 srvnet - ok
01:27:50.0366 2360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:27:50.0413 2360 SSDPSRV - ok
01:27:50.0413 2360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:27:50.0460 2360 SstpSvc - ok
01:27:50.0507 2360 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:27:50.0569 2360 Stereo Service - ok
01:27:50.0600 2360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:27:50.0616 2360 stexstor - ok
01:27:50.0709 2360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:27:50.0819 2360 stisvc - ok
01:27:50.0865 2360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:27:50.0881 2360 swenum - ok
01:27:50.0943 2360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:27:51.0037 2360 swprv - ok
01:27:51.0084 2360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:27:51.0271 2360 SysMain - ok
01:27:51.0302 2360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:27:51.0333 2360 TabletInputService - ok
01:27:51.0380 2360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:27:51.0458 2360 TapiSrv - ok
01:27:51.0474 2360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:27:51.0536 2360 TBS - ok
01:27:51.0599 2360 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:27:51.0739 2360 Tcpip - ok
01:27:51.0801 2360 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:27:51.0879 2360 TCPIP6 - ok
01:27:51.0911 2360 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:27:51.0957 2360 tcpipreg - ok
01:27:51.0973 2360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:27:51.0989 2360 TDPIPE - ok
01:27:52.0020 2360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:27:52.0051 2360 TDTCP - ok
01:27:52.0082 2360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:27:52.0145 2360 tdx - ok
01:27:52.0160 2360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:27:52.0191 2360 TermDD - ok
01:27:52.0347 2360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:27:52.0425 2360 TermService - ok
01:27:52.0457 2360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:27:52.0488 2360 Themes - ok
01:27:52.0503 2360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:27:52.0535 2360 THREADORDER - ok
01:27:52.0550 2360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:27:52.0597 2360 TrkWks - ok
01:27:52.0628 2360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:27:52.0691 2360 TrustedInstaller - ok
01:27:52.0722 2360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:52.0753 2360 tssecsrv - ok
01:27:52.0784 2360 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:27:52.0815 2360 TsUsbFlt - ok
01:27:52.0862 2360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:27:52.0909 2360 tunnel - ok
01:27:52.0956 2360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:27:52.0971 2360 uagp35 - ok
01:27:52.0987 2360 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
01:27:53.0003 2360 UBHelper - ok
01:27:53.0018 2360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:27:53.0096 2360 udfs - ok
01:27:53.0112 2360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:27:53.0127 2360 UI0Detect - ok
01:27:53.0159 2360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:27:53.0174 2360 uliagpkx - ok
01:27:53.0205 2360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:27:53.0252 2360 umbus - ok
01:27:53.0252 2360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:27:53.0283 2360 UmPass - ok
01:27:53.0346 2360 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:27:53.0393 2360 Updater Service - ok
01:27:53.0471 2360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:27:53.0517 2360 upnphost - ok
01:27:53.0533 2360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:27:53.0580 2360 usbccgp - ok
01:27:53.0611 2360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:27:53.0642 2360 usbcir - ok
01:27:53.0658 2360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:27:53.0705 2360 usbehci - ok
01:27:53.0720 2360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:27:53.0783 2360 usbhub - ok
01:27:53.0798 2360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:27:53.0829 2360 usbohci - ok
01:27:53.0829 2360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:27:53.0861 2360 usbprint - ok
01:27:53.0892 2360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
01:27:53.0939 2360 USBSTOR - ok
01:27:53.0954 2360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:27:54.0001 2360 usbuhci - ok
01:27:54.0001 2360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:27:54.0048 2360 UxSms - ok
01:27:54.0064 2360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:27:54.0079 2360 VaultSvc - ok
01:27:54.0110 2360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:27:54.0142 2360 vdrvroot - ok
01:27:54.0173 2360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:27:54.0266 2360 vds - ok
01:27:54.0282 2360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:54.0298 2360 vga - ok
01:27:54.0313 2360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:27:54.0344 2360 VgaSave - ok
01:27:54.0360 2360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:27:54.0422 2360 vhdmp - ok
