Trojaner-Board - System der automatischen Informationskontrolle

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - System der automatischen Informationskontrolle - Computer gesperrt (https://www.trojaner-board.de/125448-system-automatischen-informationskontrolle-computer-gesperrt.html)

Golderto

10.10.2012 10:19

System der automatischen Informationskontrolle - Computer gesperrt

Hallo, als ich gestern Abend im Internet surfte wurde von einer Sekunde auf die andere der Bildschirm weiß und es kam die Meldung: "Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt." Rechts oben erscheint das Logo der österreichischen Polizei. Es werden auch einige Gründe benannt, z.B. dass man sich verbotene Websites angesehen habe. Es wird verlangt, dass man 100 € bezahlen soll (Ukash).

Ich habe dann die Anleitung hier befolgt (Malwarebytes Anti-Malware heruntergeladen und durchgeführt) und den Computer im Abgesicherten Modus gestartet. Anschließend habe ich die anderen Programme heruntergeladen und ausgeführt. Allerdings funktionierte das Programm gmer.exe nicht, nachdem es ein paar Sekunden gelaufen ist. Es hieß dann wegen eines Fehler müsse die Datei geschlossen werden, obwohl ich zuvor alle Sachen beim McAfee deaktiviert hatte!

Deswegen befinden sich weiter unten nur die Logs von der Anti-Malware und Schritt 2 (OTL, Extra)
Ich hoffe das passt so!
Lg, Golderto

PS: Wann kann ich den Re-enable Button vom defogger (Schritt 1) wieder drücken?

Malwarebytes Anti-Malware:

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.10.01
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

media :: MEDIA-PC [Administrator]
 

Schutz: Deaktiviert
 

10.10.2012 09:44:04

mbam-log-2012-10-10 (09-44-04).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 227148

Laufzeit: 6 Minute(n), 9 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Gaycecodde (Backdoor.Agent) -> Daten: C:\Users\media\AppData\Roaming\Xogy\siad.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rqtppmbapjgtyju (Trojan.Winlock) -> Daten: C:\ProgramData\rqtppmba.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cbssreg (Trojan.Agent) -> Daten: C:\Users\media\AppData\Local\Temp\lurqjkle.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\Users\media\AppData\Roaming\SystemProc (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 16

C:\Users\media\AppData\Roaming\Xogy\siad.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\rqtppmba.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\dhcpsapi32.dll (Trojan.Tracur.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\audiohd.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\RECYCLER\S-1-5-21-7659959331-1071519505-604589256-6848\mgrls32.exe (Worm.Autorun.B) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\0.2519730864482337.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\ms.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\02000000ff557861922C.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\02000000ff557861922O.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\02000000ff557861922P.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\02000000ff557861922S.manifest (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\Temp\0.25751081556181643.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\Temp\0.8043754420957456.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\Temp\0.9280524519877272.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\Temp\lurqjkle.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Roaming\SystemProc\upd.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

OTL:
OTL Logfile:

Code:

OTL logfile created on: 10.10.2012 10:08:03 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,43% Memory free

6,19 Gb Paging File | 5,74 Gb Available in Paging File | 92,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294,33 Gb Total Space | 177,26 Gb Free Space | 60,22% Space Free | Partition Type: NTFS

Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS

 

Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.10.10 10:05:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL (1).exe

PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe

PRC - [2007.08.03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe

PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe

PRC - [2007.07.13 08:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.09 20:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.30 20:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.03.31 06:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ)

SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)

SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.10.05 12:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009.04.11 06:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2009.04.11 06:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2007.12.08 07:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.12.08 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9

IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at"

FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.23 20:07:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 20:22:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 11:26:52 | 000,000,000 | ---D | M]

 

[2009.09.08 17:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions

[2012.08.31 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions

[2012.04.01 20:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com

[2012.07.31 11:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml

[2012.07.31 11:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.23 20:07:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2012.09.30 20:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.01 20:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.30 20:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKCU..\Run: [mpkcomka] C:\Users\media\mpkcomka.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.10 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes

[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.10 09:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.10.10 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.10.09 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ofrvdjtupebarrp

[2012.10.09 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

[2012.10.08 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

[2012.10.08 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

[2012.10.07 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

[2012.10.07 09:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

[2012.10.06 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

[2012.10.05 17:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

[2012.10.04 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

[2012.10.03 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

[2012.10.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

[2012.10.02 08:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

[2012.10.01 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

[2012.09.30 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

[2012.09.30 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

[2012.09.27 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

[2012.09.26 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

[2012.09.25 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

[2012.09.24 23:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

[2012.09.24 11:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

[2012.09.23 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

[2012.09.20 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Xogy

[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Taype

[2012.09.19 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Inpy

[2012.09.19 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

[2012.09.18 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

[2012.09.18 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

[2012.09.17 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

[2012.09.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

[2012.09.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

[2012.09.14 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}

[2012.09.13 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}

[2012.09.12 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}

[2012.09.12 08:30:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}

[2012.09.11 13:49:21 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{2D586E6E-C0C5-4DA5-82D9-5A4E5EC8A246}

[2012.09.10 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{535CB8AD-6590-48EA-AC76-FE83DA5EE3F7}

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.10 10:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable

[2012.10.10 10:04:14 | 000,693,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.10 10:04:14 | 000,660,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.10 10:04:14 | 000,150,112 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.10 10:04:14 | 000,127,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.10 10:00:54 | 000,022,158 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2012.10.10 09:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.10 09:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.10 09:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.10.09 20:44:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.09 20:44:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.09 20:07:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.09 20:03:45 | 000,074,137 | ---- | M] () -- C:\ProgramData\tnjymarzxnstcad

[2012.10.07 17:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.10.10 10:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable

[2012.10.10 09:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.09 20:03:16 | 000,074,137 | ---- | C] () -- C:\ProgramData\tnjymarzxnstcad

[2012.10.07 17:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf

[2011.07.14 13:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.07.27 18:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat

[2010.05.25 16:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat

[2009.03.21 18:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.09.20 12:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2010.05.09 16:01:14 | 000,000,000 | -HSD | M] -- C:\Users\media\AppData\Roaming\.#

[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console

[2010.05.05 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient

[2008.10.02 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games

[2008.09.11 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi

[2008.10.03 16:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames

[2011.11.28 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto

[2012.10.04 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express

[2012.09.19 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Inpy

[2008.09.29 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst

[2008.12.17 15:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache

[2011.12.03 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion

[2012.10.09 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Taype

[2012.01.20 13:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity

[2010.08.22 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch

[2012.10.10 09:50:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Xogy

 
 ========== Purity Check ==========

 

 

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB26798$] -> Error: Cannot create file handle -> Unknown point type

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
 

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 10.10.2012 10:08:03 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,43% Memory free

6,19 Gb Paging File | 5,74 Gb Available in Paging File | 92,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294,33 Gb Total Space | 177,26 Gb Free Space | 60,22% Space Free | Partition Type: NTFS

Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS

 

Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DisabledInterfaces" = {3DDE6A87-9A75-4CD6-A108-9C3A48C85A00},{2FC76DB2-719C-4570-9177-8E5A30E0FE49}

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DisabledInterfaces" = {3DDE6A87-9A75-4CD6-A108-9C3A48C85A00},{2FC76DB2-719C-4570-9177-8E5A30E0FE49}

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A22A707-FF8C-4776-AB14-78853A732151}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{0E0B4957-F93E-4298-9C43-BE875669B3A2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{16BFCF73-7ADF-44E6-A05C-8B0709285BE0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{1FD61671-495C-4141-BC06-0E1D85E5D944}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{2B170C4C-D89F-45AC-83B1-8B89001D1F7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2FC6DFF1-5DD2-4CB2-962A-7A767AA63F8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{48C2311D-4DA6-437B-AD42-8693F3394410}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{64FD54B3-1E10-4133-805D-13F82DD28BAD}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{6DE3D63C-08E7-4BC6-8663-CA934ABF694B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{711288B1-A6EF-46CC-B0FB-F2F1A9B4A0CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{87833A98-0432-4997-B3D1-4AC9EAD3CD08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9ED5E038-1D88-4FA3-BF50-F45599EADE3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A0062775-9BB4-404C-8965-D9E96A662A50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B2302566-C71C-4EC4-B7B3-2CB66D951895}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B34F2389-5CB4-4553-BE7A-C9F6FE3003D2}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D3F18BC1-3F2E-4214-8817-A5303C86B4FE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{D8A7CEB5-1AF0-4487-9478-C0C15180230A}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{E801CCF3-D2FC-48C3-8633-0F07538ACD01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 

"{1FAA388C-2F6E-4DF1-B150-9845B3287AE9}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 

"{2C472612-E62A-42E2-9F24-A83A16E3EC54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 

"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 

"{3FD5FE58-BEE1-4681-A103-8D3CCA29B2EF}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 

"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 

"{698EBFB9-DCF9-486F-9F98-038126DD1E3F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{771AC356-5F2A-4529-8244-379721E5AFC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{91D41245-48E4-4C16-8361-9697965A9C0E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 

"{B44AA5D3-0CFD-44BE-9577-18C84291DF01}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 

"{B48D270D-4A7D-4127-A4BD-465C0F76495E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 

"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 

"{C2127F21-7A38-4482-96AD-37F2B351D5E4}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 

"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 

"{D0696EF3-CD9F-4162-AD34-E829F50F9D8D}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 

"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{D9275812-F4EB-4AD4-A134-7892951B266A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{E5CDDB72-12BD-4F8C-8492-D7432E97C267}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{568502E8-5167-11DE-A65F-B57B56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090

"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety

"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6

"Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010

"DivX Setup.divx.com" = DivX-Setup

"Farm Frenzy 3_is1" = Farm Frenzy 3

"HappyFoto-Designer_is1" = HappyFoto-Designer 4.4

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee SecurityCenter

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PhotoScape" = PhotoScape

"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2

"Sudoku-Drucker" = Sudoku-Drucker 1.4 

"Tele2 Internet" = Tele2 Internet

"VLC media player" = VLC media player 0.9.8a

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

"Move Media Player" = Move Media Player

"UnityWebPlayer" = Unity Web Player

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 09.10.2012 14:29:46 | Computer Name = media-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09.10.2012 14:30:17 | Computer Name = media-PC | Source = Application Hang | ID = 1002

Description = Programm rqtppmba.exe, Version 1.0.0.1 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 738  Anfangszeit: 01cda64bedf28fcd  Zeitpunkt der Beendigung:

 0

 

Error - 09.10.2012 14:30:25 | Computer Name = media-PC | Source = Application Hang | ID = 1002

Description = Programm communicator.exe, Version 4.0.7577.4103 arbeitet nicht mehr

 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet

 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 

über das Problem zu suchen.  Prozess-ID: 498  Anfangszeit: 01cda64bed167fdd  Zeitpunkt

 der Beendigung: 0

 

Error - 09.10.2012 14:35:45 | Computer Name = media-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09.10.2012 14:47:02 | Computer Name = media-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 09.10.2012 14:48:22 | Computer Name = media-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.10.2012 03:08:27 | Computer Name = media-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 10.10.2012 03:09:38 | Computer Name = media-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.10.2012 04:00:13 | Computer Name = media-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 10.10.2012 04:01:32 | Computer Name = media-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 10.10.2012 04:00:14 | Computer Name = media-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 10.10.2012 04:00:21 | Computer Name = media-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 10.10.2012 04:01:33 | Computer Name = media-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 10.10.2012 04:01:34 | Computer Name = media-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 10.10.2012 04:04:05 | Computer Name = media-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 10.10.2012 04:04:05 | Computer Name = media-PC | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

--- --- ---

Gmer:
Wurde nach wenigen Sekunden aufgrund von Problemen geschlossen!

Psychotic

10.10.2012 12:54

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Den Re-enable Button erst auf meine Anweisung betätigen!

Golderto

11.10.2012 06:58

Lieber Marius!

Vielen Dank im Voraus für deine Hilfe - Ich kann sie brauchen!

Zur Info: Schritt 1 wurde abgebrochen, zuerst findet das Programm die infizierte Datei: "C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Zeroot-B [Rtk]", dann kommt die Meldung: "avast! Antirootkit funktioniert nicht mehr" und schließt sich.

Schritt 2, TDSSKiller:

Code:

07:54:15.0597 1892  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

07:54:16.0346 1892  ============================================================

07:54:16.0346 1892  Current date / time: 2012/10/11 07:54:16.0346

07:54:16.0346 1892  SystemInfo:

07:54:16.0346 1892  

07:54:16.0346 1892  OS Version: 6.0.6002 ServicePack: 2.0

07:54:16.0346 1892  Product type: Workstation

07:54:16.0346 1892  ComputerName: MEDIA-PC

07:54:16.0346 1892  UserName: media

07:54:16.0346 1892  Windows directory: C:\Windows

07:54:16.0346 1892  System windows directory: C:\Windows

07:54:16.0346 1892  Processor architecture: Intel x86

07:54:16.0346 1892  Number of processors: 4

07:54:16.0346 1892  Page size: 0x1000

07:54:16.0346 1892  Boot type: Safe boot with network

07:54:16.0346 1892  ============================================================

07:54:16.0658 1892  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

07:54:16.0658 1892  ============================================================

07:54:16.0658 1892  \Device\Harddisk0\DR0:

07:54:16.0658 1892  MBR partitions:

07:54:16.0658 1892  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000

07:54:16.0658 1892  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800

07:54:16.0658 1892  ============================================================

07:54:16.0689 1892  C: <-> \Device\Harddisk0\DR0\Partition1

07:54:16.0721 1892  D: <-> \Device\Harddisk0\DR0\Partition2

07:54:16.0721 1892  ============================================================

07:54:16.0721 1892  Initialize success

07:54:16.0721 1892  ============================================================

07:54:22.0961 1988  ============================================================

07:54:22.0961 1988  Scan started

07:54:22.0961 1988  Mode: Manual; 

07:54:22.0961 1988  ============================================================

07:54:23.0054 1988  ================ Scan system memory ========================

07:54:23.0054 1988  System memory - ok

07:54:23.0054 1988  ================ Scan services =============================

07:54:23.0148 1988  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

07:54:23.0148 1988  Acer HomeMedia Connect Service - ok

07:54:23.0179 1988  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

07:54:23.0179 1988  AcerMemUsageCheckService - ok

07:54:23.0288 1988  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

07:54:23.0304 1988  ACPI - ok

07:54:23.0335 1988  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

07:54:23.0335 1988  AdobeFlashPlayerUpdateSvc - ok

07:54:23.0382 1988  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

07:54:23.0382 1988  adp94xx - ok

07:54:23.0397 1988  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

07:54:23.0397 1988  adpahci - ok

07:54:23.0413 1988  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

07:54:23.0413 1988  adpu160m - ok

07:54:23.0460 1988  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

07:54:23.0460 1988  adpu320 - ok

07:54:23.0475 1988  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

07:54:23.0475 1988  AeLookupSvc - ok

07:54:23.0522 1988  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

07:54:23.0522 1988  AFD - ok

07:54:23.0553 1988  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

07:54:23.0553 1988  agp440 - ok

07:54:23.0569 1988  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

07:54:23.0569 1988  aic78xx - ok

07:54:23.0585 1988  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

07:54:23.0585 1988  ALG - ok

07:54:23.0600 1988  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

07:54:23.0600 1988  aliide - ok

07:54:23.0616 1988  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

07:54:23.0616 1988  amdagp - ok

07:54:23.0647 1988  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

07:54:23.0647 1988  amdide - ok

07:54:23.0678 1988  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

07:54:23.0678 1988  AmdK7 - ok

07:54:23.0694 1988  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

07:54:23.0694 1988  AmdK8 - ok

07:54:23.0897 1988  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

07:54:23.0897 1988  Appinfo - ok

07:54:23.0912 1988  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

07:54:23.0912 1988  arc - ok

07:54:23.0928 1988  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

07:54:23.0928 1988  arcsas - ok

07:54:23.0943 1988  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

07:54:23.0943 1988  AsyncMac - ok

07:54:23.0990 1988  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

07:54:23.0990 1988  atapi - ok

07:54:24.0006 1988  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

07:54:24.0021 1988  AudioEndpointBuilder - ok

07:54:24.0037 1988  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

07:54:24.0037 1988  Audiosrv - ok

07:54:24.0099 1988  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE

07:54:24.0099 1988  BBSvc - ok

07:54:24.0162 1988  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

07:54:24.0162 1988  BcmSqlStartupSvc - ok

07:54:24.0177 1988  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

07:54:24.0177 1988  Beep - ok

07:54:24.0209 1988  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

07:54:24.0224 1988  BITS - ok

07:54:24.0271 1988  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

07:54:24.0271 1988  blbdrive - ok

07:54:24.0302 1988  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

07:54:24.0302 1988  bowser - ok

07:54:24.0302 1988  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

07:54:24.0318 1988  BrFiltLo - ok

07:54:24.0318 1988  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

07:54:24.0318 1988  BrFiltUp - ok

07:54:24.0349 1988  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

07:54:24.0349 1988  Browser - ok

07:54:24.0365 1988  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

07:54:24.0365 1988  Brserid - ok

07:54:24.0380 1988  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

07:54:24.0380 1988  BrSerWdm - ok

07:54:24.0396 1988  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

07:54:24.0396 1988  BrUsbMdm - ok

07:54:24.0411 1988  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

07:54:24.0411 1988  BrUsbSer - ok

07:54:24.0427 1988  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

07:54:24.0427 1988  BTHMODEM - ok

07:54:24.0458 1988  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

07:54:24.0458 1988  cdfs - ok

07:54:24.0489 1988  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

07:54:24.0489 1988  cdrom - ok

07:54:24.0505 1988  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

07:54:24.0505 1988  CertPropSvc - ok

07:54:24.0521 1988  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

07:54:24.0521 1988  circlass - ok

07:54:24.0552 1988  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

07:54:24.0552 1988  CLFS - ok

07:54:24.0599 1988  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:54:24.0599 1988  clr_optimization_v2.0.50727_32 - ok

07:54:24.0661 1988  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:54:24.0739 1988  clr_optimization_v4.0.30319_32 - ok

07:54:24.0755 1988  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

07:54:24.0755 1988  cmdide - ok

07:54:24.0770 1988  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

07:54:24.0770 1988  Compbatt - ok

07:54:24.0770 1988  COMSysApp - ok

07:54:24.0786 1988  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

07:54:24.0786 1988  crcdisk - ok

07:54:24.0801 1988  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

07:54:24.0801 1988  Crusoe - ok

07:54:24.0848 1988  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

07:54:24.0848 1988  CryptSvc - ok

07:54:24.0879 1988  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys

07:54:24.0879 1988  CVirtA - ok

07:54:24.0957 1988  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

07:54:24.0973 1988  CVPND - ok

07:54:25.0004 1988  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys

07:54:25.0020 1988  CVPNDRVA - ok

07:54:25.0067 1988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

07:54:25.0082 1988  DcomLaunch - ok

07:54:25.0129 1988  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

07:54:25.0129 1988  DfsC - ok

07:54:25.0176 1988  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

07:54:25.0207 1988  DFSR - ok

07:54:25.0254 1988  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

07:54:25.0254 1988  Dhcp - ok

07:54:25.0285 1988  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

07:54:25.0285 1988  disk - ok

07:54:25.0332 1988  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys

07:54:25.0332 1988  DNE - ok

07:54:25.0363 1988  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

07:54:25.0363 1988  Dnscache - ok

07:54:25.0394 1988  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

07:54:25.0394 1988  dot3svc - ok

07:54:25.0441 1988  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

07:54:25.0441 1988  Dot4 - ok

07:54:25.0457 1988  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

07:54:25.0457 1988  Dot4Print - ok

07:54:25.0472 1988  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

07:54:25.0472 1988  dot4usb - ok

07:54:25.0503 1988  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

07:54:25.0503 1988  DPS - ok

07:54:25.0519 1988  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

07:54:25.0519 1988  drmkaud - ok

07:54:25.0550 1988  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

07:54:25.0566 1988  DXGKrnl - ok

07:54:25.0597 1988  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

07:54:25.0597 1988  E1G60 - ok

07:54:25.0613 1988  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

07:54:25.0613 1988  EapHost - ok

07:54:25.0659 1988  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

07:54:25.0659 1988  Ecache - ok

07:54:25.0691 1988  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

07:54:25.0706 1988  eDataSecurity Service - ok

07:54:25.0722 1988  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

07:54:25.0737 1988  ehRecvr - ok

07:54:25.0737 1988  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

07:54:25.0737 1988  ehSched - ok

07:54:25.0753 1988  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

07:54:25.0753 1988  ehstart - ok

07:54:25.0769 1988  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

07:54:25.0784 1988  elxstor - ok

07:54:25.0815 1988  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

07:54:25.0831 1988  EMDMgmt - ok

07:54:25.0878 1988  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

07:54:25.0878 1988  eRecoveryService - ok

07:54:25.0909 1988  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

07:54:25.0909 1988  ErrDev - ok

07:54:25.0956 1988  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

07:54:25.0956 1988  eSettingsService - ok

07:54:25.0987 1988  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

07:54:25.0987 1988  EventSystem - ok

07:54:26.0018 1988  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

07:54:26.0018 1988  exfat - ok

07:54:26.0049 1988  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

07:54:26.0049 1988  fastfat - ok

07:54:26.0065 1988  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

07:54:26.0065 1988  fdc - ok

07:54:26.0081 1988  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

07:54:26.0081 1988  fdPHost - ok

07:54:26.0096 1988  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

07:54:26.0096 1988  FDResPub - ok

07:54:26.0112 1988  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

07:54:26.0112 1988  FileInfo - ok

07:54:26.0112 1988  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

07:54:26.0127 1988  Filetrace - ok

07:54:26.0127 1988  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

07:54:26.0127 1988  flpydisk - ok

07:54:26.0159 1988  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

07:54:26.0159 1988  FltMgr - ok

07:54:26.0205 1988  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

07:54:26.0221 1988  FontCache - ok

07:54:26.0268 1988  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

07:54:26.0268 1988  FontCache3.0.0.0 - ok

07:54:26.0299 1988  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys

07:54:26.0299 1988  fssfltr - ok

07:54:26.0377 1988  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe

07:54:26.0408 1988  fsssvc - ok

07:54:26.0439 1988  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

07:54:26.0439 1988  Fs_Rec - ok

07:54:26.0455 1988  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

07:54:26.0455 1988  gagp30kx - ok

07:54:26.0486 1988  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

07:54:26.0502 1988  gpsvc - ok

07:54:26.0549 1988  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

07:54:26.0549 1988  HdAudAddService - ok

07:54:26.0595 1988  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

07:54:26.0611 1988  HDAudBus - ok

07:54:26.0627 1988  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

07:54:26.0627 1988  HidBth - ok

07:54:26.0642 1988  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

07:54:26.0642 1988  HidIr - ok

07:54:26.0673 1988  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll

07:54:26.0673 1988  hidserv - ok

07:54:26.0705 1988  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

07:54:26.0705 1988  HidUsb - ok

07:54:26.0720 1988  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

07:54:26.0720 1988  hkmsvc - ok

07:54:26.0736 1988  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

07:54:26.0736 1988  HpCISSs - ok

07:54:26.0861 1988  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

07:54:26.0861 1988  hpqcxs08 - ok

07:54:26.0876 1988  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

07:54:26.0876 1988  hpqddsvc - ok

07:54:26.0907 1988  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

07:54:26.0907 1988  HTTP - ok

07:54:26.0923 1988  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

07:54:26.0923 1988  i2omp - ok

07:54:26.0939 1988  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

07:54:26.0939 1988  i8042prt - ok

07:54:26.0970 1988  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys

07:54:26.0970 1988  iaStor - ok

07:54:26.0985 1988  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

07:54:26.0985 1988  iaStorV - ok

07:54:27.0079 1988  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

07:54:27.0079 1988  IDriverT - ok

07:54:27.0141 1988  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:54:27.0157 1988  idsvc - ok