01:27:54.0438 2360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:27:54.0454 2360 viaide - ok
01:27:54.0469 2360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:27:54.0500 2360 volmgr - ok
01:27:54.0532 2360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:27:54.0594 2360 volmgrx - ok
01:27:54.0641 2360 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:27:54.0719 2360 volsnap - ok
01:27:54.0750 2360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:27:54.0781 2360 vsmraid - ok
01:27:54.0937 2360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:27:55.0062 2360 VSS - ok
01:27:55.0078 2360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:27:55.0124 2360 vwifibus - ok
01:27:55.0140 2360 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:27:55.0187 2360 vwififlt - ok
01:27:55.0218 2360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:27:55.0280 2360 W32Time - ok
01:27:55.0296 2360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:27:55.0343 2360 WacomPen - ok
01:27:55.0374 2360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:27:55.0436 2360 WANARP - ok
01:27:55.0452 2360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:27:55.0483 2360 Wanarpv6 - ok
01:27:55.0530 2360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:27:55.0624 2360 wbengine - ok
01:27:55.0639 2360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:27:55.0670 2360 WbioSrvc - ok
01:27:55.0733 2360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:27:55.0842 2360 wcncsvc - ok
01:27:55.0842 2360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:27:55.0858 2360 WcsPlugInService - ok
01:27:55.0873 2360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:27:55.0889 2360 Wd - ok
01:27:55.0998 2360 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:27:56.0076 2360 Wdf01000 - ok
01:27:56.0076 2360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:27:56.0107 2360 WdiServiceHost - ok
01:27:56.0107 2360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:27:56.0138 2360 WdiSystemHost - ok
01:27:56.0154 2360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:27:56.0216 2360 WebClient - ok
01:27:56.0232 2360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:27:56.0294 2360 Wecsvc - ok
01:27:56.0294 2360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:27:56.0357 2360 wercplsupport - ok
01:27:56.0372 2360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:27:56.0419 2360 WerSvc - ok
01:27:56.0435 2360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:27:56.0466 2360 WfpLwf - ok
01:27:56.0482 2360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:27:56.0497 2360 WIMMount - ok
01:27:56.0528 2360 WinDefend - ok
01:27:56.0528 2360 WinHttpAutoProxySvc - ok
01:27:56.0575 2360 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:27:56.0622 2360 Winmgmt - ok
01:27:56.0684 2360 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:27:56.0810 2360 WinRM - ok
01:27:56.0857 2360 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:27:56.0919 2360 Wlansvc - ok
01:27:56.0951 2360 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:27:56.0966 2360 WmiAcpi - ok
01:27:56.0982 2360 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:27:57.0029 2360 wmiApSrv - ok
01:27:57.0060 2360 WMPNetworkSvc - ok
01:27:57.0060 2360 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:27:57.0091 2360 WPCSvc - ok
01:27:57.0122 2360 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:27:57.0153 2360 WPDBusEnum - ok
01:27:57.0185 2360 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:27:57.0216 2360 ws2ifsl - ok
01:27:57.0231 2360 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:27:57.0278 2360 wscsvc - ok
01:27:57.0278 2360 WSearch - ok
01:27:57.0419 2360 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:27:57.0528 2360 wuauserv - ok
01:27:57.0559 2360 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:27:57.0590 2360 WudfPf - ok
01:27:57.0621 2360 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:57.0684 2360 WUDFRd - ok
01:27:57.0699 2360 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:27:57.0746 2360 wudfsvc - ok
01:27:57.0746 2360 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:27:57.0777 2360 WwanSvc - ok
01:27:57.0840 2360 [ 74983ADDCA2D9618512C088D856D6615 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
01:27:57.0871 2360 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
01:27:57.0871 2360 ================ Scan global ===============================
01:27:57.0902 2360 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:27:57.0918 2360 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
01:27:57.0933 2360 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
01:27:57.0949 2360 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:27:57.0980 2360 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:27:57.0980 2360 [Global] - ok
01:27:57.0980 2360 ================ Scan MBR ==================================
01:27:57.0996 2360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:27:58.0994 2360 \Device\Harddisk0\DR0 - ok
01:27:58.0994 2360 ================ Scan VBR ==================================