07:54:27.0173 1988  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

07:54:27.0173 1988  iirsp - ok

07:54:27.0204 1988  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

07:54:27.0219 1988  IKEEXT - ok

07:54:27.0235 1988  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys

07:54:27.0251 1988  int15 - ok

07:54:27.0297 1988  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

07:54:27.0329 1988  IntcAzAudAddService - ok

07:54:27.0360 1988  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

07:54:27.0360 1988  intelide - ok

07:54:27.0360 1988  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

07:54:27.0360 1988  intelppm - ok

07:54:27.0391 1988  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

07:54:27.0391 1988  IPBusEnum - ok

07:54:27.0407 1988  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:54:27.0407 1988  IpFilterDriver - ok

07:54:27.0407 1988  IpInIp - ok

07:54:27.0422 1988  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

07:54:27.0422 1988  IPMIDRV - ok

07:54:27.0438 1988  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

07:54:27.0438 1988  IPNAT - ok

07:54:27.0453 1988  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

07:54:27.0469 1988  IRENUM - ok

07:54:27.0485 1988  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

07:54:27.0485 1988  isapnp - ok

07:54:27.0531 1988  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

07:54:27.0531 1988  iScsiPrt - ok

07:54:27.0547 1988  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

07:54:27.0547 1988  iteatapi - ok

07:54:27.0563 1988  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

07:54:27.0563 1988  iteraid - ok

07:54:27.0578 1988  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

07:54:27.0578 1988  kbdclass - ok

07:54:27.0625 1988  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

07:54:27.0625 1988  kbdhid - ok

07:54:27.0641 1988  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

07:54:27.0641 1988  KeyIso - ok

07:54:27.0672 1988  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

07:54:27.0672 1988  KSecDD - ok

07:54:27.0703 1988  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

07:54:27.0703 1988  KtmRm - ok

07:54:27.0734 1988  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll

07:54:27.0750 1988  LanmanServer - ok

07:54:27.0797 1988  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

07:54:27.0812 1988  LanmanWorkstation - ok

07:54:27.0828 1988  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

07:54:27.0828 1988  LightScribeService - ok

07:54:27.0843 1988  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

07:54:27.0843 1988  lltdio - ok

07:54:27.0875 1988  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

07:54:27.0875 1988  lltdsvc - ok

07:54:27.0875 1988  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

07:54:27.0875 1988  lmhosts - ok

07:54:27.0906 1988  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

07:54:27.0906 1988  LSI_FC - ok

07:54:27.0921 1988  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

07:54:27.0921 1988  LSI_SAS - ok

07:54:27.0937 1988  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

07:54:27.0937 1988  LSI_SCSI - ok

07:54:27.0968 1988  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

07:54:27.0968 1988  luafv - ok

07:54:27.0984 1988  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

07:54:27.0984 1988  MBAMProtector - ok

07:54:28.0046 1988  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

07:54:28.0062 1988  MBAMScheduler - ok

07:54:28.0077 1988  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

07:54:28.0093 1988  MBAMService - ok

07:54:28.0187 1988  [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

07:54:28.0187 1988  McAfee SiteAdvisor Service - ok

07:54:28.0233 1988  [ CB3A8976DE2F65349322DA7627CEA223 ] mcmscsvc        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

07:54:28.0233 1988  mcmscsvc - ok

07:54:28.0327 1988  [ C69E71E00B30B60556D3E096699BD423 ] McNASvc         c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

07:54:28.0358 1988  McNASvc - ok

07:54:28.0421 1988  [ 21456F3051CBEFD1F2D60D8B9AB9C6EE ] McODS           C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

07:54:28.0421 1988  McODS - ok

07:54:28.0436 1988  [ 8CF3DA0BE6094C34D7C4A85493E60547 ] McProxy         c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

07:54:28.0436 1988  McProxy - ok

07:54:28.0467 1988  [ 33734ABFA52EC8D096A1254D645E9B4F ] McShield        C:\Program Files\McAfee\VirusScan\McShield.exe

07:54:28.0467 1988  McShield - ok

07:54:28.0499 1988  [ FD47DF2BCC3544DF65B01AD6B6062430 ] McSysmon        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

07:54:28.0514 1988  McSysmon - ok

07:54:28.0530 1988  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

07:54:28.0530 1988  Mcx2Svc - ok

07:54:28.0561 1988  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

07:54:28.0561 1988  megasas - ok

07:54:28.0577 1988  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

07:54:28.0577 1988  MegaSR - ok

07:54:28.0608 1988  [ C97CBFD71C1C215150A3B3E55F77A7A3 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys

07:54:28.0608 1988  mfeavfk - ok

07:54:28.0623 1988  [ 5447338B83A1A2354FB2FEA7604387FD ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys

07:54:28.0623 1988  mfebopk - ok

07:54:28.0639 1988  [ 6C9A6ED60B8FC3BAF72FE1B1D096445B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys

07:54:28.0639 1988  mfehidk - ok

07:54:28.0655 1988  [ A551154B51D6A93FCCF70FC4E8EAF4BD ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys

07:54:28.0670 1988  mferkdk - ok

07:54:28.0670 1988  [ 299A86B780C9627AAA24E74292363ED2 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys

07:54:28.0670 1988  mfesmfk - ok

07:54:28.0717 1988  Microsoft SharePoint Workspace Audit Service - ok

07:54:28.0733 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

07:54:28.0733 1988  MMCSS - ok

07:54:28.0748 1988  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

07:54:28.0748 1988  Modem - ok

07:54:28.0764 1988  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

07:54:28.0764 1988  monitor - ok

07:54:28.0779 1988  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

07:54:28.0779 1988  mouclass - ok

07:54:28.0779 1988  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

07:54:28.0779 1988  mouhid - ok

07:54:28.0795 1988  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

07:54:28.0795 1988  MountMgr - ok

07:54:28.0826 1988  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

07:54:28.0826 1988  MozillaMaintenance - ok

07:54:28.0842 1988  [ 96CF5286BC370B558735A7B891232D92 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys

07:54:28.0842 1988  MPFP - ok

07:54:28.0873 1988  [ 346F30F1FF73553AA466F4AE7948DA00 ] MpfService      C:\Program Files\McAfee\MPF\MPFSrv.exe

07:54:28.0889 1988  MpfService - ok

07:54:28.0935 1988  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

07:54:28.0935 1988  mpio - ok

07:54:28.0935 1988  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

07:54:28.0935 1988  mpsdrv - ok

07:54:28.0951 1988  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

07:54:28.0951 1988  Mraid35x - ok

07:54:28.0982 1988  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

07:54:28.0982 1988  MRxDAV - ok

07:54:29.0013 1988  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

07:54:29.0013 1988  mrxsmb - ok

07:54:29.0029 1988  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:54:29.0029 1988  mrxsmb10 - ok

07:54:29.0045 1988  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:54:29.0045 1988  mrxsmb20 - ok

07:54:29.0060 1988  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

07:54:29.0060 1988  msahci - ok

07:54:29.0076 1988  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

07:54:29.0076 1988  msdsm - ok

07:54:29.0091 1988  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

07:54:29.0091 1988  MSDTC - ok

07:54:29.0091 1988  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

07:54:29.0091 1988  Msfs - ok

07:54:29.0138 1988  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

07:54:29.0138 1988  msisadrv - ok

07:54:29.0154 1988  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

07:54:29.0154 1988  MSiSCSI - ok

07:54:29.0169 1988  msiserver - ok

07:54:29.0201 1988  [ A05DE3535884270B8D292DCBDD6DED20 ] MSK80Service    C:\Program Files\McAfee\MSK\MskSrver.exe

07:54:29.0201 1988  MSK80Service - ok

07:54:29.0216 1988  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

07:54:29.0216 1988  MSKSSRV - ok

07:54:29.0247 1988  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

07:54:29.0247 1988  MSPCLOCK - ok

07:54:29.0263 1988  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

07:54:29.0263 1988  MSPQM - ok

07:54:29.0294 1988  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

07:54:29.0294 1988  MsRPC - ok

07:54:29.0310 1988  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

07:54:29.0310 1988  mssmbios - ok

07:54:29.0357 1988  MSSQL$MSSMLBIZ - ok

07:54:29.0419 1988  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

07:54:29.0419 1988  MSSQLServerADHelper100 - ok

07:54:29.0435 1988  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

07:54:29.0435 1988  MSTEE - ok

07:54:29.0435 1988  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

07:54:29.0435 1988  Mup - ok

07:54:29.0481 1988  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

07:54:29.0481 1988  napagent - ok

07:54:29.0528 1988  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

07:54:29.0528 1988  NativeWifiP - ok

07:54:29.0559 1988  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

07:54:29.0575 1988  NDIS - ok

07:54:29.0606 1988  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

07:54:29.0606 1988  NdisTapi - ok

07:54:29.0606 1988  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

07:54:29.0606 1988  Ndisuio - ok

07:54:29.0653 1988  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

07:54:29.0653 1988  NdisWan - ok

07:54:29.0669 1988  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

07:54:29.0669 1988  NDProxy - ok

07:54:29.0684 1988  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

07:54:29.0684 1988  Net Driver HPZ12 - ok

07:54:29.0715 1988  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

07:54:29.0715 1988  NetBIOS - ok

07:54:29.0731 1988  [ 12856F7F1E943F6762A5CA341BE5AC77 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

07:54:29.0731 1988  netbt ( Virus.Win32.ZAccess.g ) - infected

07:54:29.0731 1988  netbt - detected Virus.Win32.ZAccess.g (0)

07:54:29.0747 1988  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

07:54:29.0747 1988  Netlogon - ok

07:54:29.0762 1988  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

07:54:29.0762 1988  Netman - ok

07:54:29.0778 1988  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

07:54:29.0793 1988  netprofm - ok

07:54:29.0825 1988  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:54:29.0825 1988  NetTcpPortSharing - ok

07:54:29.0840 1988  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

07:54:29.0840 1988  nfrd960 - ok

07:54:29.0871 1988  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

07:54:29.0871 1988  NlaSvc - ok

07:54:29.0887 1988  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

07:54:29.0887 1988  Npfs - ok

07:54:29.0887 1988  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

07:54:29.0887 1988  nsi - ok

07:54:29.0918 1988  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

07:54:29.0918 1988  nsiproxy - ok

07:54:29.0965 1988  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

07:54:29.0981 1988  Ntfs - ok

07:54:29.0996 1988  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys

07:54:29.0996 1988  NTIDrvr - ok

07:54:30.0012 1988  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

07:54:30.0012 1988  ntrigdigi - ok

07:54:30.0012 1988  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

07:54:30.0012 1988  Null - ok

07:54:30.0043 1988  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys

07:54:30.0043 1988  NVENETFD - ok

07:54:30.0074 1988  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

07:54:30.0090 1988  NVHDA - ok

07:54:30.0277 1988  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

07:54:30.0417 1988  nvlddmkm - ok

07:54:30.0417 1988  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

07:54:30.0417 1988  nvraid - ok

07:54:30.0433 1988  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys

07:54:30.0433 1988  nvrd32 - ok

07:54:30.0433 1988  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys

07:54:30.0433 1988  nvsmu - ok

07:54:30.0449 1988  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

07:54:30.0449 1988  nvstor - ok

07:54:30.0464 1988  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys

07:54:30.0464 1988  nvstor32 - ok

07:54:30.0495 1988  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe

07:54:30.0495 1988  nvsvc - ok

07:54:30.0511 1988  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

07:54:30.0511 1988  nv_agp - ok

07:54:30.0511 1988  NwlnkFlt - ok

07:54:30.0511 1988  NwlnkFwd - ok

07:54:30.0542 1988  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

07:54:30.0542 1988  ohci1394 - ok

07:54:30.0605 1988  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:54:30.0605 1988  ose - ok

07:54:30.0714 1988  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

07:54:30.0807 1988  osppsvc - ok

07:54:30.0854 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

07:54:30.0870 1988  p2pimsvc - ok

07:54:30.0885 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

07:54:30.0885 1988  p2psvc - ok

07:54:30.0901 1988  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

07:54:30.0901 1988  Parport - ok

07:54:30.0932 1988  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

07:54:30.0932 1988  partmgr - ok

07:54:30.0948 1988  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

07:54:30.0948 1988  Parvdm - ok

07:54:30.0963 1988  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

07:54:30.0963 1988  PcaSvc - ok

07:54:30.0995 1988  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

07:54:30.0995 1988  pci - ok

07:54:31.0010 1988  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys

07:54:31.0010 1988  pciide - ok

07:54:31.0041 1988  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

07:54:31.0041 1988  pcmcia - ok

07:54:31.0073 1988  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

07:54:31.0088 1988  PEAUTH - ok

07:54:31.0135 1988  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

07:54:31.0151 1988  pla - ok

07:54:31.0197 1988  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

07:54:31.0197 1988  PlugPlay - ok

07:54:31.0229 1988  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

07:54:31.0229 1988  Pml Driver HPZ12 - ok

07:54:31.0229 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

07:54:31.0244 1988  PNRPAutoReg - ok

07:54:31.0244 1988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

07:54:31.0260 1988  PNRPsvc - ok

07:54:31.0291 1988  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

07:54:31.0291 1988  PolicyAgent - ok

07:54:31.0322 1988  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

07:54:31.0322 1988  PptpMiniport - ok

07:54:31.0338 1988  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

07:54:31.0338 1988  Processor - ok

07:54:31.0369 1988  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

07:54:31.0369 1988  ProfSvc - ok

07:54:31.0385 1988  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

07:54:31.0385 1988  ProtectedStorage - ok

07:54:31.0416 1988  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

07:54:31.0416 1988  PSched - ok

07:54:31.0447 1988  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys

07:54:31.0447 1988  PSDFilter - ok

07:54:31.0447 1988  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys

07:54:31.0447 1988  PSDNServ - ok

07:54:31.0463 1988  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys

07:54:31.0463 1988  psdvdisk - ok

07:54:31.0478 1988  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

07:54:31.0478 1988  PxHelp20 - ok

07:54:31.0525 1988  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

07:54:31.0541 1988  ql2300 - ok

07:54:31.0556 1988  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

07:54:31.0556 1988  ql40xx - ok

07:54:31.0619 1988  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

07:54:31.0619 1988  QWAVE - ok

07:54:31.0634 1988  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

07:54:31.0634 1988  QWAVEdrv - ok

07:54:31.0697 1988  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll

07:54:31.0697 1988  RapiMgr - ok

07:54:31.0712 1988  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

07:54:31.0712 1988  RasAcd - ok

07:54:31.0712 1988  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

07:54:31.0712 1988  RasAuto - ok

07:54:31.0728 1988  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

07:54:31.0728 1988  Rasl2tp - ok

07:54:31.0775 1988  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

07:54:31.0775 1988  RasMan - ok

07:54:31.0806 1988  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

07:54:31.0806 1988  RasPppoe - ok

07:54:31.0837 1988  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

07:54:31.0837 1988  RasSstp - ok

07:54:31.0868 1988  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

07:54:31.0868 1988  rdbss - ok

07:54:31.0884 1988  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

07:54:31.0884 1988  RDPCDD - ok

07:54:31.0899 1988  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

07:54:31.0899 1988  rdpdr - ok

07:54:31.0915 1988  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

07:54:31.0915 1988  RDPENCDD - ok

07:54:31.0946 1988  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

07:54:31.0946 1988  RDPWD - ok

07:54:31.0977 1988  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

07:54:31.0977 1988  RemoteAccess - ok

07:54:32.0009 1988  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

07:54:32.0009 1988  RemoteRegistry - ok

07:54:32.0055 1988  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe

07:54:32.0055 1988  RichVideo - ok

07:54:32.0102 1988  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys

07:54:32.0102 1988  RimUsb - ok

07:54:32.0118 1988  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys

07:54:32.0118 1988  RimVSerPort - ok

07:54:32.0133 1988  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys

07:54:32.0133 1988  ROOTMODEM - ok

07:54:32.0196 1988  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

07:54:32.0196 1988  Roxio UPnP Renderer 9 - ok

07:54:32.0227 1988  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

07:54:32.0227 1988  Roxio Upnp Server 9 - ok

07:54:32.0258 1988  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

07:54:32.0274 1988  RoxLiveShare9 - ok

07:54:32.0321 1988  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

07:54:32.0352 1988  RoxMediaDB9 - ok

07:54:32.0367 1988  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

07:54:32.0367 1988  RoxWatch9 - ok

07:54:32.0399 1988  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

07:54:32.0399 1988  RpcLocator - ok

07:54:32.0430 1988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

07:54:32.0445 1988  RpcSs - ok

07:54:32.0477 1988  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

07:54:32.0477 1988  RsFx0103 - ok

07:54:32.0492 1988  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

07:54:32.0492 1988  rspndr - ok

07:54:32.0508 1988  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

07:54:32.0508 1988  SamSs - ok

07:54:32.0523 1988  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

07:54:32.0523 1988  sbp2port - ok

07:54:32.0555 1988  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

07:54:32.0555 1988  SCardSvr - ok

07:54:32.0586 1988  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

07:54:32.0601 1988  Schedule - ok

07:54:32.0633 1988  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

07:54:32.0633 1988  SCPolicySvc - ok

07:54:32.0664 1988  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

07:54:32.0664 1988  SDRSVC - ok

07:54:32.0742 1988  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE

07:54:32.0757 1988  SeaPort - ok

07:54:32.0757 1988  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

07:54:32.0757 1988  secdrv - ok

07:54:32.0773 1988  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

07:54:32.0773 1988  seclogon - ok

07:54:32.0789 1988  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

07:54:32.0789 1988  SENS - ok

07:54:32.0804 1988  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

07:54:32.0804 1988  Serenum - ok

07:54:32.0820 1988  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

07:54:32.0820 1988  Serial - ok

07:54:32.0835 1988  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

07:54:32.0835 1988  sermouse - ok

07:54:32.0851 1988  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

07:54:32.0867 1988  SessionEnv - ok

07:54:32.0867 1988  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

07:54:32.0867 1988  sffdisk - ok

07:54:32.0882 1988  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

07:54:32.0882 1988  sffp_mmc - ok

07:54:32.0898 1988  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

07:54:32.0898 1988  sffp_sd - ok

07:54:32.0913 1988  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

07:54:32.0913 1988  sfloppy - ok

07:54:32.0929 1988  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

07:54:32.0929 1988  SharedAccess - ok

07:54:32.0960 1988  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

07:54:32.0960 1988  ShellHWDetection - ok

07:54:32.0976 1988  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

07:54:32.0976 1988  sisagp - ok

07:54:32.0991 1988  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

07:54:32.0991 1988  SiSRaid2 - ok

07:54:33.0007 1988  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

07:54:33.0023 1988  SiSRaid4 - ok

07:54:33.0054 1988  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

07:54:33.0054 1988  SkypeUpdate - ok

07:54:33.0147 1988  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

07:54:33.0194 1988  slsvc - ok

07:54:33.0210 1988  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

07:54:33.0225 1988  SLUINotify - ok

07:54:33.0241 1988  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

07:54:33.0241 1988  Smb - ok

07:54:33.0257 1988  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

07:54:33.0272 1988  SNMPTRAP - ok

07:54:33.0272 1988  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

07:54:33.0272 1988  spldr - ok

07:54:33.0303 1988  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

07:54:33.0303 1988  Spooler - ok

07:54:33.0350 1988  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE

07:54:33.0381 1988  SQLAgent$MSSMLBIZ - ok

07:54:33.0428 1988  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

07:54:33.0428 1988  SQLBrowser - ok

07:54:33.0444 1988  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

07:54:33.0444 1988  SQLWriter - ok

07:54:33.0475 1988  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

07:54:33.0491 1988  srv - ok

07:54:33.0522 1988  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

07:54:33.0522 1988  srv2 - ok

07:54:33.0553 1988  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

07:54:33.0553 1988  srvnet - ok

07:54:33.0569 1988  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

07:54:33.0569 1988  SSDPSRV - ok

07:54:33.0584 1988  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

07:54:33.0600 1988  SstpSvc - ok

07:54:33.0631 1988  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

07:54:33.0647 1988  stisvc - ok

07:54:33.0647 1988  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

07:54:33.0647 1988  swenum - ok

07:54:33.0693 1988  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

07:54:33.0693 1988  swprv - ok

07:54:33.0709 1988  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

07:54:33.0709 1988  Symc8xx - ok

07:54:33.0725 1988  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

07:54:33.0725 1988  Sym_hi - ok

07:54:33.0740 1988  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

07:54:33.0740 1988  Sym_u3 - ok

07:54:33.0787 1988  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

07:54:33.0803 1988  SysMain - ok

07:54:33.0803 1988  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

07:54:33.0818 1988  TabletInputService - ok

07:54:33.0849 1988  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

07:54:33.0865 1988  TapiSrv - ok

07:54:33.0865 1988  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

07:54:33.0865 1988  TBS - ok

07:54:33.0927 1988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

07:54:33.0927 1988  Tcpip - ok

07:54:33.0959 1988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

07:54:33.0959 1988  Tcpip6 - ok

07:54:33.0990 1988  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

07:54:33.0990 1988  tcpipreg - ok

07:54:34.0005 1988  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

07:54:34.0005 1988  TDPIPE - ok

07:54:34.0005 1988  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

07:54:34.0005 1988  TDTCP - ok

07:54:34.0037 1988  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

07:54:34.0037 1988  tdx - ok

07:54:34.0052 1988  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

07:54:34.0052 1988  TermDD - ok

07:54:34.0068 1988  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

07:54:34.0083 1988  TermService - ok

07:54:34.0099 1988  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

07:54:34.0099 1988  Themes - ok

07:54:34.0115 1988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

07:54:34.0115 1988  THREADORDER - ok

07:54:34.0130 1988  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

07:54:34.0130 1988  TrkWks - ok

07:54:34.0161 1988  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

07:54:34.0161 1988  TrustedInstaller - ok

07:54:34.0177 1988  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

07:54:34.0177 1988  tssecsrv - ok

07:54:34.0193 1988  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

07:54:34.0193 1988  tunmp - ok

07:54:34.0208 1988  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

07:54:34.0208 1988  tunnel - ok

07:54:34.0239 1988  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys

07:54:34.0239 1988  tvicport - ok

07:54:34.0255 1988  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

07:54:34.0255 1988  uagp35 - ok

07:54:34.0286 1988  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

07:54:34.0286 1988  udfs - ok

07:54:34.0302 1988  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

07:54:34.0302 1988  UI0Detect - ok

07:54:34.0317 1988  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

07:54:34.0317 1988  uliagpkx - ok

07:54:34.0333 1988  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

07:54:34.0349 1988  uliahci - ok

07:54:34.0364 1988  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

07:54:34.0364 1988  UlSata - ok

07:54:34.0380 1988  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

07:54:34.0380 1988  ulsata2 - ok

07:54:34.0380 1988  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

07:54:34.0380 1988  umbus - ok

07:54:34.0395 1988  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

07:54:34.0411 1988  upnphost - ok

07:54:34.0442 1988  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys

07:54:34.0442 1988  usbaudio - ok

07:54:34.0458 1988  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

07:54:34.0458 1988  usbccgp - ok

07:54:34.0473 1988  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

07:54:34.0473 1988  usbcir - ok

07:54:34.0520 1988  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

07:54:34.0520 1988  usbehci - ok

07:54:34.0536 1988  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

07:54:34.0536 1988  usbhub - ok

07:54:34.0536 1988  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

07:54:34.0536 1988  usbohci - ok

07:54:34.0551 1988  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

07:54:34.0551 1988  usbprint - ok

07:54:34.0583 1988  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

07:54:34.0583 1988  usbscan - ok

07:54:34.0583 1988  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:54:34.0583 1988  USBSTOR - ok