01:27:58.0994 2360 [ 5B0778387F7D2FF57281CE28A66D2C29 ] \Device\Harddisk0\DR0\Partition1
01:27:59.0010 2360 \Device\Harddisk0\DR0\Partition1 - ok
01:27:59.0025 2360 [ 2CFF43CB93ABB80798BF8E00CEBB5F95 ] \Device\Harddisk0\DR0\Partition2
01:27:59.0025 2360 \Device\Harddisk0\DR0\Partition2 - ok
01:27:59.0057 2360 [ 39932544FA148808938AF9CF83A8CC9B ] \Device\Harddisk0\DR0\Partition3
01:27:59.0057 2360 \Device\Harddisk0\DR0\Partition3 - ok
01:27:59.0057 2360 ============================================================
01:27:59.0057 2360 Scan finished
01:27:59.0057 2360 ============================================================
01:27:59.0072 2628 Detected object count: 1
01:27:59.0072 2628 Actual detected object count: 1
01:29:03.0750 2628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
01:29:03.0750 2628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.01.2013, 20:43
| #4 |
| /// Malware-holic | Serifef infiziert hi nutzt du den PC für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 23:37
| #5 |
| | Serifef infiziert Hi ja ich nutze den Pc für online banking einkaufen usw |
|
16.01.2013, 19:02
| #6 |
| /// Malware-holic | Serifef infiziert hi bitte Bank anrufen, onlinebanking sperren lassen, wegen Zero access rootkits. Da man dieses nicht 100 %ig sicher los wird, dies aber nötig ist, fürs onlinebanking etc: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ --> Serifef infiziert |
|
16.01.2013, 19:22
| #7 |
| | Serifef infiziert Hi hab einen fertig pc Acer Aspire M5810 und ich nutz eRecoery habe keine Windows 7 cd. also soll ich den jetz noch mal mit den recoery dvds zurücksetzen ? |
|
16.01.2013, 20:36
| #8 |
| /// Malware-holic | Serifef infiziert Hi, erst mal Daten sichern, dann Recovery nutzen, dann über die Herstellerseite neueste Treiber, für mainboard, graka etc instalieren und absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://store.computeractive.co.uk/p2...malware_7_1-pc testversion: http://www.emsisoft.de/de/software/a...re/?id=5987352 insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform http://www.roboform.com/de/ anleitung: http://www.roboform.com/de/manual.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 21:43
| #9 |
| | Serifef infiziert Hi ok ich werd dann das mal alles abarbeiten ich nutz momentan G Data Internet Securtity 2010 und vom Browers her würd ich eigentlich ganz gern bei mozialla firefox bleiben .. Eine frage zum Online baninking noch . Wenn mein Pc dann wieder sicher ist kann ich dann mein online banking wieder frei schalten lassen und einfach passwort ändern oder direkt einen neuen zugang beantragen ? |
|
16.01.2013, 21:46
| #10 |
| /// Malware-holic | Serifef infiziert hi wieso gdata 2010, wir haben das jahr 2013, und die hersteller bringen jedes Jahr ein neues Programm raus. ich persönlihc würde auf Emsisoft umsteigen, ist aus meiner Sicht besser, und läuft auch flüssiger, aber das musst du entscheiden. Hast du dir den chrome schon mal angesehen? bietet einige Sicherheitsfeatures mehr als der FF und sollte schneller sein, anschauen kann man ihn ja, meckern auch noch bei nicht gefallen :-) adblock für chrome: http://filepony.de/download-ghostery_chrome/ HTTPS Everywhere https://chrome.google.com/webstore/d...jekcdonpmejbdp wählt, wenn möglich, eine sichere Verbindung sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online Wegen dem Onlinebanking: ich denke freischalten reicht, lass dich da aber von der Bank beraten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 22:00
| #11 |
| | Serifef infiziert ok dann versuch ich den browser mal  und zur datensicherung noch ne frage. Ich hab ja auf meinen pc ein C laufwerk wo ich jetzt eigentlich keine daten drauf habe was ich retten will und auf meinen D laufenwerk sind eigentlich bilder videos usw... das D laufwerk wird bei der recovery ja nicht berührt dann kann ich mir den schritt datenrettung sparen oder D laufwerk vorher auch platt machen ? |
|
16.01.2013, 22:02
| #12 |
| /// Malware-holic | Serifef infiziert hi solange auf d: nichts instaliert wurde, passt das, ansonsten die partition ebenfalls formatiern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2013, 10:40
| #13 |
| | Serifef infiziert Hi so hab windows neu drauf auch vorher den mbr überschrieben. sollte man das machen oder war es unötig den mbr zu überschreiben ? dann hab ich mein gdata noch mal installiert um online gehen zu können und alle windows updates zu machen und jetz bin ich dabei alle treiber zu aktualisieren! ist das soweit noch okay ? |
|
18.01.2013, 18:16
| #14 |
| /// Malware-holic | Serifef infiziert hi ist ok, ich persönlich hätte gdata zwar gegen emsisoft getauscht, ist aber geschmackssache, solange du gdata 2013 instaliert hast :-) bitte aber den Rest der Anleitung nicht vergessen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Serifef infiziert |
| antivirus, autorun, bho, defender, error, excel, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, mywinlocker, nvidia update, office 2007, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, symantec, virus, visual studio, windows |
Linear-Darstellung