07:54:34.0598 1988  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

07:54:34.0598 1988  usbuhci - ok

07:54:34.0645 1988  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys

07:54:34.0645 1988  USB_RNDIS - ok

07:54:34.0661 1988  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

07:54:34.0676 1988  UxSms - ok

07:54:34.0723 1988  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

07:54:34.0723 1988  vds - ok

07:54:34.0754 1988  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

07:54:34.0754 1988  vga - ok

07:54:34.0770 1988  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

07:54:34.0770 1988  VgaSave - ok

07:54:34.0785 1988  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

07:54:34.0785 1988  viaagp - ok

07:54:34.0801 1988  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

07:54:34.0801 1988  ViaC7 - ok

07:54:34.0801 1988  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

07:54:34.0817 1988  viaide - ok

07:54:34.0817 1988  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

07:54:34.0817 1988  volmgr - ok

07:54:34.0848 1988  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

07:54:34.0848 1988  volmgrx - ok

07:54:34.0879 1988  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

07:54:34.0879 1988  volsnap - ok

07:54:34.0895 1988  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

07:54:34.0895 1988  vsmraid - ok

07:54:34.0926 1988  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

07:54:34.0957 1988  VSS - ok

07:54:34.0973 1988  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

07:54:34.0973 1988  W32Time - ok

07:54:34.0988 1988  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

07:54:34.0988 1988  WacomPen - ok

07:54:35.0004 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

07:54:35.0004 1988  Wanarp - ok

07:54:35.0004 1988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

07:54:35.0004 1988  Wanarpv6 - ok

07:54:35.0035 1988  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll

07:54:35.0035 1988  WcesComm - ok

07:54:35.0066 1988  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

07:54:35.0082 1988  wcncsvc - ok

07:54:35.0097 1988  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

07:54:35.0097 1988  WcsPlugInService - ok

07:54:35.0113 1988  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

07:54:35.0113 1988  Wd - ok

07:54:35.0129 1988  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

07:54:35.0129 1988  Wdf01000 - ok

07:54:35.0144 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

07:54:35.0144 1988  WdiServiceHost - ok

07:54:35.0144 1988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

07:54:35.0144 1988  WdiSystemHost - ok

07:54:35.0175 1988  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

07:54:35.0175 1988  WebClient - ok

07:54:35.0207 1988  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

07:54:35.0207 1988  Wecsvc - ok

07:54:35.0222 1988  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

07:54:35.0222 1988  wercplsupport - ok

07:54:35.0238 1988  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

07:54:35.0238 1988  WerSvc - ok

07:54:35.0238 1988  WinHttpAutoProxySvc - ok

07:54:35.0269 1988  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

07:54:35.0269 1988  Winmgmt - ok

07:54:35.0300 1988  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

07:54:35.0331 1988  WinRM - ok

07:54:35.0363 1988  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys

07:54:35.0363 1988  winusb - ok

07:54:35.0394 1988  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

07:54:35.0409 1988  Wlansvc - ok

07:54:35.0456 1988  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

07:54:35.0456 1988  wlcrasvc - ok

07:54:35.0534 1988  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

07:54:35.0565 1988  wlidsvc - ok

07:54:35.0565 1988  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

07:54:35.0565 1988  WmiAcpi - ok

07:54:35.0612 1988  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

07:54:35.0612 1988  wmiApSrv - ok

07:54:35.0643 1988  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

07:54:35.0659 1988  WMPNetworkSvc - ok

07:54:35.0675 1988  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

07:54:35.0690 1988  WPCSvc - ok

07:54:35.0737 1988  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

07:54:35.0753 1988  WPDBusEnum - ok

07:54:35.0831 1988  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:54:35.0862 1988  WPFFontCache_v0400 - ok

07:54:35.0877 1988  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

07:54:35.0877 1988  ws2ifsl - ok

07:54:35.0877 1988  WSearch - ok

07:54:35.0940 1988  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

07:54:35.0987 1988  wuauserv - ok

07:54:35.0987 1988  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

07:54:36.0002 1988  WUDFRd - ok

07:54:36.0018 1988  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

07:54:36.0018 1988  wudfsvc - ok

07:54:36.0033 1988  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys

07:54:36.0033 1988  zntport - ok

07:54:36.0049 1988  ================ Scan global ===============================

07:54:36.0065 1988  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

07:54:36.0096 1988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

07:54:36.0111 1988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

07:54:36.0143 1988  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

07:54:36.0143 1988  [Global] - ok

07:54:36.0143 1988  ================ Scan MBR ==================================

07:54:36.0158 1988  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0

07:54:38.0233 1988  \Device\Harddisk0\DR0 - ok

07:54:38.0233 1988  ================ Scan VBR ==================================

07:54:38.0233 1988  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1

07:54:38.0233 1988  \Device\Harddisk0\DR0\Partition1 - ok

07:54:38.0249 1988  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2

07:54:38.0249 1988  \Device\Harddisk0\DR0\Partition2 - ok

07:54:38.0249 1988  ============================================================

07:54:38.0249 1988  Scan finished

07:54:38.0249 1988  ============================================================

07:54:38.0264 1336  Detected object count: 1

07:54:38.0264 1336  Actual detected object count: 1

07:54:53.0802 1336  netbt ( Virus.Win32.ZAccess.g ) - skipped by user

07:54:53.0802 1336  netbt ( Virus.Win32.ZAccess.g ) - User select action: Skip

Psychotic

11.10.2012 07:04

Au fein, da haben wir ein richtiges Herzchen mit dabei! :teufel3:

Schritt 1: Software deinstallieren

Klicke Start-->Systemsteuerung.
Öffne Programme und Funktionen.
Suche und deinstalliere folgende Einträge:

Zitat:

Ask Toolbar
Schließe das Fenster.

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Golderto

11.10.2012 07:35

Zu Schritt 1:
Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.

Soll ich Schritt 2 nun trotzdem ausführen?

Lg

Psychotic

11.10.2012 07:41

Das liegt am abgesicherten Modus - fahre fort mit Schritt 2! :)

Golderto

11.10.2012 09:37

Hallo Marius!

Irgendwie bin ich zu blöd, den McAfee zu deaktivieren... hatte alles deaktiviert, und plötzlich heißt es, dass ich immer noch Sachen offen hätte von McAfee... habe dann alle McAfee-Sachen mit dem Task Manager beendet und Combofix durchlaufen lassen.. mehr als 40 Minuten.. habe irgendwie das Gefühl, dass sich das Programm aufgehängt hat...

Was soll ich tun?
LG

Psychotic

11.10.2012 09:40

Warte noch etwas ab - dann starte den Rechner im abgesicherten Modus mit Netzwerktreibern, lösche die vorhandene combofix und beginne von vorn!

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

http://www.trojaner-board.de/attachm...1&d=1266804935

Golderto

11.10.2012 12:47

Habe dies ca. 2-3 Mal gemacht und es findet immer noch nix, bzw. der Suchlauf kommt nicht zu einem Ergebnis/Ende... weiß nicht mehr was ich tun soll!

Psychotic

11.10.2012 12:51

Verdammt!

FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Golderto

11.10.2012 13:17

Jetzt hat mal was funktioniert ;)...

>>>

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012

Ran by SYSTEM at 11-10-2012 14:14:21

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [582992 2007-08-03] (McAfee, Inc.)

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [mpkcomka] C:\Users\media\mpkcomka.exe [x]

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95232 2012-06-15] (McAfee, Inc.)

2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.)

3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-11-06] (McAfee, Inc.)

2 McShield; C:\Program Files\McAfee\VirusScan\McShield.exe [144704 2007-07-24] (McAfee, Inc.)

3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [856864 2007-07-18] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [23880 2007-11-26] (McAfee, Inc.)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)

2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]

2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-21] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-21] (McAfee, Inc.)

1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-21] (McAfee, Inc.)

3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-21] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.)

1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)

1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 03:59 - 2012-10-11 03:59 - 00000973 ____A C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk

2012-10-11 02:03 - 2012-10-11 02:04 - 00000000 ___SD C:\ComboFix

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Downloads\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-10 00:18 - 00086202 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-10 00:15 - 00086202 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 10:03 - 2012-10-09 10:03 - 00074137 ____A C:\Users\All Users\tnjymarzxnstcad

2012-10-09 10:03 - 2012-10-09 10:03 - 00000000 ____D C:\Users\All Users\ofrvdjtupebarrp

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:17 - 2012-10-09 23:50 - 00000000 ____D C:\Users\media\AppData\Roaming\Xogy

2012-09-19 10:17 - 2012-10-09 10:04 - 00000000 ____D C:\Users\media\AppData\Roaming\Taype

2012-09-19 10:17 - 2012-09-19 10:17 - 00000000 ____D C:\Users\media\AppData\Roaming\Inpy

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

2012-09-14 11:24 - 2012-09-14 11:24 - 00000000 ____D C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}

2012-09-13 10:21 - 2012-09-13 10:22 - 00000000 ____D C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}

2012-09-12 10:30 - 2012-09-12 10:30 - 00000000 ____D C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}

2012-09-11 22:30 - 2012-09-11 22:30 - 00000000 ____D C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}

2012-09-11 03:49 - 2012-09-11 03:49 - 00000000 ____D C:\Users\media\AppData\Local\{2D586E6E-C0C5-4DA5-82D9-5A4E5EC8A246}
 

==================== 3 Months Modified Files ==================
 

2012-10-11 04:12 - 2008-03-21 06:15 - 00022584 ____A C:\Windows\System32\Config.MPF

2012-10-11 04:09 - 2008-01-20 18:47 - 08086906 ____A C:\Windows\PFRO.log

2012-10-11 04:02 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-11 03:59 - 2012-10-11 03:59 - 00000973 ____A C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Downloads\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-10 00:18 - 00086202 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-10 00:15 - 00086202 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:44 - 2008-09-03 06:04 - 01819520 ____A C:\Windows\WindowsUpdate.log

2012-10-09 10:44 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-09 10:44 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-09 10:44 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-09 10:44 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-09 10:07 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-09 10:03 - 2012-10-09 10:03 - 00074137 ____A C:\Users\All Users\tnjymarzxnstcad

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-08 11:26 - 2012-07-29 00:47 - 00085504 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 

ZeroAccess:

C:\Users\media\AppData\Local\6eb1f9e0

C:\Users\media\AppData\Local\6eb1f9e0\@

C:\Users\media\AppData\Local\6eb1f9e0\loader.tlb

C:\Users\media\AppData\Local\6eb1f9e0\U

C:\Users\media\AppData\Local\6eb1f9e0\X

C:\Users\media\AppData\Local\6eb1f9e0\U\00000001.@

C:\Users\media\AppData\Local\6eb1f9e0\U\000000c0.@

C:\Users\media\AppData\Local\6eb1f9e0\U\000000cb.@

C:\Users\media\AppData\Local\6eb1f9e0\U\000000cf.@

C:\Users\media\AppData\Local\6eb1f9e0\U\80000000.@

C:\Users\media\AppData\Local\6eb1f9e0\U\800000c0.@

C:\Users\media\AppData\Local\6eb1f9e0\U\800000cb.@

C:\Users\media\AppData\Local\6eb1f9e0\U\800000cf.@
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-08-24 09:58:27

Restore point made on: 2012-08-25 08:52:20

Restore point made on: 2012-08-26 10:29:49

Restore point made on: 2012-08-31 08:51:25

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3697.63 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3781.5 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.35 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:176.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 6     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 7     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-11 02:16
 

==================== End Of Log ============================

Psychotic

11.10.2012 13:32

Schritt 1: Fix mit FRST

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\media\...\Run: [mpkcomka] C:\Users\media\mpkcomka.exe
 

C:\Users\media\mpkcomka.exe

C:\Users\All Users\tnjymarzxnstcad

C:\Users\All Users\ofrvdjtupebarrp

C:\Users\media\AppData\Roaming\Xogy

C:\Users\media\AppData\Roaming\Taype

C:\Users\media\AppData\Roaming\Inpy

C:\Users\All Users\tnjymarzxnstcad

C:\Users\media\AppData\Local\6eb1f9e0

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Starte den Rechner im normalen Modus!

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Golderto

11.10.2012 14:57

Hallo Marius!

Schritt 1:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-11 14:52:50 Run:1

Running from J:\
 

==============================================
 

HKEY_USERS\media\Software\Microsoft\Windows\CurrentVersion\Run\\mpkcomka Value deleted successfully.

C:\Users\media\mpkcomka.exe not found.

C:\Users\All Users\tnjymarzxnstcad moved successfully.

C:\Users\All Users\ofrvdjtupebarrp moved successfully.

C:\Users\media\AppData\Roaming\Xogy moved successfully.

C:\Users\media\AppData\Roaming\Taype moved successfully.

C:\Users\media\AppData\Roaming\Inpy moved successfully.

C:\Users\All Users\tnjymarzxnstcad not found.

C:\Users\media\AppData\Local\6eb1f9e0 moved successfully.
 

==== End of Fixlog ====

Schritt 2:
Ich habe den PC im normalen Modus gestartet, passt "soweit", aber immer noch das Problem mit Combofix, läuft schon ca. 30 Minuten... und es kommt keine Meldung... ?!

lg

Psychotic

11.10.2012 15:07

hmmm...mach bitte ein neues OTL-Log!

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Golderto

11.10.2012 15:36

OTL:

Code:

OTL logfile created on: 11.10.2012 16:25:11 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,76% Memory free

6,22 Gb Paging File | 4,64 Gb Available in Paging File | 74,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294,33 Gb Total Space | 173,59 Gb Free Space | 58,98% Space Free | Partition Type: NTFS

Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS

Drive J: | 7,70 Gb Total Space | 7,70 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

 

Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.10.10 10:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL.exe

PRC - [2012.10.09 20:01:28 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe

PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2009.04.11 08:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe

PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe

PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe

PRC - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe

PRC - [2007.07.13 08:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2005.10.20 11:36:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2005.10.20 11:36:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.09 20:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.30 20:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.25 14:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.03.31 06:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ)

SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)

SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.08.15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2007.07.24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2007.07.18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\media\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.10.05 12:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.08.21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009.04.11 06:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2009.04.11 06:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2007.12.08 07:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.12.08 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007.07.13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9

IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at"

FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.23 20:07:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 20:22:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 11:26:52 | 000,000,000 | ---D | M]

 

[2009.09.08 17:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions

[2012.08.31 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions

[2012.04.01 20:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com

[2012.07.31 11:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml

[2012.07.31 11:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.23 20:07:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2012.09.30 20:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.01 20:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.30 20:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.11 15:02:48 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012.10.11 15:00:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012.10.11 14:11:46 | 000,000,000 | ---D | C] -- C:\FRST

[2012.10.11 12:01:48 | 004,765,263 | R--- | C] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe

[2012.10.11 08:50:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.10.11 08:50:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.10.11 08:50:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.10.11 08:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.11 08:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.10.11 07:54:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe

[2012.10.10 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes

[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.10 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.10 09:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.10.10 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.10.09 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

[2012.10.08 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

[2012.10.08 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

[2012.10.07 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

[2012.10.07 09:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

[2012.10.06 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

[2012.10.05 17:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

[2012.10.04 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

[2012.10.03 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

[2012.10.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

[2012.10.02 08:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

[2012.10.01 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

[2012.09.30 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

[2012.09.30 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

[2012.09.27 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

[2012.09.26 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

[2012.09.25 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

[2012.09.24 23:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

[2012.09.24 11:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

[2012.09.23 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

[2012.09.20 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

[2012.09.19 20:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

[2012.09.18 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

[2012.09.18 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

[2012.09.17 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

[2012.09.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

[2012.09.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

[2012.09.14 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}

[2012.09.13 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}

[2012.09.12 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C4762D1D-D095-4ED4-8A2F-622AC57A7774}

[2012.09.12 08:30:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C9091C8-E2EA-4101-B026-9679FD3DD3D0}

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.11 16:01:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.11 15:02:39 | 000,693,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.11 15:02:39 | 000,661,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.11 15:02:39 | 000,150,490 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.11 15:02:39 | 000,128,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.11 14:58:01 | 000,022,584 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2012.10.11 14:54:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.11 14:54:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.11 14:54:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.11 14:54:46 | 3220,299,776 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.11 13:59:16 | 000,000,973 | ---- | M] () -- C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk

[2012.10.11 12:01:30 | 004,765,263 | R--- | M] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe

[2012.10.11 10:32:16 | 000,001,356 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat

[2012.10.11 07:54:15 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe

[2012.10.10 10:29:02 | 239,283,638 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.10.10 10:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable

[2012.10.10 09:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.10 09:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.10.07 17:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.10.11 14:54:46 | 3220,299,776 | -HS- | C] () -- C:\hiberfil.sys

[2012.10.11 13:59:16 | 000,000,973 | ---- | C] () -- C:\Users\media\Desktop\Continue Download Accelerator Installation.lnk

[2012.10.11 08:50:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.10.11 08:50:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.10.11 08:50:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.10.11 08:50:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.10.11 08:50:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.10.10 10:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable

[2012.10.10 09:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.07 17:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf

[2011.07.14 13:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.07.27 18:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat

[2010.05.25 16:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat

[2009.03.21 18:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.09.20 12:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2010.05.09 16:01:14 | 000,000,000 | -HSD | M] -- C:\Users\media\AppData\Roaming\.#

[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console

[2010.05.05 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient

[2008.10.02 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games

[2008.09.11 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi

[2008.10.03 16:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames

[2011.11.28 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto

[2012.10.04 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express

[2008.09.29 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst

[2008.12.17 15:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache

[2011.12.03 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion

[2012.01.20 13:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity

[2010.08.22 12:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch

 
 ========== Purity Check ==========

 

 

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB26798$] ->  -> Unknown point type

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
 

< End of report >

TDSSKiller:

Code:

16:35:17.0646 5432  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

16:35:17.0849 5432  ============================================================

16:35:17.0849 5432  Current date / time: 2012/10/11 16:35:17.0849

16:35:17.0849 5432  SystemInfo:

16:35:17.0849 5432  

16:35:17.0849 5432  OS Version: 6.0.6002 ServicePack: 2.0

16:35:17.0849 5432  Product type: Workstation

16:35:17.0849 5432  ComputerName: MEDIA-PC

16:35:17.0849 5432  UserName: media

16:35:17.0849 5432  Windows directory: C:\Windows

16:35:17.0849 5432  System windows directory: C:\Windows

16:35:17.0849 5432  Processor architecture: Intel x86

16:35:17.0849 5432  Number of processors: 4

16:35:17.0849 5432  Page size: 0x1000

16:35:17.0849 5432  Boot type: Normal boot

16:35:17.0849 5432  ============================================================

16:35:18.0208 5432  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:35:18.0239 5432  Drive \Device\Harddisk5\DR5 - Size: 0x1EE000000 (7.72 Gb), SectorSize: 0x200, Cylinders: 0x3EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:35:18.0239 5432  ============================================================

16:35:18.0239 5432  \Device\Harddisk0\DR0:

16:35:18.0239 5432  MBR partitions:

16:35:18.0239 5432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000

16:35:18.0239 5432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800

16:35:18.0239 5432  \Device\Harddisk5\DR5:

16:35:18.0239 5432  MBR partitions:

16:35:18.0239 5432  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xF6FFC0

16:35:18.0239 5432  ============================================================

16:35:18.0270 5432  C: <-> \Device\Harddisk0\DR0\Partition1

16:35:18.0301 5432  D: <-> \Device\Harddisk0\DR0\Partition2

16:35:18.0301 5432  ============================================================

16:35:18.0301 5432  Initialize success

16:35:18.0301 5432  ============================================================

16:35:24.0713 5864  ============================================================

16:35:24.0713 5864  Scan started

16:35:24.0713 5864  Mode: Manual; 

16:35:24.0713 5864  ============================================================

16:35:25.0040 5864  ================ Scan system memory ========================

16:35:25.0040 5864  System memory - ok

16:35:25.0040 5864  ================ Scan services =============================

16:35:25.0150 5864  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

16:35:25.0150 5864  Acer HomeMedia Connect Service - ok

16:35:25.0181 5864  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

16:35:25.0181 5864  AcerMemUsageCheckService - ok

16:35:25.0789 5864  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

16:35:25.0789 5864  ACPI - ok

16:35:25.0820 5864  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:35:25.0836 5864  AdobeFlashPlayerUpdateSvc - ok

16:35:25.0867 5864  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

16:35:25.0867 5864  adp94xx - ok

16:35:25.0883 5864  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

16:35:25.0914 5864  adpahci - ok

16:35:25.0945 5864  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

16:35:25.0945 5864  adpu160m - ok

16:35:25.0961 5864  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

16:35:25.0961 5864  adpu320 - ok

16:35:25.0992 5864  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

16:35:25.0992 5864  AeLookupSvc - ok

16:35:26.0039 5864  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

16:35:26.0039 5864  AFD - ok

16:35:26.0054 5864  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

16:35:26.0054 5864  agp440 - ok

16:35:26.0070 5864  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

16:35:26.0070 5864  aic78xx - ok

16:35:26.0086 5864  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

16:35:26.0086 5864  ALG - ok

16:35:26.0101 5864  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

16:35:26.0101 5864  aliide - ok

16:35:26.0117 5864  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

16:35:26.0117 5864  amdagp - ok

16:35:26.0132 5864  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

16:35:26.0132 5864  amdide - ok

16:35:26.0148 5864  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

16:35:26.0148 5864  AmdK7 - ok

16:35:26.0164 5864  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

16:35:26.0164 5864  AmdK8 - ok

16:35:26.0195 5864  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

16:35:26.0195 5864  Appinfo - ok

16:35:26.0210 5864  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

16:35:26.0210 5864  arc - ok

16:35:26.0242 5864  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

16:35:26.0242 5864  arcsas - ok

16:35:26.0273 5864  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

16:35:26.0288 5864  AsyncMac - ok

16:35:26.0320 5864  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

16:35:26.0320 5864  atapi - ok

16:35:26.0351 5864  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:35:26.0351 5864  AudioEndpointBuilder - ok

16:35:26.0366 5864  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

16:35:26.0366 5864  Audiosrv - ok

16:35:26.0444 5864  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE

16:35:26.0460 5864  BBSvc - ok

16:35:26.0507 5864  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

16:35:26.0522 5864  BcmSqlStartupSvc - ok

16:35:26.0522 5864  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

16:35:26.0522 5864  Beep - ok

16:35:26.0569 5864  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

16:35:26.0569 5864  BFE - ok

16:35:26.0616 5864  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

16:35:26.0616 5864  BITS - ok

16:35:26.0647 5864  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

16:35:26.0663 5864  blbdrive - ok

16:35:26.0678 5864  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

16:35:26.0678 5864  bowser - ok

16:35:26.0694 5864  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

16:35:26.0694 5864  BrFiltLo - ok

16:35:26.0710 5864  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

16:35:26.0710 5864  BrFiltUp - ok

16:35:26.0725 5864  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

16:35:26.0741 5864  Browser - ok

16:35:26.0741 5864  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

16:35:26.0741 5864  Brserid - ok

16:35:26.0756 5864  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

16:35:26.0772 5864  BrSerWdm - ok

16:35:26.0772 5864  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

16:35:26.0788 5864  BrUsbMdm - ok

16:35:26.0788 5864  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

16:35:26.0788 5864  BrUsbSer - ok

16:35:26.0803 5864  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

16:35:26.0803 5864  BTHMODEM - ok

16:35:26.0990 5864  catchme - ok

16:35:27.0115 5864  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

16:35:27.0115 5864  cdfs - ok

16:35:27.0131 5864  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

16:35:27.0131 5864  cdrom - ok

16:35:27.0162 5864  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

16:35:27.0162 5864  CertPropSvc - ok

16:35:27.0178 5864  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

16:35:27.0178 5864  circlass - ok

16:35:27.0209 5864  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

16:35:27.0224 5864  CLFS - ok

16:35:27.0271 5864  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:35:27.0271 5864  clr_optimization_v2.0.50727_32 - ok

16:35:27.0334 5864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:35:27.0334 5864  clr_optimization_v4.0.30319_32 - ok

16:35:27.0349 5864  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

16:35:27.0349 5864  cmdide - ok

16:35:27.0365 5864  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

16:35:27.0365 5864  Compbatt - ok

16:35:27.0380 5864  COMSysApp - ok

16:35:27.0380 5864  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

16:35:27.0380 5864  crcdisk - ok

16:35:27.0396 5864  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

16:35:27.0396 5864  Crusoe - ok

16:35:27.0427 5864  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

16:35:27.0427 5864  CryptSvc - ok

16:35:27.0458 5864  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys

16:35:27.0458 5864  CVirtA - ok

16:35:27.0568 5864  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

16:35:27.0583 5864  CVPND - ok

16:35:27.0614 5864  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys

16:35:27.0614 5864  CVPNDRVA - ok

16:35:27.0646 5864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

16:35:27.0661 5864  DcomLaunch - ok

16:35:27.0708 5864  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

16:35:27.0708 5864  DfsC - ok

16:35:27.0770 5864  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

16:35:27.0802 5864  DFSR - ok

16:35:27.0833 5864  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

16:35:27.0833 5864  Dhcp - ok

16:35:27.0864 5864  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

16:35:27.0864 5864  disk - ok

16:35:27.0895 5864  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys

16:35:27.0895 5864  DNE - ok

16:35:27.0942 5864  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

16:35:27.0942 5864  Dnscache - ok

16:35:27.0973 5864  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

16:35:27.0973 5864  dot3svc - ok

16:35:28.0004 5864  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

16:35:28.0020 5864  Dot4 - ok

16:35:28.0036 5864  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:35:28.0036 5864  Dot4Print - ok

16:35:28.0051 5864  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

16:35:28.0051 5864  dot4usb - ok

16:35:28.0082 5864  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

16:35:28.0082 5864  DPS - ok

16:35:28.0098 5864  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

16:35:28.0098 5864  drmkaud - ok

16:35:28.0129 5864  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

16:35:28.0145 5864  DXGKrnl - ok

16:35:28.0160 5864  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

16:35:28.0160 5864  E1G60 - ok

16:35:28.0192 5864  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

16:35:28.0192 5864  EapHost - ok

16:35:28.0238 5864  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

16:35:28.0238 5864  Ecache - ok

16:35:28.0270 5864  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

16:35:28.0270 5864  eDataSecurity Service - ok

16:35:28.0301 5864  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

16:35:28.0316 5864  ehRecvr - ok

16:35:28.0348 5864  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

16:35:28.0348 5864  ehSched - ok

16:35:28.0348 5864  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

16:35:28.0348 5864  ehstart - ok

16:35:28.0379 5864  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

16:35:28.0379 5864  elxstor - ok

16:35:28.0410 5864  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

16:35:28.0426 5864  EMDMgmt - ok

16:35:28.0472 5864  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

16:35:28.0472 5864  eRecoveryService - ok

16:35:28.0488 5864  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

16:35:28.0504 5864  ErrDev - ok

16:35:28.0550 5864  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

16:35:28.0550 5864  eSettingsService - ok

16:35:28.0582 5864  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

16:35:28.0582 5864  EventSystem - ok

16:35:28.0613 5864  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

16:35:28.0613 5864  exfat - ok

16:35:28.0644 5864  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

16:35:28.0644 5864  fastfat - ok

16:35:28.0660 5864  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

16:35:28.0660 5864  fdc - ok

16:35:28.0675 5864  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

16:35:28.0675 5864  fdPHost - ok

16:35:28.0691 5864  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

16:35:28.0691 5864  FDResPub - ok

16:35:28.0706 5864  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

16:35:28.0706 5864  FileInfo - ok

16:35:28.0722 5864  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

16:35:28.0722 5864  Filetrace - ok

16:35:28.0722 5864  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

16:35:28.0722 5864  flpydisk - ok

16:35:28.0769 5864  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

16:35:28.0769 5864  FltMgr - ok

16:35:28.0816 5864  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

16:35:28.0816 5864  FontCache - ok

16:35:28.0878 5864  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:35:28.0878 5864  FontCache3.0.0.0 - ok

16:35:28.0909 5864  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys

16:35:28.0909 5864  fssfltr - ok

16:35:29.0003 5864  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe

16:35:29.0034 5864  fsssvc - ok

16:35:29.0065 5864  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

16:35:29.0065 5864  Fs_Rec - ok

16:35:29.0081 5864  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

16:35:29.0081 5864  gagp30kx - ok

16:35:29.0112 5864  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

16:35:29.0112 5864  gpsvc - ok

16:35:29.0143 5864  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:35:29.0143 5864  HdAudAddService - ok

16:35:29.0190 5864  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

16:35:29.0190 5864  HDAudBus - ok

16:35:29.0206 5864  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

16:35:29.0206 5864  HidBth - ok

16:35:29.0221 5864  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

16:35:29.0221 5864  HidIr - ok

16:35:29.0252 5864  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll

16:35:29.0252 5864  hidserv - ok

16:35:29.0268 5864  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

16:35:29.0268 5864  HidUsb - ok

16:35:29.0299 5864  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

16:35:29.0299 5864  hkmsvc - ok

16:35:29.0315 5864  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

16:35:29.0315 5864  HpCISSs - ok

16:35:29.0424 5864  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

16:35:29.0424 5864  hpqcxs08 - ok

16:35:29.0424 5864  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

16:35:29.0424 5864  hpqddsvc - ok

16:35:29.0455 5864  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

16:35:29.0471 5864  HTTP - ok

16:35:29.0486 5864  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

16:35:29.0486 5864  i2omp - ok

16:35:29.0502 5864  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

16:35:29.0502 5864  i8042prt - ok

16:35:29.0533 5864  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys

16:35:29.0533 5864  iaStor - ok

16:35:29.0549 5864  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

16:35:29.0549 5864  iaStorV - ok

16:35:29.0642 5864  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

16:35:29.0642 5864  IDriverT - ok

16:35:29.0689 5864  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:35:29.0689 5864  idsvc - ok

16:35:29.0736 5864  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

16:35:29.0736 5864  iirsp - ok

16:35:29.0767 5864  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

16:35:29.0783 5864  IKEEXT - ok

16:35:29.0814 5864  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys

16:35:29.0814 5864  int15 - ok

16:35:29.0861 5864  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

16:35:29.0908 5864  IntcAzAudAddService - ok

16:35:29.0923 5864  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

16:35:29.0923 5864  intelide - ok

16:35:29.0939 5864  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

16:35:29.0939 5864  intelppm - ok

16:35:29.0954 5864  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

16:35:29.0954 5864  IPBusEnum - ok

16:35:29.0970 5864  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:35:29.0970 5864  IpFilterDriver - ok

16:35:29.0970 5864  IpInIp - ok

16:35:30.0001 5864  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

16:35:30.0001 5864  IPMIDRV - ok

16:35:30.0017 5864  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

16:35:30.0032 5864  IPNAT - ok

16:35:30.0048 5864  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

16:35:30.0048 5864  IRENUM - ok

16:35:30.0064 5864  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

16:35:30.0064 5864  isapnp - ok

16:35:30.0095 5864  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

16:35:30.0095 5864  iScsiPrt - ok

16:35:30.0110 5864  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

16:35:30.0110 5864  iteatapi - ok

16:35:30.0142 5864  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

16:35:30.0142 5864  iteraid - ok

16:35:30.0157 5864  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

16:35:30.0157 5864  kbdclass - ok

16:35:30.0188 5864  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

16:35:30.0188 5864  kbdhid - ok

16:35:30.0204 5864  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

16:35:30.0204 5864  KeyIso - ok

16:35:30.0251 5864  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

16:35:30.0251 5864  KSecDD - ok

16:35:30.0282 5864  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

16:35:30.0282 5864  KtmRm - ok

16:35:30.0313 5864  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll

16:35:30.0313 5864  LanmanServer - ok

16:35:30.0360 5864  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:35:30.0360 5864  LanmanWorkstation - ok

16:35:30.0391 5864  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

16:35:30.0391 5864  LightScribeService - ok

16:35:30.0407 5864  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

16:35:30.0407 5864  lltdio - ok

16:35:30.0422 5864  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

16:35:30.0422 5864  lltdsvc - ok

16:35:30.0438 5864  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

16:35:30.0438 5864  lmhosts - ok

16:35:30.0454 5864  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

16:35:30.0454 5864  LSI_FC - ok

16:35:30.0469 5864  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

16:35:30.0469 5864  LSI_SAS - ok

16:35:30.0500 5864  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

16:35:30.0500 5864  LSI_SCSI - ok

16:35:30.0516 5864  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

16:35:30.0516 5864  luafv - ok

16:35:30.0547 5864  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

16:35:30.0547 5864  MBAMProtector - ok

16:35:30.0594 5864  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:35:30.0610 5864  MBAMScheduler - ok

16:35:30.0625 5864  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:35:30.0641 5864  MBAMService - ok

16:35:30.0719 5864  [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

16:35:30.0719 5864  McAfee SiteAdvisor Service - ok

16:35:30.0766 5864  [ CB3A8976DE2F65349322DA7627CEA223 ] mcmscsvc        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

16:35:30.0766 5864  mcmscsvc - ok

16:35:30.0875 5864  [ C69E71E00B30B60556D3E096699BD423 ] McNASvc         c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

16:35:30.0890 5864  McNASvc - ok

16:35:30.0953 5864  [ 21456F3051CBEFD1F2D60D8B9AB9C6EE ] McODS           C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

16:35:30.0953 5864  McODS - ok

16:35:30.0968 5864  [ 8CF3DA0BE6094C34D7C4A85493E60547 ] McProxy         c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

16:35:30.0968 5864  McProxy - ok

16:35:30.0984 5864  [ 33734ABFA52EC8D096A1254D645E9B4F ] McShield        C:\Program Files\McAfee\VirusScan\McShield.exe

16:35:30.0984 5864  McShield - ok

16:35:31.0015 5864  [ FD47DF2BCC3544DF65B01AD6B6062430 ] McSysmon        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

16:35:31.0015 5864  McSysmon - ok

16:35:31.0046 5864  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

16:35:31.0046 5864  Mcx2Svc - ok

16:35:31.0078 5864  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

16:35:31.0078 5864  megasas - ok

16:35:31.0109 5864  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

16:35:31.0109 5864  MegaSR - ok

16:35:31.0124 5864  [ C97CBFD71C1C215150A3B3E55F77A7A3 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys

16:35:31.0124 5864  mfeavfk - ok

16:35:31.0140 5864  [ 5447338B83A1A2354FB2FEA7604387FD ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys

16:35:31.0140 5864  mfebopk - ok

16:35:31.0171 5864  [ 6C9A6ED60B8FC3BAF72FE1B1D096445B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys

16:35:31.0171 5864  mfehidk - ok

16:35:31.0187 5864  [ A551154B51D6A93FCCF70FC4E8EAF4BD ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys

16:35:31.0187 5864  mferkdk - ok

16:35:31.0202 5864  [ 299A86B780C9627AAA24E74292363ED2 ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys

16:35:31.0202 5864  mfesmfk - ok

16:35:31.0249 5864  Microsoft SharePoint Workspace Audit Service - ok

16:35:31.0265 5864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

16:35:31.0265 5864  MMCSS - ok

16:35:31.0280 5864  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

16:35:31.0280 5864  Modem - ok

16:35:31.0280 5864  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

16:35:31.0296 5864  monitor - ok

16:35:31.0343 5864  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

16:35:31.0343 5864  mouclass - ok

16:35:31.0358 5864  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

16:35:31.0358 5864  mouhid - ok

16:35:31.0374 5864  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

16:35:31.0374 5864  MountMgr - ok

16:35:31.0405 5864  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

16:35:31.0421 5864  MozillaMaintenance - ok

16:35:31.0436 5864  [ 96CF5286BC370B558735A7B891232D92 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys

16:35:31.0436 5864  MPFP - ok

16:35:31.0468 5864  [ 346F30F1FF73553AA466F4AE7948DA00 ] MpfService      C:\Program Files\McAfee\MPF\MPFSrv.exe

16:35:31.0468 5864  MpfService - ok

16:35:31.0499 5864  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

16:35:31.0499 5864  mpio - ok

16:35:31.0499 5864  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

16:35:31.0514 5864  mpsdrv - ok

16:35:31.0530 5864  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

16:35:31.0530 5864  Mraid35x - ok

16:35:31.0561 5864  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

16:35:31.0561 5864  MRxDAV - ok

16:35:31.0592 5864  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

16:35:31.0592 5864  mrxsmb - ok

16:35:31.0608 5864  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:35:31.0608 5864  mrxsmb10 - ok

16:35:31.0624 5864  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:35:31.0624 5864  mrxsmb20 - ok

16:35:31.0639 5864  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

16:35:31.0639 5864  msahci - ok

16:35:31.0655 5864  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

16:35:31.0655 5864  msdsm - ok

16:35:31.0670 5864  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

16:35:31.0670 5864  MSDTC - ok

16:35:31.0686 5864  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

16:35:31.0686 5864  Msfs - ok

16:35:31.0717 5864  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

16:35:31.0717 5864  msisadrv - ok

16:35:31.0748 5864  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

16:35:31.0748 5864  MSiSCSI - ok

16:35:31.0748 5864  msiserver - ok

16:35:31.0795 5864  [ A05DE3535884270B8D292DCBDD6DED20 ] MSK80Service    C:\Program Files\McAfee\MSK\MskSrver.exe

16:35:31.0795 5864  MSK80Service - ok

16:35:31.0811 5864  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

16:35:31.0811 5864  MSKSSRV - ok

16:35:31.0842 5864  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

16:35:31.0842 5864  MSPCLOCK - ok

16:35:31.0842 5864  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

16:35:31.0842 5864  MSPQM - ok

16:35:31.0873 5864  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

16:35:31.0873 5864  MsRPC - ok

16:35:31.0889 5864  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

16:35:31.0889 5864  mssmbios - ok

16:35:31.0920 5864  MSSQL$MSSMLBIZ - ok

16:35:31.0998 5864  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

16:35:31.0998 5864  MSSQLServerADHelper100 - ok

16:35:32.0014 5864  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

16:35:32.0014 5864  MSTEE - ok

16:35:32.0014 5864  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

16:35:32.0014 5864  Mup - ok

16:35:32.0060 5864  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

16:35:32.0060 5864  napagent - ok

16:35:32.0107 5864  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

16:35:32.0107 5864  NativeWifiP - ok

16:35:32.0138 5864  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

16:35:32.0138 5864  NDIS - ok

16:35:32.0154 5864  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

16:35:32.0154 5864  NdisTapi - ok

16:35:32.0154 5864  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

16:35:32.0154 5864  Ndisuio - ok

16:35:32.0201 5864  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

16:35:32.0201 5864  NdisWan - ok

16:35:32.0216 5864  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

16:35:32.0216 5864  NDProxy - ok

16:35:32.0232 5864  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

16:35:32.0248 5864  Net Driver HPZ12 - ok

16:35:32.0248 5864  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

16:35:32.0248 5864  NetBIOS - ok

16:35:32.0279 5864  [ 12856F7F1E943F6762A5CA341BE5AC77 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

16:35:32.0279 5864  netbt ( Virus.Win32.ZAccess.g ) - infected

16:35:32.0279 5864  netbt - detected Virus.Win32.ZAccess.g (0)

16:35:32.0279 5864  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

16:35:32.0279 5864  Netlogon - ok

16:35:32.0310 5864  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

16:35:32.0310 5864  Netman - ok

16:35:32.0326 5864  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

16:35:32.0326 5864  netprofm - ok

16:35:32.0357 5864  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:35:32.0357 5864  NetTcpPortSharing - ok

16:35:32.0372 5864  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

16:35:32.0372 5864  nfrd960 - ok

16:35:32.0404 5864  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

16:35:32.0404 5864  NlaSvc - ok

16:35:32.0419 5864  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

16:35:32.0419 5864  Npfs - ok

16:35:32.0419 5864  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

16:35:32.0419 5864  nsi - ok

16:35:32.0450 5864  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

16:35:32.0450 5864  nsiproxy - ok

16:35:32.0497 5864  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

16:35:32.0497 5864  Ntfs - ok

16:35:32.0513 5864  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys

16:35:32.0528 5864  NTIDrvr - ok

16:35:32.0528 5864  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

16:35:32.0528 5864  ntrigdigi - ok

16:35:32.0544 5864  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

16:35:32.0544 5864  Null - ok

16:35:32.0575 5864  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys

16:35:32.0575 5864  NVENETFD - ok

16:35:32.0622 5864  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

16:35:32.0622 5864  NVHDA - ok

16:35:32.0794 5864  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:35:32.0934 5864  nvlddmkm - ok

16:35:32.0965 5864  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

16:35:32.0965 5864  nvraid - ok

16:35:32.0965 5864  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys

16:35:32.0981 5864  nvrd32 - ok

16:35:32.0996 5864  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys

16:35:32.0996 5864  nvsmu - ok

16:35:33.0012 5864  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

16:35:33.0012 5864  nvstor - ok

16:35:33.0012 5864  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys

16:35:33.0012 5864  nvstor32 - ok

16:35:33.0043 5864  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe

16:35:33.0043 5864  nvsvc - ok

16:35:33.0059 5864  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

16:35:33.0074 5864  nv_agp - ok

16:35:33.0074 5864  NwlnkFlt - ok

16:35:33.0074 5864  NwlnkFwd - ok

16:35:33.0121 5864  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

16:35:33.0121 5864  ohci1394 - ok

16:35:33.0168 5864  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:35:33.0168 5864  ose - ok

16:35:33.0308 5864  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:35:33.0340 5864  osppsvc - ok

16:35:33.0371 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

16:35:33.0371 5864  p2pimsvc - ok

16:35:33.0386 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

16:35:33.0402 5864  p2psvc - ok

16:35:33.0418 5864  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

16:35:33.0418 5864  Parport - ok

16:35:33.0449 5864  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

16:35:33.0449 5864  partmgr - ok

16:35:33.0464 5864  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

16:35:33.0464 5864  Parvdm - ok

16:35:33.0464 5864  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

16:35:33.0480 5864  PcaSvc - ok

16:35:33.0496 5864  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

16:35:33.0511 5864  pci - ok

16:35:33.0511 5864  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys

16:35:33.0511 5864  pciide - ok

16:35:33.0542 5864  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

16:35:33.0542 5864  pcmcia - ok

16:35:33.0574 5864  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

16:35:33.0574 5864  PEAUTH - ok

16:35:33.0636 5864  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

16:35:33.0667 5864  pla - ok

16:35:33.0698 5864  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

16:35:33.0698 5864  PlugPlay - ok

16:35:33.0730 5864  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

16:35:33.0730 5864  Pml Driver HPZ12 - ok

16:35:33.0745 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

16:35:33.0745 5864  PNRPAutoReg - ok

16:35:33.0761 5864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

16:35:33.0761 5864  PNRPsvc - ok

16:35:33.0792 5864  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

16:35:33.0808 5864  PolicyAgent - ok

16:35:33.0823 5864  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

16:35:33.0823 5864  PptpMiniport - ok

16:35:33.0839 5864  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

16:35:33.0854 5864  Processor - ok

16:35:33.0870 5864  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

16:35:33.0870 5864  ProfSvc - ok

16:35:33.0886 5864  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

16:35:33.0886 5864  ProtectedStorage - ok

16:35:33.0917 5864  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

16:35:33.0917 5864  PSched - ok

16:35:33.0932 5864  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys

16:35:33.0932 5864  PSDFilter - ok

16:35:33.0948 5864  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys

16:35:33.0948 5864  PSDNServ - ok

16:35:33.0948 5864  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys

16:35:33.0948 5864  psdvdisk - ok

16:35:33.0964 5864  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

16:35:33.0979 5864  PxHelp20 - ok

16:35:34.0010 5864  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

16:35:34.0026 5864  ql2300 - ok

16:35:34.0057 5864  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

16:35:34.0057 5864  ql40xx - ok

16:35:34.0073 5864  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

16:35:34.0073 5864  QWAVE - ok

16:35:34.0088 5864  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

16:35:34.0088 5864  QWAVEdrv - ok

16:35:34.0151 5864  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll

16:35:34.0151 5864  RapiMgr - ok

16:35:34.0166 5864  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

16:35:34.0166 5864  RasAcd - ok

16:35:34.0166 5864  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

16:35:34.0182 5864  RasAuto - ok

16:35:34.0182 5864  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

16:35:34.0198 5864  Rasl2tp - ok

16:35:34.0229 5864  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

16:35:34.0229 5864  RasMan - ok

16:35:34.0260 5864  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

16:35:34.0260 5864  RasPppoe - ok

16:35:34.0291 5864  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

16:35:34.0291 5864  RasSstp - ok

16:35:34.0322 5864  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

16:35:34.0322 5864  rdbss - ok

16:35:34.0322 5864  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

16:35:34.0338 5864  RDPCDD - ok

16:35:34.0354 5864  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

16:35:34.0354 5864  rdpdr - ok

16:35:34.0354 5864  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

16:35:34.0354 5864  RDPENCDD - ok

16:35:34.0385 5864  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

16:35:34.0385 5864  RDPWD - ok

16:35:34.0416 5864  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

16:35:34.0416 5864  RemoteAccess - ok

16:35:34.0447 5864  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

16:35:34.0447 5864  RemoteRegistry - ok

16:35:34.0494 5864  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe

16:35:34.0494 5864  RichVideo - ok

16:35:34.0525 5864  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys

16:35:34.0525 5864  RimUsb - ok

16:35:34.0556 5864  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys

16:35:34.0572 5864  RimVSerPort - ok

16:35:34.0572 5864  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys

16:35:34.0588 5864  ROOTMODEM - ok

16:35:34.0634 5864  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

16:35:34.0634 5864  Roxio UPnP Renderer 9 - ok

16:35:34.0666 5864  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

16:35:34.0666 5864  Roxio Upnp Server 9 - ok

16:35:34.0697 5864  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

16:35:34.0697 5864  RoxLiveShare9 - ok

16:35:34.0744 5864  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

16:35:34.0775 5864  RoxMediaDB9 - ok

16:35:34.0790 5864  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

16:35:34.0790 5864  RoxWatch9 - ok

16:35:34.0806 5864  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

16:35:34.0806 5864  RpcLocator - ok

16:35:34.0837 5864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

16:35:34.0853 5864  RpcSs - ok

16:35:34.0884 5864  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

16:35:34.0884 5864  RsFx0103 - ok

16:35:34.0900 5864  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

16:35:34.0900 5864  rspndr - ok

16:35:34.0915 5864  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

16:35:34.0915 5864  SamSs - ok

16:35:34.0931 5864  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

16:35:34.0931 5864  sbp2port - ok

16:35:34.0962 5864  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

16:35:34.0962 5864  SCardSvr - ok

16:35:34.0993 5864  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

16:35:34.0993 5864  Schedule - ok

16:35:35.0024 5864  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

16:35:35.0040 5864  SCPolicySvc - ok

16:35:35.0056 5864  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

16:35:35.0056 5864  SDRSVC - ok

16:35:35.0134 5864  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE

16:35:35.0134 5864  SeaPort - ok

16:35:35.0149 5864  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

16:35:35.0149 5864  secdrv - ok

16:35:35.0165 5864  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

16:35:35.0165 5864  seclogon - ok

16:35:35.0180 5864  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

16:35:35.0180 5864  SENS - ok

16:35:35.0196 5864  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

16:35:35.0196 5864  Serenum - ok

16:35:35.0212 5864  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

16:35:35.0212 5864  Serial - ok

16:35:35.0227 5864  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

16:35:35.0227 5864  sermouse - ok

16:35:35.0243 5864  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

16:35:35.0243 5864  SessionEnv - ok

16:35:35.0258 5864  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

16:35:35.0274 5864  sffdisk - ok

16:35:35.0274 5864  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

16:35:35.0274 5864  sffp_mmc - ok

16:35:35.0290 5864  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

16:35:35.0290 5864  sffp_sd - ok

16:35:35.0305 5864  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

16:35:35.0305 5864  sfloppy - ok

16:35:35.0321 5864  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

16:35:35.0321 5864  SharedAccess - ok

16:35:35.0352 5864  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:35:35.0352 5864  ShellHWDetection - ok

16:35:35.0368 5864  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

16:35:35.0368 5864  sisagp - ok

16:35:35.0383 5864  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

16:35:35.0383 5864  SiSRaid2 - ok

16:35:35.0399 5864  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

16:35:35.0399 5864  SiSRaid4 - ok

16:35:35.0446 5864  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

16:35:35.0446 5864  SkypeUpdate - ok

16:35:35.0539 5864  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

16:35:35.0586 5864  slsvc - ok

16:35:35.0602 5864  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

16:35:35.0617 5864  SLUINotify - ok

16:35:35.0648 5864  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

16:35:35.0664 5864  Smb - ok

16:35:35.0664 5864  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

16:35:35.0680 5864  SNMPTRAP - ok

16:35:35.0680 5864  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

16:35:35.0680 5864  spldr - ok

16:35:35.0711 5864  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

16:35:35.0711 5864  Spooler - ok

16:35:35.0758 5864  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE

16:35:35.0758 5864  SQLAgent$MSSMLBIZ - ok

16:35:35.0804 5864  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:35:35.0804 5864  SQLBrowser - ok

16:35:35.0836 5864  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:35:35.0836 5864  SQLWriter - ok

16:35:35.0867 5864  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

16:35:35.0867 5864  srv - ok

16:35:35.0898 5864  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

16:35:35.0898 5864  srv2 - ok

16:35:35.0929 5864  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

16:35:35.0929 5864  srvnet - ok

16:35:35.0960 5864  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

16:35:35.0960 5864  SSDPSRV - ok

16:35:35.0976 5864  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

16:35:35.0976 5864  SstpSvc - ok

16:35:36.0023 5864  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

16:35:36.0023 5864  stisvc - ok

16:35:36.0038 5864  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

16:35:36.0038 5864  swenum - ok

16:35:36.0070 5864  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

16:35:36.0085 5864  swprv - ok

16:35:36.0085 5864  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

16:35:36.0085 5864  Symc8xx - ok

16:35:36.0101 5864  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

16:35:36.0101 5864  Sym_hi - ok

16:35:36.0116 5864  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

16:35:36.0116 5864  Sym_u3 - ok

16:35:36.0148 5864  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

16:35:36.0163 5864  SysMain - ok

16:35:36.0179 5864  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:35:36.0179 5864  TabletInputService - ok

16:35:36.0210 5864  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

16:35:36.0210 5864  TapiSrv - ok

16:35:36.0226 5864  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

16:35:36.0226 5864  TBS - ok

16:35:36.0272 5864  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

16:35:36.0272 5864  Tcpip - ok

16:35:36.0319 5864  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

16:35:36.0319 5864  Tcpip6 - ok

16:35:36.0350 5864  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

16:35:36.0350 5864  tcpipreg - ok

16:35:36.0366 5864  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

16:35:36.0397 5864  TDPIPE - ok

16:35:36.0397 5864  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

16:35:36.0397 5864  TDTCP - ok

16:35:36.0444 5864  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

16:35:36.0444 5864  tdx - ok

16:35:36.0444 5864  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

16:35:36.0460 5864  TermDD - ok

16:35:36.0475 5864  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

16:35:36.0475 5864  TermService - ok

16:35:36.0491 5864  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

16:35:36.0491 5864  Themes - ok

16:35:36.0506 5864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

16:35:36.0506 5864  THREADORDER - ok

16:35:36.0522 5864  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

16:35:36.0522 5864  TrkWks - ok

16:35:36.0569 5864  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:35:36.0569 5864  TrustedInstaller - ok

16:35:36.0584 5864  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

16:35:36.0584 5864  tssecsrv - ok

16:35:36.0600 5864  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

16:35:36.0600 5864  tunmp - ok

16:35:36.0616 5864  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

16:35:36.0616 5864  tunnel - ok

16:35:36.0647 5864  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys

16:35:36.0647 5864  tvicport - ok

16:35:36.0662 5864  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

16:35:36.0662 5864  uagp35 - ok

16:35:36.0678 5864  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

16:35:36.0678 5864  udfs - ok

16:35:36.0694 5864  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

16:35:36.0709 5864  UI0Detect - ok

16:35:36.0725 5864  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

16:35:36.0725 5864  uliagpkx - ok

16:35:36.0740 5864  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

16:35:36.0740 5864  uliahci - ok

16:35:36.0756 5864  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

16:35:36.0756 5864  UlSata - ok

16:35:36.0772 5864  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

16:35:36.0772 5864  ulsata2 - ok

16:35:36.0787 5864  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

16:35:36.0787 5864  umbus - ok

16:35:36.0803 5864  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

16:35:36.0803 5864  upnphost - ok

16:35:36.0834 5864  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys

16:35:36.0850 5864  usbaudio - ok

16:35:36.0865 5864  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

16:35:36.0865 5864  usbccgp - ok

16:35:36.0881 5864  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

16:35:36.0881 5864  usbcir - ok

16:35:36.0912 5864  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

16:35:36.0912 5864  usbehci - ok

16:35:36.0928 5864  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

16:35:36.0943 5864  usbhub - ok

16:35:36.0943 5864  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

16:35:36.0943 5864  usbohci - ok

16:35:36.0959 5864  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

16:35:36.0959 5864  usbprint - ok

16:35:36.0974 5864  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

16:35:36.0974 5864  usbscan - ok

16:35:36.0974 5864  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:35:36.0974 5864  USBSTOR - ok

16:35:37.0021 5864  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

16:35:37.0021 5864  usbuhci - ok

16:35:37.0052 5864  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys

16:35:37.0052 5864  USB_RNDIS - ok

16:35:37.0068 5864  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

16:35:37.0068 5864  UxSms - ok

16:35:37.0115 5864  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

16:35:37.0115 5864  vds - ok

16:35:37.0162 5864  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

16:35:37.0162 5864  vga - ok

16:35:37.0162 5864  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

16:35:37.0162 5864  VgaSave - ok

16:35:37.0193 5864  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

16:35:37.0193 5864  viaagp - ok

16:35:37.0193 5864  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

16:35:37.0193 5864  ViaC7 - ok

16:35:37.0208 5864  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

16:35:37.0208 5864  viaide - ok

16:35:37.0208 5864  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

16:35:37.0208 5864  volmgr - ok

16:35:37.0240 5864  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

16:35:37.0240 5864  volmgrx - ok

16:35:37.0271 5864  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

16:35:37.0271 5864  volsnap - ok

16:35:37.0286 5864  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

16:35:37.0286 5864  vsmraid - ok

16:35:37.0318 5864  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

16:35:37.0333 5864  VSS - ok

16:35:37.0349 5864  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

16:35:37.0349 5864  W32Time - ok

16:35:37.0364 5864  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

16:35:37.0364 5864  WacomPen - ok

16:35:37.0380 5864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

16:35:37.0380 5864  Wanarp - ok

16:35:37.0380 5864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

16:35:37.0380 5864  Wanarpv6 - ok

16:35:37.0411 5864  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll

16:35:37.0411 5864  WcesComm - ok

16:35:37.0442 5864  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

16:35:37.0442 5864  wcncsvc - ok

16:35:37.0474 5864  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:35:37.0474 5864  WcsPlugInService - ok

16:35:37.0489 5864  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

16:35:37.0489 5864  Wd - ok

16:35:37.0505 5864  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

16:35:37.0505 5864  Wdf01000 - ok

16:35:37.0505 5864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

16:35:37.0505 5864  WdiServiceHost - ok

16:35:37.0520 5864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

16:35:37.0520 5864  WdiSystemHost - ok

16:35:37.0552 5864  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

16:35:37.0552 5864  WebClient - ok

16:35:37.0583 5864  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

16:35:37.0583 5864  Wecsvc - ok

16:35:37.0598 5864  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

16:35:37.0598 5864  wercplsupport - ok

16:35:37.0614 5864  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

16:35:37.0614 5864  WerSvc - ok

16:35:37.0645 5864  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

16:35:37.0645 5864  WinDefend - ok

16:35:37.0645 5864  WinHttpAutoProxySvc - ok

16:35:37.0676 5864  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

16:35:37.0676 5864  Winmgmt - ok

16:35:37.0739 5864  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

16:35:37.0754 5864  WinRM - ok

16:35:37.0801 5864  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys

16:35:37.0801 5864  winusb - ok

16:35:37.0832 5864  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

16:35:37.0848 5864  Wlansvc - ok

16:35:37.0895 5864  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:35:37.0895 5864  wlcrasvc - ok

16:35:37.0957 5864  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:35:37.0973 5864  wlidsvc - ok

16:35:37.0988 5864  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

16:35:37.0988 5864  WmiAcpi - ok

16:35:38.0020 5864  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

16:35:38.0020 5864  wmiApSrv - ok

16:35:38.0051 5864  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

16:35:38.0066 5864  WMPNetworkSvc - ok

16:35:38.0066 5864  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

16:35:38.0066 5864  WPCSvc - ok

16:35:38.0098 5864  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

16:35:38.0098 5864  WPDBusEnum - ok

16:35:38.0191 5864  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:35:38.0191 5864  WPFFontCache_v0400 - ok

16:35:38.0222 5864  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

16:35:38.0222 5864  ws2ifsl - ok

16:35:38.0269 5864  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll

16:35:38.0269 5864  wscsvc - ok

16:35:38.0269 5864  WSearch - ok

16:35:38.0332 5864  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

16:35:38.0363 5864  wuauserv - ok

16:35:38.0378 5864  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

16:35:38.0378 5864  WUDFRd - ok

16:35:38.0410 5864  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

16:35:38.0410 5864  wudfsvc - ok

16:35:38.0410 5864  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys

16:35:38.0410 5864  zntport - ok

16:35:38.0425 5864  ================ Scan global ===============================

16:35:38.0441 5864  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

16:35:38.0472 5864  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

16:35:38.0503 5864  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

16:35:38.0534 5864  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

16:35:38.0534 5864  [Global] - ok

16:35:38.0534 5864  ================ Scan MBR ==================================

16:35:38.0550 5864  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0

16:35:40.0594 5864  \Device\Harddisk0\DR0 - ok

16:35:40.0594 5864  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5

16:35:45.0445 5864  \Device\Harddisk5\DR5 - ok

16:35:45.0445 5864  ================ Scan VBR ==================================

16:35:45.0445 5864  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1

16:35:45.0445 5864  \Device\Harddisk0\DR0\Partition1 - ok

16:35:45.0461 5864  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2

16:35:45.0461 5864  \Device\Harddisk0\DR0\Partition2 - ok

16:35:45.0461 5864  [ 8A7B805CE3A7A9BCEAD31B11A223A38B ] \Device\Harddisk5\DR5\Partition1

16:35:45.0461 5864  \Device\Harddisk5\DR5\Partition1 - ok

16:35:45.0461 5864  ============================================================

16:35:45.0461 5864  Scan finished

16:35:45.0461 5864  ============================================================

16:35:45.0476 4740  Detected object count: 1

16:35:45.0476 4740  Actual detected object count: 1

16:35:49.0735 4740  netbt ( Virus.Win32.ZAccess.g ) - skipped by user

16:35:49.0735 4740  netbt ( Virus.Win32.ZAccess.g ) - User select action: Skip

Psychotic

12.10.2012 06:36

Fix mit TDSS-Killer

Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan. Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten. Gehe sicher, dass bei folgenden Einträgen Copy to quarantine ausgewählt ist:
  
  Code:
  
  Virus.Win32.ZAccess.g
3. Drücke Continue --> Reboot.
Das Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Bebilderte Anleitung zur Benutzung von TDSSKiller.

Golderto

12.10.2012 08:30

Hey Marius!

Guten Morgen erstmal und vielen Dank für deine fortlaufende Hilfe!
Der Text vom Log ist zu lange, deshalb hänge ich ihn dir an!

lg

Psychotic

12.10.2012 08:40

Guten Morgen! :)

Dann mach nen weiteren Versuch mit Combofix! :daumenhoc

Golderto

12.10.2012 09:57

Liste der Anhänge anzeigen (Anzahl: 1)

Hm.. irgendwie mag mich das Combofix nicht... gibts da nicht ein anderes Programm? Ich habe irgendwie das Gefühl, dass es mit meinem McAfee zusammenhängt, habe den mit dem Taskmanager geschlossen, aber im Hintergrund laufen immer noch Hintergrunddienste von McAfee, die ich nicht beenden kann...

Habe jetzt schon wieder ca. 50 Minuten das Combofix laufen lassen, und es ist immer derselbe Screen:

Psychotic

12.10.2012 10:12

Deinstalliere McAfee und versuche es erneut!

Golderto

12.10.2012 11:54

Hallo Marius!

Habe McAfee deinstalliert und dann neu gestartet, combofix funktioniert aber wie vorher auch nicht... bzw. der Scan dauert nach ca. 1h weiter an und nichts passiert...

Gibt es nicht noch ein anderes Programm statt combofix, mit dem ich den Virus loswerde?

lg

Psychotic

12.10.2012 12:00

Im abgesicherten Modus funtioniert es auch nicht?

Golderto

12.10.2012 12:02

werde ich jetzt nochmals probieren... hab es aktuell nur im normalen Modus versucht...

Psychotic

12.10.2012 12:04

Gut! Wenn das nicht geht, habe ich natürlich noch andere Ideen!
Kurz nach der Meldung auf deinem letzten Screenshot sollte sich was tun...wenn dem nicht so ist, gib bitte Bescheid!

Golderto

12.10.2012 12:25

... im abgesicherten Modus ist es dasselbe, hab jetzt ca. 20 Minuten gewartet - nichts passiert!

lg

Psychotic

13.10.2012 12:50

Sagte ja eingangs, dass wir da ein richtiges Herzchen mit bei haben! :(

FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Golderto

13.10.2012 14:57

Hey Marius!

Danke für deine Antwort - trotz Wochenende ;)...

Hier die Logdatei:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 6 days old)

Ran by SYSTEM at 13-10-2012 15:52:11

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

2012-09-14 11:24 - 2012-09-14 11:24 - 00000000 ____D C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}

2012-09-13 10:21 - 2012-09-13 10:22 - 00000000 ____D C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-13 05:50 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-13 05:50 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-13 05:48 - 2008-01-20 18:47 - 08202420 ____A C:\Windows\PFRO.log

2012-10-13 05:48 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-13 05:48 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-13 05:47 - 2008-09-03 06:04 - 01269411 ____A C:\Windows\WindowsUpdate.log

2012-10-13 05:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 04:57 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-13 04:52 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-12 11:28 - 2012-07-29 00:47 - 00085504 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-08-31 08:51:25

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3698.67 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3782.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 7     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 4     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-13 04:58
 

==================== End Of Log ============================

Psychotic

15.10.2012 06:51

Gern geschehen!

Suche mit FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Search file(s).
Es öfnet sich ein Fenster, in dem bereits search: steht.
Füge hier folgendes hinzu:

Code:

netbt.sys

Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.

Golderto

15.10.2012 07:07

*Guten Morgen!*

Hier die Logdatei:

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 07:57:57

Running from J:\
 

================== Search: "netbt.sys" ===================
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

[2009-09-16 13:19] - [2009-04-10 20:45] - 0185856 ____A () 12856F7F1E943F6762A5CA341BE5AC77
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys

[2008-01-20 18:24] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

C:\Windows\System32\drivers\netbt.sys

[2009-09-16 13:19] - [2009-04-10 20:45] - 0185856 ____A () 12856F7F1E943F6762A5CA341BE5AC77
 

=== End Of Search ===

Psychotic

15.10.2012 07:13

Sieh mal einer an, der Drecksack hat einen Treiber modifiziert! :wtf: :pfui:

Schritt 1: Fix mit FRST

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

replace:  C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

replace:  C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Starte den Rechner danach neu, boote erneut in die Reparaturumgebung und erstelle ein neues FRST-Log!

Golderto

15.10.2012 07:30

sooo... nun aber weg mit dem Dreck :kloppen:...

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 08:23:37 Run:2

Running from J:\
 

==============================================
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
 

==== End of Fixlog ====

FRST-log:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 15-10-2012 08:25:04

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-13 12:20 - 2012-10-13 12:20 - 00000000 ____D C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

2012-10-13 00:19 - 2012-10-13 00:19 - 00000000 ____D C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2}

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-14 22:21 - 2008-09-03 06:04 - 01475577 ____A C:\Windows\WindowsUpdate.log

2012-10-14 22:21 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-14 22:21 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-14 22:21 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-14 22:21 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-14 22:11 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-14 22:06 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-14 22:03 - 2008-01-20 18:47 - 08204360 ____A C:\Windows\PFRO.log

2012-10-14 13:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 11:49 - 2012-07-29 00:47 - 00086016 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01

Restore point made on: 2012-10-14 07:40:06
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3697.84 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3781.42 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 0     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-14 22:11
 

==================== End Of Log ============================

Psychotic

15.10.2012 07:56

hmmmm....

Suche mit FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Search file(s).
Es öfnet sich ein Fenster, in dem bereits search: steht.
Füge hier folgendes hinzu:

Code:

netbt.sys

Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.

Golderto

15.10.2012 08:16

Search.txt:

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 09:05:06

Running from J:\
 

================== Search: "netbt.sys" ===================
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

[2009-09-16 13:19] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys

[2008-01-20 18:24] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

C:\Windows\System32\drivers\netbt.sys

[2009-09-16 13:19] - [2009-04-10 20:45] - 0185856 ____A () 12856F7F1E943F6762A5CA341BE5AC77
 

C:\FRST\Quarantine\netbt.sys

[2009-09-16 13:19] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

=== End Of Search ===

Psychotic

15.10.2012 08:23

Oh, da hab ich diesmal nen kleinen Fehler gemacht!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

replace: C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys C:\Windows\System32\drivers\netbt.sys

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Anschließend bitte einen Neustart und ein neues FRST-Log. Diesmal siehts gut aus!

Golderto

15.10.2012 08:33

Kein Problem ;)... Bin ja froh, dass ich überhaupt Hilfe bekomme!

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 09:27:01 Run:3

Running from J:\
 

==============================================
 

C:\Windows\System32\drivers\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys copied successfully to C:\Windows\System32\drivers\netbt.sys
 

==== End of Fixlog ====

Frst-log:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 15-10-2012 09:28:21

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-14 06:47 - 2012-10-14 06:47 - 00000000 ____D C:\Users\media\AppData\Local\{C6A3EB50-A185-4214-A79F-87AA08281656}

2012-10-13 12:20 - 2012-10-13 12:20 - 00000000 ____D C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

2012-10-13 00:19 - 2012-10-13 00:19 - 00000000 ____D C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2}

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-14 23:25 - 2008-09-03 06:04 - 01537911 ____A C:\Windows\WindowsUpdate.log

2012-10-14 23:25 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-14 23:25 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-14 23:25 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-14 23:25 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-14 23:20 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-14 23:15 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-14 23:12 - 2008-01-20 18:47 - 08204912 ____A C:\Windows\PFRO.log

2012-10-14 23:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 11:49 - 2012-07-29 00:47 - 00086016 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01

Restore point made on: 2012-10-14 07:40:06
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3697.02 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3782.31 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 0     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-14 23:20
 

==================== End Of Log ============================

Psychotic

15.10.2012 08:39

Starte Windows.
Vergewissere dich, dass Combofix.exe auf dem Desktop liegt.
Drücke die Windows- und die R- Taste gleichzeitig.
Kopiere den Inhalt folgender Codebox in das sich öffnende Fenster:
Code:

combofix /nombr
Klicke OK.
Poste die logdatei hier.

Golderto

15.10.2012 09:00

Hey Marius!...

Wieder das alte Problem - Combofix dauert ewig und kommt zu keinem Ergebnis... es ist der selbe Screen zu sehen, den ich weiter vorne schon mal gepostet habe, und zwar dass es ca. 10 Minuten lang geht... und er nach infizierten Dateien sucht...

was soll ich tun?

lg

Psychotic

15.10.2012 09:14

Ich halte mal Rücksprache...warte bitte.

Golderto

15.10.2012 09:21

dankeschön!

Psychotic

15.10.2012 09:23

OTLPE

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Golderto

15.10.2012 09:45

Hey Marius!

Alles soweit gemacht, jedoch kommt nach dem laden des REATOGO-X-PE Desktop ein BLUESCREEN und ich kann nichts mehr machen, habe jetzt neu gestartet, um dir das zu schreiben...

lg

Psychotic

15.10.2012 10:08

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Golderto

15.10.2012 10:14

Code:

12:13:32.0587 5832  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

12:13:32.0727 5832  ============================================================

12:13:32.0727 5832  Current date / time: 2012/10/15 12:13:32.0727

12:13:32.0727 5832  SystemInfo:

12:13:32.0727 5832  

12:13:32.0727 5832  OS Version: 6.0.6002 ServicePack: 2.0

12:13:32.0727 5832  Product type: Workstation

12:13:32.0727 5832  ComputerName: MEDIA-PC

12:13:32.0727 5832  UserName: media

12:13:32.0727 5832  Windows directory: C:\Windows

12:13:32.0727 5832  System windows directory: C:\Windows

12:13:32.0727 5832  Processor architecture: Intel x86

12:13:32.0727 5832  Number of processors: 4

12:13:32.0727 5832  Page size: 0x1000

12:13:32.0727 5832  Boot type: Normal boot

12:13:32.0727 5832  ============================================================

12:13:33.0052 5832  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:13:33.0082 5832  Drive \Device\Harddisk5\DR5 - Size: 0x1EE000000 (7.72 Gb), SectorSize: 0x200, Cylinders: 0x3EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:13:33.0083 5832  ============================================================

12:13:33.0083 5832  \Device\Harddisk0\DR0:

12:13:33.0083 5832  MBR partitions:

12:13:33.0083 5832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000

12:13:33.0083 5832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800

12:13:33.0083 5832  \Device\Harddisk5\DR5:

12:13:33.0084 5832  MBR partitions:

12:13:33.0084 5832  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xF6FFC0

12:13:33.0084 5832  ============================================================

12:13:33.0122 5832  C: <-> \Device\Harddisk0\DR0\Partition1

12:13:33.0158 5832  D: <-> \Device\Harddisk0\DR0\Partition2

12:13:33.0158 5832  ============================================================

12:13:33.0159 5832  Initialize success

12:13:33.0159 5832  ============================================================

12:13:34.0022 6096  ============================================================

12:13:34.0022 6096  Scan started

12:13:34.0022 6096  Mode: Manual; 

12:13:34.0022 6096  ============================================================

12:13:34.0390 6096  ================ Scan system memory ========================

12:13:34.0390 6096  System memory - ok

12:13:34.0390 6096  ================ Scan services =============================

12:13:34.0497 6096  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

12:13:34.0501 6096  Acer HomeMedia Connect Service - ok

12:13:34.0522 6096  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

12:13:34.0523 6096  AcerMemUsageCheckService - ok

12:13:34.0662 6096  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

12:13:34.0665 6096  ACPI - ok

12:13:34.0696 6096  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:13:34.0697 6096  AdobeFlashPlayerUpdateSvc - ok

12:13:34.0734 6096  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

12:13:34.0740 6096  adp94xx - ok

12:13:34.0759 6096  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

12:13:34.0764 6096  adpahci - ok

12:13:34.0779 6096  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

12:13:34.0781 6096  adpu160m - ok

12:13:34.0795 6096  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

12:13:34.0798 6096  adpu320 - ok

12:13:34.0822 6096  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

12:13:34.0822 6096  AeLookupSvc - ok

12:13:34.0867 6096  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

12:13:34.0871 6096  AFD - ok

12:13:34.0890 6096  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

12:13:34.0891 6096  agp440 - ok

12:13:34.0906 6096  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

12:13:34.0908 6096  aic78xx - ok

12:13:34.0925 6096  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

12:13:34.0926 6096  ALG - ok

12:13:34.0940 6096  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

12:13:34.0941 6096  aliide - ok

12:13:34.0955 6096  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

12:13:34.0956 6096  amdagp - ok

12:13:34.0967 6096  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

12:13:34.0968 6096  amdide - ok

12:13:34.0982 6096  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

12:13:34.0982 6096  AmdK7 - ok

12:13:34.0996 6096  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

12:13:34.0997 6096  AmdK8 - ok

12:13:35.0017 6096  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

12:13:35.0017 6096  Appinfo - ok

12:13:35.0037 6096  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

12:13:35.0038 6096  arc - ok

12:13:35.0064 6096  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

12:13:35.0065 6096  arcsas - ok

12:13:35.0404 6096  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

12:13:35.0404 6096  AsyncMac - ok

12:13:35.0433 6096  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

12:13:35.0434 6096  atapi - ok

12:13:35.0463 6096  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:13:35.0465 6096  AudioEndpointBuilder - ok

12:13:35.0480 6096  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

12:13:35.0482 6096  Audiosrv - ok

12:13:35.0561 6096  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE

12:13:35.0563 6096  BBSvc - ok

12:13:35.0615 6096  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

12:13:35.0616 6096  BcmSqlStartupSvc - ok

12:13:35.0622 6096  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

12:13:35.0623 6096  Beep - ok

12:13:35.0666 6096  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

12:13:35.0667 6096  BFE - ok

12:13:35.0715 6096  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

12:13:35.0721 6096  BITS - ok

12:13:35.0755 6096  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

12:13:35.0756 6096  blbdrive - ok

12:13:35.0782 6096  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

12:13:35.0783 6096  bowser - ok

12:13:35.0802 6096  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

12:13:35.0803 6096  BrFiltLo - ok

12:13:35.0816 6096  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

12:13:35.0817 6096  BrFiltUp - ok

12:13:35.0834 6096  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

12:13:35.0836 6096  Browser - ok

12:13:35.0855 6096  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

12:13:35.0856 6096  Brserid - ok

12:13:35.0873 6096  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

12:13:35.0875 6096  BrSerWdm - ok

12:13:35.0889 6096  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

12:13:35.0889 6096  BrUsbMdm - ok

12:13:35.0906 6096  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

12:13:35.0906 6096  BrUsbSer - ok

12:13:35.0926 6096  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

12:13:35.0927 6096  BTHMODEM - ok

12:13:36.0109 6096  catchme - ok

12:13:36.0226 6096  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

12:13:36.0227 6096  cdfs - ok

12:13:36.0255 6096  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

12:13:36.0256 6096  cdrom - ok

12:13:36.0268 6096  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

12:13:36.0269 6096  CertPropSvc - ok

12:13:36.0287 6096  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

12:13:36.0288 6096  circlass - ok

12:13:36.0314 6096  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

12:13:36.0318 6096  CLFS - ok

12:13:36.0368 6096  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:13:36.0370 6096  clr_optimization_v2.0.50727_32 - ok

12:13:36.0438 6096  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:13:36.0439 6096  clr_optimization_v4.0.30319_32 - ok

12:13:36.0447 6096  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

12:13:36.0448 6096  cmdide - ok

12:13:36.0463 6096  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

12:13:36.0464 6096  Compbatt - ok

12:13:36.0468 6096  COMSysApp - ok

12:13:36.0472 6096  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

12:13:36.0473 6096  crcdisk - ok

12:13:36.0492 6096  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

12:13:36.0493 6096  Crusoe - ok

12:13:36.0524 6096  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

12:13:36.0526 6096  CryptSvc - ok

12:13:36.0550 6096  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys

12:13:36.0551 6096  CVirtA - ok

12:13:36.0653 6096  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

12:13:36.0678 6096  CVPND - ok

12:13:36.0721 6096  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys

12:13:36.0725 6096  CVPNDRVA - ok

12:13:36.0761 6096  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

12:13:36.0778 6096  DcomLaunch - ok

12:13:36.0833 6096  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

12:13:36.0835 6096  DfsC - ok

12:13:36.0881 6096  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

12:13:36.0894 6096  DFSR - ok

12:13:36.0937 6096  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

12:13:36.0940 6096  Dhcp - ok

12:13:36.0963 6096  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

12:13:36.0964 6096  disk - ok

12:13:36.0998 6096  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys

12:13:36.0999 6096  DNE - ok

12:13:37.0041 6096  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

12:13:37.0042 6096  Dnscache - ok

12:13:37.0070 6096  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

12:13:37.0127 6096  dot3svc - ok

12:13:37.0171 6096  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

12:13:37.0173 6096  Dot4 - ok

12:13:37.0194 6096  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

12:13:37.0195 6096  Dot4Print - ok

12:13:37.0203 6096  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

12:13:37.0204 6096  dot4usb - ok

12:13:37.0230 6096  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

12:13:37.0231 6096  DPS - ok

12:13:37.0250 6096  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

12:13:37.0251 6096  drmkaud - ok

12:13:37.0287 6096  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

12:13:37.0291 6096  DXGKrnl - ok

12:13:37.0306 6096  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

12:13:37.0308 6096  E1G60 - ok

12:13:37.0328 6096  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

12:13:37.0329 6096  EapHost - ok

12:13:37.0375 6096  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

12:13:37.0378 6096  Ecache - ok

12:13:37.0406 6096  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

12:13:37.0412 6096  eDataSecurity Service - ok

12:13:37.0445 6096  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

12:13:37.0449 6096  ehRecvr - ok

12:13:37.0459 6096  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

12:13:37.0461 6096  ehSched - ok

12:13:37.0473 6096  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

12:13:37.0473 6096  ehstart - ok

12:13:37.0490 6096  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

12:13:37.0495 6096  elxstor - ok

12:13:37.0533 6096  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

12:13:37.0537 6096  EMDMgmt - ok

12:13:37.0601 6096  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

12:13:37.0602 6096  eRecoveryService - ok

12:13:37.0636 6096  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

12:13:37.0636 6096  ErrDev - ok

12:13:37.0673 6096  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

12:13:37.0674 6096  eSettingsService - ok

12:13:37.0705 6096  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

12:13:37.0707 6096  EventSystem - ok

12:13:37.0752 6096  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

12:13:37.0755 6096  exfat - ok

12:13:37.0786 6096  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

12:13:37.0788 6096  fastfat - ok

12:13:37.0808 6096  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

12:13:37.0808 6096  fdc - ok

12:13:37.0827 6096  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

12:13:37.0828 6096  fdPHost - ok

12:13:37.0838 6096  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

12:13:37.0839 6096  FDResPub - ok

12:13:37.0857 6096  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

12:13:37.0859 6096  FileInfo - ok

12:13:37.0870 6096  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

12:13:37.0870 6096  Filetrace - ok

12:13:37.0878 6096  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

12:13:37.0879 6096  flpydisk - ok

12:13:37.0913 6096  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

12:13:37.0916 6096  FltMgr - ok

12:13:37.0966 6096  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

12:13:37.0971 6096  FontCache - ok

12:13:38.0028 6096  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:13:38.0029 6096  FontCache3.0.0.0 - ok

12:13:38.0054 6096  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys

12:13:38.0055 6096  fssfltr - ok

12:13:38.0271 6096  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe

12:13:38.0296 6096  fsssvc - ok

12:13:38.0326 6096  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

12:13:38.0327 6096  Fs_Rec - ok

12:13:38.0345 6096  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

12:13:38.0346 6096  gagp30kx - ok

12:13:38.0390 6096  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

12:13:38.0394 6096  gpsvc - ok

12:13:38.0424 6096  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:13:38.0428 6096  HdAudAddService - ok

12:13:38.0468 6096  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

12:13:38.0485 6096  HDAudBus - ok

12:13:38.0497 6096  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

12:13:38.0497 6096  HidBth - ok

12:13:38.0510 6096  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

12:13:38.0511 6096  HidIr - ok

12:13:38.0548 6096  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll

12:13:38.0549 6096  hidserv - ok

12:13:38.0562 6096  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

12:13:38.0563 6096  HidUsb - ok

12:13:38.0587 6096  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

12:13:38.0588 6096  hkmsvc - ok

12:13:38.0604 6096  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

12:13:38.0605 6096  HpCISSs - ok

12:13:38.0713 6096  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

12:13:38.0715 6096  hpqcxs08 - ok

12:13:38.0722 6096  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

12:13:38.0723 6096  hpqddsvc - ok

12:13:38.0754 6096  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

12:13:38.0760 6096  HTTP - ok

12:13:38.0774 6096  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

12:13:38.0775 6096  i2omp - ok

12:13:38.0800 6096  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

12:13:38.0802 6096  i8042prt - ok

12:13:38.0824 6096  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys

12:13:38.0827 6096  iaStor - ok

12:13:38.0844 6096  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

12:13:38.0848 6096  iaStorV - ok

12:13:38.0927 6096  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:13:38.0928 6096  IDriverT - ok

12:13:38.0984 6096  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:13:39.0001 6096  idsvc - ok

12:13:39.0037 6096  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

12:13:39.0038 6096  iirsp - ok

12:13:39.0074 6096  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

12:13:39.0078 6096  IKEEXT - ok

12:13:39.0110 6096  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys

12:13:39.0110 6096  int15 - ok

12:13:39.0159 6096  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

12:13:39.0200 6096  IntcAzAudAddService - ok

12:13:39.0228 6096  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

12:13:39.0228 6096  intelide - ok

12:13:39.0240 6096  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

12:13:39.0241 6096  intelppm - ok

12:13:39.0260 6096  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

12:13:39.0262 6096  IPBusEnum - ok

12:13:39.0270 6096  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:13:39.0270 6096  IpFilterDriver - ok

12:13:39.0274 6096  IpInIp - ok

12:13:39.0289 6096  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

12:13:39.0290 6096  IPMIDRV - ok

12:13:39.0311 6096  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

12:13:39.0312 6096  IPNAT - ok

12:13:39.0320 6096  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

12:13:39.0320 6096  IRENUM - ok

12:13:39.0335 6096  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

12:13:39.0336 6096  isapnp - ok

12:13:39.0376 6096  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

12:13:39.0378 6096  iScsiPrt - ok

12:13:39.0392 6096  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

12:13:39.0393 6096  iteatapi - ok

12:13:39.0408 6096  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

12:13:39.0409 6096  iteraid - ok

12:13:39.0422 6096  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

12:13:39.0423 6096  kbdclass - ok

12:13:39.0449 6096  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

12:13:39.0450 6096  kbdhid - ok

12:13:39.0466 6096  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

12:13:39.0468 6096  KeyIso - ok

12:13:39.0491 6096  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

12:13:39.0497 6096  KSecDD - ok

12:13:39.0536 6096  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

12:13:39.0539 6096  KtmRm - ok

12:13:39.0567 6096  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll

12:13:39.0569 6096  LanmanServer - ok

12:13:39.0611 6096  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:13:39.0614 6096  LanmanWorkstation - ok

12:13:39.0641 6096  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

12:13:39.0642 6096  LightScribeService - ok

12:13:39.0654 6096  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

12:13:39.0655 6096  lltdio - ok

12:13:39.0677 6096  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

12:13:39.0680 6096  lltdsvc - ok

12:13:39.0683 6096  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

12:13:39.0685 6096  lmhosts - ok

12:13:39.0708 6096  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

12:13:39.0709 6096  LSI_FC - ok

12:13:39.0724 6096  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

12:13:39.0726 6096  LSI_SAS - ok

12:13:39.0751 6096  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

12:13:39.0753 6096  LSI_SCSI - ok

12:13:39.0772 6096  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

12:13:39.0773 6096  luafv - ok

12:13:39.0799 6096  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

12:13:39.0805 6096  MBAMProtector - ok

12:13:39.0851 6096  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

12:13:39.0856 6096  MBAMScheduler - ok

12:13:39.0881 6096  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:13:39.0885 6096  MBAMService - ok

12:13:39.0908 6096  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

12:13:39.0910 6096  Mcx2Svc - ok

12:13:39.0933 6096  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

12:13:39.0934 6096  megasas - ok

12:13:39.0963 6096  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

12:13:39.0968 6096  MegaSR - ok

12:13:40.0028 6096  Microsoft SharePoint Workspace Audit Service - ok

12:13:40.0047 6096  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

12:13:40.0049 6096  MMCSS - ok

12:13:40.0060 6096  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

12:13:40.0061 6096  Modem - ok

12:13:40.0070 6096  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

12:13:40.0171 6096  monitor - ok

12:13:40.0180 6096  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

12:13:40.0181 6096  mouclass - ok

12:13:40.0190 6096  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

12:13:40.0191 6096  mouhid - ok

12:13:40.0201 6096  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

12:13:40.0202 6096  MountMgr - ok

12:13:40.0238 6096  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:13:40.0239 6096  MozillaMaintenance - ok

12:13:40.0270 6096  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

12:13:40.0271 6096  mpio - ok

12:13:40.0282 6096  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

12:13:40.0283 6096  mpsdrv - ok

12:13:40.0306 6096  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

12:13:40.0307 6096  Mraid35x - ok

12:13:40.0340 6096  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

12:13:40.0342 6096  MRxDAV - ok

12:13:40.0376 6096  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

12:13:40.0378 6096  mrxsmb - ok

12:13:40.0394 6096  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:13:40.0397 6096  mrxsmb10 - ok

12:13:40.0411 6096  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:13:40.0413 6096  mrxsmb20 - ok

12:13:40.0423 6096  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

12:13:40.0424 6096  msahci - ok

12:13:40.0442 6096  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

12:13:40.0443 6096  msdsm - ok

12:13:40.0456 6096  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

12:13:40.0459 6096  MSDTC - ok

12:13:40.0477 6096  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

12:13:40.0477 6096  Msfs - ok

12:13:40.0494 6096  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

12:13:40.0495 6096  msisadrv - ok

12:13:40.0517 6096  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

12:13:40.0519 6096  MSiSCSI - ok

12:13:40.0525 6096  msiserver - ok

12:13:40.0546 6096  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

12:13:40.0547 6096  MSKSSRV - ok

12:13:40.0573 6096  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

12:13:40.0573 6096  MSPCLOCK - ok

12:13:40.0582 6096  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

12:13:40.0583 6096  MSPQM - ok

12:13:40.0613 6096  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

12:13:40.0614 6096  MsRPC - ok

12:13:40.0628 6096  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

12:13:40.0629 6096  mssmbios - ok

12:13:40.0662 6096  MSSQL$MSSMLBIZ - ok

12:13:40.0722 6096  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

12:13:40.0723 6096  MSSQLServerADHelper100 - ok

12:13:40.0738 6096  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

12:13:40.0739 6096  MSTEE - ok

12:13:40.0771 6096  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

12:13:40.0772 6096  Mup - ok

12:13:40.0808 6096  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

12:13:40.0814 6096  napagent - ok

12:13:40.0857 6096  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

12:13:40.0859 6096  NativeWifiP - ok

12:13:40.0893 6096  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

12:13:40.0901 6096  NDIS - ok

12:13:40.0922 6096  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

12:13:40.0923 6096  NdisTapi - ok

12:13:40.0932 6096  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

12:13:40.0933 6096  Ndisuio - ok

12:13:40.0975 6096  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

12:13:40.0977 6096  NdisWan - ok

12:13:40.0986 6096  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

12:13:40.0987 6096  NDProxy - ok

12:13:41.0015 6096  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

12:13:41.0017 6096  Net Driver HPZ12 - ok

12:13:41.0027 6096  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

12:13:41.0028 6096  NetBIOS - ok

12:13:41.0049 6096  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

12:13:41.0052 6096  netbt - ok

12:13:41.0055 6096  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

12:13:41.0056 6096  Netlogon - ok

12:13:41.0073 6096  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

12:13:41.0075 6096  Netman - ok

12:13:41.0092 6096  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

12:13:41.0096 6096  netprofm - ok

12:13:41.0130 6096  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:13:41.0132 6096  NetTcpPortSharing - ok

12:13:41.0145 6096  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

12:13:41.0147 6096  nfrd960 - ok

12:13:41.0167 6096  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

12:13:41.0170 6096  NlaSvc - ok

12:13:41.0186 6096  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

12:13:41.0187 6096  Npfs - ok

12:13:41.0204 6096  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

12:13:41.0206 6096  nsi - ok

12:13:41.0212 6096  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

12:13:41.0213 6096  nsiproxy - ok

12:13:41.0261 6096  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

12:13:41.0268 6096  Ntfs - ok

12:13:41.0288 6096  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys

12:13:41.0289 6096  NTIDrvr - ok

12:13:41.0303 6096  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

12:13:41.0304 6096  ntrigdigi - ok

12:13:41.0307 6096  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

12:13:41.0308 6096  Null - ok

12:13:41.0336 6096  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys

12:13:41.0353 6096  NVENETFD - ok

12:13:41.0382 6096  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

12:13:41.0384 6096  NVHDA - ok

12:13:41.0564 6096  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:13:41.0707 6096  nvlddmkm - ok

12:13:41.0731 6096  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

12:13:41.0732 6096  nvraid - ok

12:13:41.0739 6096  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys

12:13:41.0741 6096  nvrd32 - ok

12:13:41.0744 6096  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys

12:13:41.0745 6096  nvsmu - ok

12:13:41.0756 6096  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

12:13:41.0757 6096  nvstor - ok

12:13:41.0768 6096  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys

12:13:41.0769 6096  nvstor32 - ok

12:13:41.0798 6096  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe

12:13:41.0801 6096  nvsvc - ok

12:13:41.0817 6096  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

12:13:41.0819 6096  nv_agp - ok

12:13:41.0822 6096  NwlnkFlt - ok

12:13:41.0825 6096  NwlnkFwd - ok

12:13:41.0865 6096  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

12:13:41.0866 6096  ohci1394 - ok

12:13:41.0915 6096  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:13:41.0916 6096  ose - ok

12:13:42.0040 6096  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:13:42.0065 6096  osppsvc - ok

12:13:42.0109 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

12:13:42.0126 6096  p2pimsvc - ok

12:13:42.0136 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

12:13:42.0141 6096  p2psvc - ok

12:13:42.0154 6096  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

12:13:42.0156 6096  Parport - ok

12:13:42.0187 6096  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

12:13:42.0189 6096  partmgr - ok

12:13:42.0201 6096  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

12:13:42.0202 6096  Parvdm - ok

12:13:42.0215 6096  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

12:13:42.0217 6096  PcaSvc - ok

12:13:42.0246 6096  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

12:13:42.0248 6096  pci - ok

12:13:42.0259 6096  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys

12:13:42.0260 6096  pciide - ok

12:13:42.0274 6096  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

12:13:42.0277 6096  pcmcia - ok

12:13:42.0306 6096  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

12:13:42.0323 6096  PEAUTH - ok

12:13:42.0365 6096  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

12:13:42.0399 6096  pla - ok

12:13:42.0433 6096  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

12:13:42.0437 6096  PlugPlay - ok

12:13:42.0464 6096  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

12:13:42.0465 6096  Pml Driver HPZ12 - ok

12:13:42.0476 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

12:13:42.0481 6096  PNRPAutoReg - ok

12:13:42.0491 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

12:13:42.0497 6096  PNRPsvc - ok

12:13:42.0525 6096  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

12:13:42.0531 6096  PolicyAgent - ok

12:13:42.0547 6096  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

12:13:42.0548 6096  PptpMiniport - ok

12:13:42.0564 6096  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

12:13:42.0565 6096  Processor - ok

12:13:42.0593 6096  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

12:13:42.0596 6096  ProfSvc - ok

12:13:42.0608 6096  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

12:13:42.0609 6096  ProtectedStorage - ok

12:13:42.0639 6096  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

12:13:42.0641 6096  PSched - ok

12:13:42.0648 6096  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys

12:13:42.0649 6096  PSDFilter - ok

12:13:42.0662 6096  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys

12:13:42.0663 6096  PSDNServ - ok

12:13:42.0679 6096  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys

12:13:42.0681 6096  psdvdisk - ok

12:13:42.0697 6096  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

12:13:42.0699 6096  PxHelp20 - ok

12:13:42.0739 6096  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

12:13:42.0749 6096  ql2300 - ok

12:13:42.0795 6096  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

12:13:42.0798 6096  ql40xx - ok

12:13:42.0834 6096  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

12:13:42.0838 6096  QWAVE - ok

12:13:42.0850 6096  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

12:13:42.0851 6096  QWAVEdrv - ok

12:13:42.0911 6096  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll

12:13:42.0912 6096  RapiMgr - ok

12:13:42.0924 6096  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

12:13:42.0924 6096  RasAcd - ok

12:13:42.0932 6096  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

12:13:42.0935 6096  RasAuto - ok

12:13:42.0948 6096  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

12:13:42.0949 6096  Rasl2tp - ok

12:13:42.0985 6096  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

12:13:42.0990 6096  RasMan - ok

12:13:43.0018 6096  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

12:13:43.0019 6096  RasPppoe - ok

12:13:43.0047 6096  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

12:13:43.0049 6096  RasSstp - ok

12:13:43.0080 6096  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

12:13:43.0084 6096  rdbss - ok

12:13:43.0087 6096  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

12:13:43.0088 6096  RDPCDD - ok

12:13:43.0108 6096  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

12:13:43.0112 6096  rdpdr - ok

12:13:43.0115 6096  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

12:13:43.0116 6096  RDPENCDD - ok

12:13:43.0140 6096  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

12:13:43.0143 6096  RDPWD - ok

12:13:43.0170 6096  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

12:13:43.0173 6096  RemoteAccess - ok

12:13:43.0206 6096  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

12:13:43.0209 6096  RemoteRegistry - ok

12:13:43.0247 6096  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe

12:13:43.0250 6096  RichVideo - ok

12:13:43.0290 6096  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys

12:13:43.0291 6096  RimUsb - ok

12:13:43.0318 6096  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys

12:13:43.0319 6096  RimVSerPort - ok

12:13:43.0330 6096  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys

12:13:43.0331 6096  ROOTMODEM - ok

12:13:43.0384 6096  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

12:13:43.0386 6096  Roxio UPnP Renderer 9 - ok

12:13:43.0405 6096  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

12:13:43.0409 6096  Roxio Upnp Server 9 - ok

12:13:43.0441 6096  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

12:13:43.0445 6096  RoxLiveShare9 - ok

12:13:43.0474 6096  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

12:13:43.0499 6096  RoxMediaDB9 - ok

12:13:43.0522 6096  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

12:13:43.0524 6096  RoxWatch9 - ok

12:13:43.0542 6096  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

12:13:43.0544 6096  RpcLocator - ok

12:13:43.0578 6096  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

12:13:43.0583 6096  RpcSs - ok

12:13:43.0617 6096  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

12:13:43.0621 6096  RsFx0103 - ok

12:13:43.0640 6096  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

12:13:43.0641 6096  rspndr - ok

12:13:43.0645 6096  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

12:13:43.0646 6096  SamSs - ok

12:13:43.0661 6096  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

12:13:43.0663 6096  sbp2port - ok

12:13:43.0692 6096  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

12:13:43.0695 6096  SCardSvr - ok

12:13:43.0728 6096  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

12:13:43.0734 6096  Schedule - ok

12:13:43.0772 6096  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

12:13:43.0773 6096  SCPolicySvc - ok

12:13:43.0791 6096  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

12:13:43.0797 6096  SDRSVC - ok

12:13:43.0874 6096  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE

12:13:43.0876 6096  SeaPort - ok

12:13:43.0893 6096  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

12:13:43.0894 6096  secdrv - ok

12:13:43.0913 6096  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

12:13:43.0916 6096  seclogon - ok

12:13:43.0928 6096  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

12:13:43.0930 6096  SENS - ok

12:13:43.0948 6096  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

12:13:43.0949 6096  Serenum - ok

12:13:43.0958 6096  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

12:13:43.0960 6096  Serial - ok

12:13:43.0972 6096  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

12:13:43.0973 6096  sermouse - ok

12:13:43.0990 6096  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

12:13:43.0992 6096  SessionEnv - ok

12:13:44.0000 6096  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

12:13:44.0001 6096  sffdisk - ok

12:13:44.0011 6096  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

12:13:44.0012 6096  sffp_mmc - ok

12:13:44.0018 6096  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

12:13:44.0019 6096  sffp_sd - ok

12:13:44.0024 6096  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

12:13:44.0025 6096  sfloppy - ok

12:13:44.0047 6096  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

12:13:44.0052 6096  SharedAccess - ok

12:13:44.0189 6096  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:13:44.0195 6096  ShellHWDetection - ok

12:13:44.0211 6096  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

12:13:44.0213 6096  sisagp - ok

12:13:44.0226 6096  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

12:13:44.0227 6096  SiSRaid2 - ok

12:13:44.0239 6096  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

12:13:44.0241 6096  SiSRaid4 - ok

12:13:44.0282 6096  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

12:13:44.0284 6096  SkypeUpdate - ok

12:13:44.0375 6096  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

12:13:44.0396 6096  slsvc - ok

12:13:44.0443 6096  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

12:13:44.0446 6096  SLUINotify - ok

12:13:44.0473 6096  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

12:13:44.0475 6096  Smb - ok

12:13:44.0497 6096  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

12:13:44.0500 6096  SNMPTRAP - ok

12:13:44.0510 6096  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

12:13:44.0511 6096  spldr - ok

12:13:44.0539 6096  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

12:13:44.0542 6096  Spooler - ok

12:13:44.0591 6096  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys

12:13:44.0591 6096  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505

12:13:44.0593 6096  sptd ( LockedFile.Multi.Generic ) - warning

12:13:44.0593 6096  sptd - detected LockedFile.Multi.Generic (1)

12:13:44.0642 6096  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE

12:13:44.0647 6096  SQLAgent$MSSMLBIZ - ok

12:13:44.0688 6096  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:13:44.0691 6096  SQLBrowser - ok

12:13:44.0714 6096  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:13:44.0715 6096  SQLWriter - ok

12:13:44.0748 6096  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

12:13:44.0753 6096  srv - ok

12:13:44.0787 6096  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

12:13:44.0791 6096  srv2 - ok

12:13:44.0830 6096  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

12:13:44.0832 6096  srvnet - ok

12:13:44.0846 6096  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

12:13:44.0848 6096  SSDPSRV - ok

12:13:44.0872 6096  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

12:13:44.0876 6096  SstpSvc - ok

12:13:44.0917 6096  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

12:13:44.0934 6096  stisvc - ok

12:13:44.0966 6096  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

12:13:44.0967 6096  swenum - ok

12:13:44.0992 6096  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

12:13:44.0996 6096  swprv - ok

12:13:45.0007 6096  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

12:13:45.0009 6096  Symc8xx - ok

12:13:45.0020 6096  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

12:13:45.0021 6096  Sym_hi - ok

12:13:45.0033 6096  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

12:13:45.0034 6096  Sym_u3 - ok

12:13:45.0135 6096  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

12:13:45.0146 6096  SysMain - ok

12:13:45.0159 6096  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:13:45.0163 6096  TabletInputService - ok

12:13:45.0198 6096  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

12:13:45.0203 6096  TapiSrv - ok

12:13:45.0220 6096  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

12:13:45.0222 6096  TBS - ok

12:13:45.0267 6096  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

12:13:45.0282 6096  Tcpip - ok

12:13:45.0312 6096  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

12:13:45.0318 6096  Tcpip6 - ok

12:13:45.0368 6096  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

12:13:45.0369 6096  tcpipreg - ok

12:13:45.0385 6096  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

12:13:45.0386 6096  TDPIPE - ok

12:13:45.0396 6096  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

12:13:45.0397 6096  TDTCP - ok

12:13:45.0425 6096  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

12:13:45.0427 6096  tdx - ok

12:13:45.0435 6096  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

12:13:45.0437 6096  TermDD - ok

12:13:45.0456 6096  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

12:13:45.0473 6096  TermService - ok

12:13:45.0487 6096  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

12:13:45.0490 6096  Themes - ok

12:13:45.0497 6096  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

12:13:45.0499 6096  THREADORDER - ok

12:13:45.0526 6096  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

12:13:45.0531 6096  TrkWks - ok

12:13:45.0583 6096  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:13:45.0583 6096  TrustedInstaller - ok

12:13:45.0615 6096  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

12:13:45.0616 6096  tssecsrv - ok

12:13:45.0630 6096  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

12:13:45.0631 6096  tunmp - ok

12:13:45.0645 6096  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

12:13:45.0646 6096  tunnel - ok

12:13:45.0676 6096  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys

12:13:45.0677 6096  tvicport - ok

12:13:45.0690 6096  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

12:13:45.0691 6096  uagp35 - ok

12:13:45.0715 6096  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

12:13:45.0719 6096  udfs - ok

12:13:45.0736 6096  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

12:13:45.0739 6096  UI0Detect - ok

12:13:45.0748 6096  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

12:13:45.0749 6096  uliagpkx - ok

12:13:45.0772 6096  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

12:13:45.0775 6096  uliahci - ok

12:13:45.0796 6096  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

12:13:45.0798 6096  UlSata - ok

12:13:45.0807 6096  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

12:13:45.0809 6096  ulsata2 - ok

12:13:45.0821 6096  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

12:13:45.0822 6096  umbus - ok

12:13:45.0834 6096  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

12:13:45.0837 6096  upnphost - ok

12:13:45.0875 6096  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys

12:13:45.0877 6096  usbaudio - ok

12:13:45.0903 6096  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

12:13:45.0904 6096  usbccgp - ok

12:13:45.0916 6096  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

12:13:45.0917 6096  usbcir - ok

12:13:45.0953 6096  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

12:13:45.0954 6096  usbehci - ok

12:13:45.0970 6096  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

12:13:45.0972 6096  usbhub - ok

12:13:45.0976 6096  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

12:13:45.0977 6096  usbohci - ok

12:13:46.0023 6096  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

12:13:46.0025 6096  usbprint - ok

12:13:46.0051 6096  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

12:13:46.0052 6096  usbscan - ok

12:13:46.0056 6096  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:13:46.0057 6096  USBSTOR - ok

12:13:46.0065 6096  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

12:13:46.0065 6096  usbuhci - ok

12:13:46.0096 6096  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys

12:13:46.0097 6096  USB_RNDIS - ok

12:13:46.0125 6096  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

12:13:46.0128 6096  UxSms - ok

12:13:46.0166 6096  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

12:13:46.0182 6096  vds - ok

12:13:46.0258 6096  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

12:13:46.0260 6096  vga - ok

12:13:46.0269 6096  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

12:13:46.0270 6096  VgaSave - ok

12:13:46.0287 6096  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

12:13:46.0288 6096  viaagp - ok

12:13:46.0300 6096  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

12:13:46.0301 6096  ViaC7 - ok

12:13:46.0309 6096  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

12:13:46.0310 6096  viaide - ok

12:13:46.0314 6096  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

12:13:46.0315 6096  volmgr - ok

12:13:46.0338 6096  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

12:13:46.0342 6096  volmgrx - ok

12:13:46.0371 6096  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

12:13:46.0375 6096  volsnap - ok

12:13:46.0399 6096  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

12:13:46.0401 6096  vsmraid - ok

12:13:46.0432 6096  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

12:13:46.0440 6096  VSS - ok

12:13:46.0458 6096  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

12:13:46.0464 6096  W32Time - ok

12:13:46.0475 6096  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

12:13:46.0476 6096  WacomPen - ok

12:13:46.0486 6096  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

12:13:46.0487 6096  Wanarp - ok

12:13:46.0489 6096  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

12:13:46.0490 6096  Wanarpv6 - ok

12:13:46.0536 6096  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll

12:13:46.0538 6096  WcesComm - ok

12:13:46.0569 6096  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

12:13:46.0574 6096  wcncsvc - ok

12:13:46.0596 6096  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:13:46.0598 6096  WcsPlugInService - ok

12:13:46.0611 6096  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

12:13:46.0612 6096  Wd - ok

12:13:46.0627 6096  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

12:13:46.0634 6096  Wdf01000 - ok

12:13:46.0639 6096  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

12:13:46.0641 6096  WdiServiceHost - ok

12:13:46.0644 6096  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

12:13:46.0646 6096  WdiSystemHost - ok

12:13:46.0676 6096  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

12:13:46.0679 6096  WebClient - ok

12:13:46.0711 6096  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

12:13:46.0714 6096  Wecsvc - ok

12:13:46.0721 6096  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

12:13:46.0723 6096  wercplsupport - ok

12:13:46.0760 6096  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

12:13:46.0765 6096  WerSvc - ok

12:13:46.0792 6096  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

12:13:46.0796 6096  WinDefend - ok

12:13:46.0800 6096  WinHttpAutoProxySvc - ok

12:13:46.0829 6096  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

12:13:46.0831 6096  Winmgmt - ok

12:13:46.0871 6096  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

12:13:46.0895 6096  WinRM - ok

12:13:46.0924 6096  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys

12:13:46.0925 6096  winusb - ok

12:13:46.0955 6096  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

12:13:46.0972 6096  Wlansvc - ok

12:13:47.0018 6096  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:13:47.0020 6096  wlcrasvc - ok

12:13:47.0091 6096  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:13:47.0124 6096  wlidsvc - ok

12:13:47.0139 6096  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

12:13:47.0140 6096  WmiAcpi - ok

12:13:47.0176 6096  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

12:13:47.0180 6096  wmiApSrv - ok

12:13:47.0216 6096  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

12:13:47.0222 6096  WMPNetworkSvc - ok

12:13:47.0233 6096  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

12:13:47.0238 6096  WPCSvc - ok

12:13:47.0268 6096  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

12:13:47.0272 6096  WPDBusEnum - ok

12:13:47.0488 6096  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:13:47.0497 6096  WPFFontCache_v0400 - ok

12:13:47.0520 6096  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

12:13:47.0521 6096  ws2ifsl - ok

12:13:47.0563 6096  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll

12:13:47.0565 6096  wscsvc - ok

12:13:47.0569 6096  WSearch - ok

12:13:47.0631 6096  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

12:13:47.0644 6096  wuauserv - ok

12:13:47.0677 6096  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

12:13:47.0679 6096  WUDFRd - ok

12:13:47.0695 6096  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

12:13:47.0698 6096  wudfsvc - ok

12:13:47.0705 6096  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys

12:13:47.0706 6096  zntport - ok

12:13:47.0720 6096  ================ Scan global ===============================

12:13:47.0735 6096  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

12:13:47.0776 6096  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:13:47.0786 6096  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:13:47.0834 6096  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

12:13:47.0839 6096  [Global] - ok

12:13:47.0839 6096  ================ Scan MBR ==================================

12:13:47.0852 6096  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0

12:13:49.0877 6096  \Device\Harddisk0\DR0 - ok

12:13:49.0882 6096  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5

12:13:54.0633 6096  \Device\Harddisk5\DR5 - ok

12:13:54.0633 6096  ================ Scan VBR ==================================

12:13:54.0640 6096  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1

12:13:54.0642 6096  \Device\Harddisk0\DR0\Partition1 - ok

12:13:54.0657 6096  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2

12:13:54.0658 6096  \Device\Harddisk0\DR0\Partition2 - ok

12:13:54.0661 6096  [ 136E14EC517523FC5F0CBE16BE278A99 ] \Device\Harddisk5\DR5\Partition1

12:13:54.0662 6096  \Device\Harddisk5\DR5\Partition1 - ok

12:13:54.0662 6096  ============================================================

12:13:54.0662 6096  Scan finished

12:13:54.0662 6096  ============================================================

12:13:54.0669 4104  Detected object count: 1

12:13:54.0669 4104  Actual detected object count: 1

12:14:07.0657 4104  sptd ( LockedFile.Multi.Generic ) - skipped by user

12:14:07.0658 4104  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Psychotic

15.10.2012 10:24

Zitat:

sptd ( LockedFile.Multi.Generic )

Wann hast du den defogger-reenable button gedrückt???

Golderto

15.10.2012 10:30

noch gar nicht....

Psychotic

15.10.2012 10:53

OK...jetzt wirds konfus...
Versuchen wir was anderes...

DDS

Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe

Starte bitte dds mit einem Doppelklick.
Der Desktop wird verschwinden, das ist normal.
Setze bitte einen Haken bei
- dds.txt ( Sollte angehakt sein )
- attach.txt
Ändere keine Einstellungen ohne Anweisung
Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
- dds.txt
- attach.txt

Bitte poste beide Logfiles in deiner nächsten Antwort.

Golderto

15.10.2012 10:56

attach.txt:

Code:

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 9.20

Acer Arcade Live Main Page

Acer DV Magician

Acer DVDivine

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePerformance Management

Acer eSettings Management

Acer GameZone Console DTV 2.0.1.1

Acer HomeMedia

Acer HomeMedia Connect

Acer HomeMedia Trial Creator

Acer ScreenSaver

Acer SlideShow DVD

Acer VideoMagician

Active@ ISO Burner

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.3 - Deutsch

Adobe Shockwave Player 11.5

AIO_CDB_Software

AIO_Scan

Alice Greenfingers

Ask Toolbar

ATI Catalyst Install Manager

Azada

Backspin Billiards

Big Kahuna Reef

Bing Bar

BlackBerry Desktop Software 4.6

Bricks of Egypt

BufferChm

Business Contact Manager für Microsoft Outlook 2010

Business Contact Manager for Microsoft Outlook 2010

Cake Mania

Chicken Invaders 3

Chuzzle

Cisco Systems VPN Client 5.0.02.0090

Compatibility Pack for the 2007 Office system

Copy

CustomerResearchQFolder

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceManagementQFolder

Diner Dash Flo on the Go

DivX-Setup

DocProc

DocProcQFolder

eSupportQFolder

Farm Frenzy 3

Fax

HappyFoto-Designer 4.4

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Photosmart Essential

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

Java Auto Updater

Java(TM) 6 Update 31

Java(TM) 6 Update 7

Jewel Quest Solitaire

Junk Mail filter update

Kick N Rush

LightScribe  1.4.142.1

Mahjong Escape Ancient China

Mahjongg Artifacts

Malwarebytes Anti-Malware Version 1.65.0.1400

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 3.5 Language Pack SP1 - deu

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu

Microsoft Lync 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (German) 2010

Microsoft Office Excel MUI (German) 2010

Microsoft Office Groove MUI (German) 2010

Microsoft Office InfoPath MUI (German) 2010

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (German) 2010

Microsoft Office Outlook MUI (German) 2010

Microsoft Office PowerPoint MUI (German) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Italian) 2010

Microsoft Office Proofing (German) 2010

Microsoft Office Publisher MUI (German) 2010

Microsoft Office Shared MUI (German) 2010

Microsoft Office Word MUI (German) 2010

Microsoft Office XP Professional mit FrontPage

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)

Move Media Player

Mozilla Firefox 15.0.1 (x86 de)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PhotoScape

Realtek High Definition Audio Driver

Roxio Media Manager

Sandlot Games Client Services 1.2.2

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Segoe UI

Service Pack 1 für SQL Server 2008 (KB 968369)

Skype™ 5.10

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 8

Sql Server Customer Experience Improvement Program

Status

Sudoku-Drucker 1.4 

Tele2 Internet

Toolbox

TrayApp

Turbo Pizza

Unity Web Player

UnloadSupport

Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.4053

VLC media player 0.9.8a

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Fotogalerie

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX control for remote connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR

WinZip 11.1

Zuma Deluxe

.

==== End Of File ===========================

DDS.txt:

Code:

DDS (Ver_2012-10-14.05) - NTFS_x86 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31

Run by media at 12:54:22 on 2012-10-15

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\alg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.vol.at/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

mStart Page = hxxp://de.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe

mRun: [Apanel] c:\acersw\config\SetApanel.cmd

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [eRecoveryService] <no file>

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - <Clsid value has no data>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\media\appdata\roaming\mozilla\firefox\profiles\n5rn3q93.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: c:\program files\televisionfanaticei\installr\1.bin\NP64EISb.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\media\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\media\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

FF - ExtSQL: !HIDDEN! 2009-09-02 10:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? BBSvc;Bing Bar Update Service

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service

R? MozillaMaintenance;Mozilla Maintenance Service

R? MSSQLServerADHelper100;SQL Server Hilfsdienst fr Active Directory

R? osppsvc;Office Software Protection Platform

R? RsFx0103;RsFx0103 Driver

R? SkypeUpdate;Skype Updater

R? SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ)

R? wlcrasvc;Windows Live Mesh remote connections service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service

S? FontCache;Windows-Dienst fr Schriftartencache

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? NVHDA;Service for NVIDIA High Definition Audio Driver

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2012-10-15 08:30:22        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys

2012-10-15 08:29:50        --------        d-----w-        c:\program files\LSoft Technologies

2012-10-15 07:56:29        --------        d-sh--w-        C:\$RECYCLE.BIN

2012-10-15 07:46:42        --------        d-s---w-        C:\ComboFix

2012-10-15 07:15:15        --------        d-----w-        c:\users\media\appdata\local\{8C62B14F-495D-42C6-A5BF-AF05A4AE2F7E}

2012-10-14 14:47:18        --------        d-----w-        c:\users\media\appdata\local\{C6A3EB50-A185-4214-A79F-87AA08281656}

2012-10-13 20:20:06        --------        d-----w-        c:\users\media\appdata\local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

2012-10-13 08:19:28        --------        d-----w-        c:\users\media\appdata\local\{DEC86578-265F-4226-BE11-218391A0D6E2}

2012-10-12 10:52:25        --------        d-----w-        c:\users\media\appdata\local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-12 07:18:03        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-10-11 12:11:46        --------        d-----w-        C:\FRST

2012-10-11 06:50:43        98816        ----a-w-        c:\windows\sed.exe

2012-10-11 06:50:43        256000        ----a-w-        c:\windows\PEV.exe

2012-10-11 06:50:43        208896        ----a-w-        c:\windows\MBR.exe

2012-10-10 07:42:34        --------        d-----w-        c:\users\media\appdata\roaming\Malwarebytes

2012-10-10 07:42:21        --------        d-----w-        c:\programdata\Malwarebytes

2012-10-10 07:42:20        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-10-10 07:42:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-10-09 17:06:34        --------        d-----w-        c:\users\media\appdata\local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 20:23:32        --------        d-----w-        c:\users\media\appdata\local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 08:23:16        --------        d-----w-        c:\users\media\appdata\local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 19:46:36        --------        d-----w-        c:\users\media\appdata\local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-07 07:46:20        --------        d-----w-        c:\users\media\appdata\local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-06 07:07:00        --------        d-----w-        c:\users\media\appdata\local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 15:12:51        --------        d-----w-        c:\users\media\appdata\local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-04 06:07:50        --------        d-----w-        c:\users\media\appdata\local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 08:54:06        --------        d-----w-        c:\users\media\appdata\local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 18:18:15        --------        d-----w-        c:\users\media\appdata\local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-02 06:12:37        --------        d-----w-        c:\users\media\appdata\local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 13:14:30        --------        d-----w-        c:\users\media\appdata\local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 20:12:39        --------        d-----w-        c:\users\media\appdata\local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 18:22:41        73696        ----a-w-        c:\program files\mozilla firefox\breakpadinjector.dll

2012-09-30 08:11:14        --------        d-----w-        c:\users\media\appdata\local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 17:42:22        --------        d-----w-        c:\users\media\appdata\local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 10:21:40        --------        d-----w-        c:\users\media\appdata\local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 14:18:45        --------        d-----w-        c:\users\media\appdata\local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 21:27:33        --------        d-----w-        c:\users\media\appdata\local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 09:27:15        --------        d-----w-        c:\users\media\appdata\local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 09:17:02        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-09-24 09:17:01        420864        ----a-w-        c:\windows\system32\vbscript.dll

2012-09-24 09:17:01        194048        ----a-w-        c:\program files\internet explorer\IEShims.dll

2012-09-24 09:17:01        140936        ----a-w-        c:\program files\internet explorer\sqmapi.dll

2012-09-24 09:17:00        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-09-23 14:17:03        --------        d-----w-        c:\users\media\appdata\local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 11:12:23        --------        d-----w-        c:\users\media\appdata\local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 18:06:19        --------        d-----w-        c:\users\media\appdata\local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 21:23:02        --------        d-----w-        c:\users\media\appdata\local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 09:22:43        --------        d-----w-        c:\users\media\appdata\local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 14:03:01        --------        d-----w-        c:\users\media\appdata\local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 20:40:07        --------        d-----w-        c:\users\media\appdata\local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 13:26:37        --------        d-----w-        c:\users\media\appdata\local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

.

==================== Find3M  ====================

.

2012-10-09 18:01:28        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 18:01:28        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-08-24 06:59:17        1800704        ----a-w-        c:\windows\system32\jscript9.dll

2012-08-24 06:51:27        1129472        ----a-w-        c:\windows\system32\wininet.dll

2012-08-24 06:51:02        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl

.

============= FINISH: 12:55:21,93 ===============

Psychotic

15.10.2012 11:03

Starte DDS.
Wähle Advanced und hake dort ResetPolicies an.
Klicke auf Start.
Poste die dds.txt hier

Golderto

15.10.2012 11:05

Code:

DDS (Ver_2012-10-14.05)

Run by media at 13:05:30 on 2012-10-15
 

---- Advanced Fixes ----
 

Reset policy - DisableTaskMgr

Reset policy - Taskman

Reset policy - DisableCAD

Reset policy - DELETE

Reset policy - DisableRegistryTools

Reset policy - DELETE

Reset policy - DELETE

Reset policy - DisableCMD

Reset policy - autorun

Reset policy - DELETE

Reset policy - NoRun

Reset policy - NoFolderOptions

Reset policy - NoDesktop

Reset policy - NoViewOnDrive

Reset policy - NoDrives

Reset policy - DisallowCpl

Reset policy - NoControlPanel

Reset policy - RestrictCpl

Reset policy - NoNetworkConnections

Reset policy - NoAddRemovePrograms

Reset policy - NoRemovePage

Reset policy - NoDispCpl

Reset policy - NoDispAppearancePage

Reset policy - NoDispBackgroundPage

Reset policy - NoDispSettingsPage

Reset policy - Wallpaper

Reset policy - WallpaperStyle

Reset policy - NoChangingWallpaper

Reset policy - NoHTMLWallPaper

Reset policy - NoActiveDesktop

Reset policy - NoSetActiveDesktop

Reset policy - NoSetActiveDesktopChanges

Reset policy - ForceActiveDesktopOn

Reset policy - ClassicShell

Reset policy - DisableSR

Reset policy - DisableSR

Reset policy - DELETE

Reset policy - DisallowRun

Reset policy - Restrict_Run

Reset policy - NoWindowsUpdate

Reset policy - DisableWindowsUpdateAccess

Reset policy - NoInternetIcon

Reset policy - NoNetworkConnections

Reset policy - NoPropertiesMyComputer

Reset policy - NoDevMgrPage

Reset policy - NoClose

Reset policy - NoFind

Reset policy - NoShellSearchButton

Reset policy - StartMenuLogOff

Reset policy - NoStartMenuSubFolders

Reset policy - NoStartMenuMorePrograms

Reset policy - NoCommonGroups

Reset policy - NoViewContextMenu

Reset policy - NoTrayContextMenu

Reset policy - NoTrayItemsDisplay

Reset policy - HideClock

Reset policy - NoSetTaskbar

Reset policy - NoThemesTab

Reset policy - NoHardwareTab

Reset policy - NoToolbarCustomize

Reset policy - NoRecycleFiles

Reset policy - DisableCurrentUserRun

Reset policy - DisableCurrentUserRunOnce

Reset policy - DisableLocalUserRun

Reset policy - DisableLocalUserRunOnce

Reset policy - Disable Advanced

Reset policy - NoNetHood

Reset policy - SfcShowProgress

Reset policy - SfcQuota

Reset policy - SfcScan

Reset policy - NoFileMenu

Completed resetting policies.
 

................
 

Repairing the LSP stack

Done!

Please reboot the machine for the changes to take effect
 

................

Psychotic

15.10.2012 11:06

Versuche noch einmal, combofix mit der /nombr-Version zu starten.

Golderto

15.10.2012 11:29

Liste der Anhänge anzeigen (Anzahl: 1)

Habe ich probiert.. als erstes direkt nach der Umstellung des DDS, dann nochmals nach Neustart probiert... nach über 20 Minuten habe ich es erneut abgebrochen, beim wiederholten Neustart, kommt folgende Meldung (Anhang)...

Was soll ich da als 1. drücken und 2. wie geht's weiter?... :stirn:

lg

Psychotic

15.10.2012 11:56

Da kannst du "ja" drücken...was den Rest angeht, muss ich nochmal Rücksprache halten.

Psychotic

15.10.2012 13:20

Suche mit FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Search file(s).
Es öfnet sich ein Fenster, in dem bereits search: steht.
Füge hier folgendes hinzu:

Code:

File: C:\Windows\System32\DRIVERS\ipinip.sys File: C:\Windows\System32\DRIVERS\nwlnkflt.sys File: C:\Windows\System32\DRIVERS\nwlnkfwd.sys File: C:\Windows\Acer_Normal\run_DT.exe

Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.

Schritt 2: combofix /skipfix

Klicke auf Start-->Ausführen..., gib folgendes ein:

Code:

combofix /skipfix

Poste das log hier...

Golderto

15.10.2012 20:10

Also...
Ich konnte immer nur eine Datei suchen, deswegen die mehreren logs:

*ipinip.sys:*

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 21:30:58

Running from J:\
 

================== Search: "File: C:\Windows\System32\DRIVERS\ipinip.sys" ===================
 

=== End Of Search ===

*nwlnkflt.sys:*

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 21:40:40

Running from J:\
 

================== Search: "File: C:\Windows\System32\DRIVERS\nwlnkflt.sys" ===================
 

=== End Of Search ===

*nwlnkfwd.sys:*

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 21:45:42

Running from J:\
 

================== Search: "File: C:\Windows\System32\DRIVERS\nwlnkfwd.sys" ===================
 

=== End Of Search ===

*run_DT.exe:*

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 21:25:50

Running from J:\
 

================== Search: "File: C:\Windows\Acer_Normal\run_DT.exe" ===================
 

=== End Of Search ===

Schritt 2:
Combofix hat endlich mal funktioniert, ich hänge dir die Datei an!

Lg

Psychotic

16.10.2012 06:17

So, jetzt wird ein Schuh draus!

Schritt 1: Custom Scan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

c:\windows\*.* /RP

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

explorer.exe

regedit.exe

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Golderto

16.10.2012 07:39

Guten Morgen Marius!

hab alles so gemacht, wie du geschrieben hast, OTL hat allerdings nur eine Textdatei OTL.txt erstellt:

Code:

OTL logfile created on: 16.10.2012 08:23:54 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\media\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,87% Memory free

6,21 Gb Paging File | 5,04 Gb Available in Paging File | 81,20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294,33 Gb Total Space | 175,80 Gb Free Space | 59,73% Space Free | Partition Type: NTFS

Drive D: | 294,03 Gb Total Space | 275,53 Gb Free Space | 93,71% Space Free | Partition Type: NTFS

Drive J: | 7,70 Gb Total Space | 7,70 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

 

Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.10.10 09:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL.exe

PRC - [2012.09.07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2010.03.25 13:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2010.03.05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

PRC - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2008.01.09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe

PRC - [2007.10.26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 07:42:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012.06.14 07:42:02 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012.05.10 02:35:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012.05.10 02:35:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010.03.05 16:32:36 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010.03.05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll

MOD - [2008.01.09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.10.09 19:01:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.30 19:22:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.07 16:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.25 13:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.03.31 05:55:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)

SRV - [2009.03.30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2009.03.30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSMLBIZ)

SRV - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)

SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.10.26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012.10.15 09:30:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2012.09.07 16:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.10.05 11:10:18 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.08.21 21:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2007.12.08 06:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.12.08 06:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007.10.26 13:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.09.10 19:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{D5B3BAA6-EDFB-4091-92D7-6A154CA12F49}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=13F77FA4-C964-469A-91D5-B58CDBCFD6B4&apn_sauid=E986082D-1F6E-44EB-9AAF-02F7CBC87DC9

IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/calendar/render|hxxp://web-mail.uibk.ac.at"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\media\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.30 19:22:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 10:26:52 | 000,000,000 | ---D | M]

 

[2009.09.08 16:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions

[2012.08.31 16:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions

[2012.04.01 19:45:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com

[2012.07.31 10:27:07 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\n5rn3q93.default\searchplugins\askcom.xml

[2012.07.31 10:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.09.30 19:22:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.01 19:34:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.11 19:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.30 19:22:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.10.15 21:00:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62F73864-B521-4BFF-8E43-CC4685420CD7}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65340EC2-C695-4F14-B466-1A10E68B8112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814F0606-50B9-4C44-9BF1-D7FB635D6347}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell - "" = AutoRun

O33 - MountPoints2\{1c4506d7-86fd-11dd-a288-0021853451d5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

System Restore Service not available.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.15 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4AA2A1E7-847B-4A7E-A5DB-2BC56CBCDCB1}

[2012.10.15 21:00:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.15 11:53:52 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\media\Desktop\dds.com

[2012.10.15 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\tdsskiller

[2012.10.15 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies

[2012.10.15 09:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner

[2012.10.15 09:27:45 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\media\Desktop\OTLPENet.exe

[2012.10.15 08:15:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8C62B14F-495D-42C6-A5BF-AF05A4AE2F7E}

[2012.10.14 15:47:18 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6A3EB50-A185-4214-A79F-87AA08281656}

[2012.10.13 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

[2012.10.13 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2}

[2012.10.12 11:52:25 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

[2012.10.12 08:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.12 08:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.10.12 08:18:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.11 13:11:46 | 000,000,000 | ---D | C] -- C:\FRST

[2012.10.11 11:01:48 | 004,980,567 | R--- | C] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe

[2012.10.11 07:50:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.10.11 07:50:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.10.11 07:50:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.10.11 07:45:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.11 07:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.10.11 06:54:14 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe

[2012.10.10 08:42:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes

[2012.10.10 08:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.10 08:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.10 08:42:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.10.10 08:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.10.09 18:06:34 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

[2012.10.08 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

[2012.10.08 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

[2012.10.07 20:46:36 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

[2012.10.07 08:46:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

[2012.10.06 08:07:00 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

[2012.10.05 16:12:51 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

[2012.10.04 07:07:50 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

[2012.10.03 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

[2012.10.02 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

[2012.10.02 07:12:37 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

[2012.10.01 14:14:30 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

[2012.09.30 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

[2012.09.30 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

[2012.09.27 18:42:22 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

[2012.09.26 11:21:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

[2012.09.25 15:18:45 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

[2012.09.24 22:27:33 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

[2012.09.24 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

[2012.09.23 15:17:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

[2012.09.20 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

[2012.09.19 19:06:19 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

[2012.09.18 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

[2012.09.18 10:22:43 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

[2012.09.17 15:03:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

[2012.09.16 21:40:07 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.16 08:23:51 | 000,693,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.16 08:23:51 | 000,661,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.16 08:23:51 | 000,150,490 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.16 08:23:51 | 000,128,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.16 08:19:13 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2012.10.16 08:17:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.16 08:17:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.16 08:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.16 08:16:57 | 3220,336,640 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.16 00:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.15 21:09:44 | 000,004,421 | ---- | M] () -- C:\Users\media\Desktop\combofix.7z

[2012.10.15 21:00:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.10.15 20:50:32 | 004,980,567 | R--- | M] (Swearware) -- C:\Users\media\Desktop\ComboFix.exe

[2012.10.15 11:53:58 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\media\Desktop\dds.com

[2012.10.15 11:12:55 | 002,194,704 | ---- | M] () -- C:\Users\media\Desktop\tdsskiller.zip

[2012.10.15 09:32:36 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\media\Desktop\OTLPENet.exe

[2012.10.12 16:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\media\Desktop\tdsskiller.exe

[2012.10.11 09:32:16 | 000,001,356 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat

[2012.10.10 09:29:02 | 239,283,638 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.10.10 09:04:23 | 000,000,000 | ---- | M] () -- C:\Users\media\defogger_reenable

[2012.10.10 08:42:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.10 08:08:12 | 000,429,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.10.07 16:26:01 | 000,113,595 | ---- | M] () -- C:\Users\media\Desktop\urkunde.pdf

[9 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.10.15 21:09:44 | 000,004,421 | ---- | C] () -- C:\Users\media\Desktop\combofix.7z

[2012.10.15 11:12:55 | 002,194,704 | ---- | C] () -- C:\Users\media\Desktop\tdsskiller.zip

[2012.10.12 12:22:06 | 3220,336,640 | -HS- | C] () -- C:\hiberfil.sys

[2012.10.11 07:50:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.10.11 07:50:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.10.11 07:50:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.10.11 07:50:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.10.11 07:50:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.10.10 09:04:23 | 000,000,000 | ---- | C] () -- C:\Users\media\defogger_reenable

[2012.10.10 08:42:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.07 16:26:01 | 000,113,595 | ---- | C] () -- C:\Users\media\Desktop\urkunde.pdf

[2011.07.14 12:13:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.07.27 17:46:57 | 000,001,356 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat

[2010.05.25 15:12:53 | 000,000,032 | --S- | C] () -- C:\Users\media\AppData\Local\3047995989.dat

[2009.03.21 17:53:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.09.20 11:52:02 | 000,091,136 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2008.03.21 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Acer GameZone Console

[2010.05.05 08:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\AppClient

[2008.10.02 13:00:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Big Fish Games

[2008.09.11 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\eSobi

[2008.10.03 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FloodLightGames

[2011.11.28 12:39:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\HappyFoto

[2012.10.04 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Image Zone Express

[2008.09.29 10:45:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PlayFirst

[2008.12.17 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Printer Info Cache

[2011.12.03 13:28:37 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Research In Motion

[2012.01.20 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Unity

[2010.08.22 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\WinBatch

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < c:\windows\*.* /RP >

[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 14:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.07.23 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 < %SYSTEMDRIVE%\*. >

[2012.10.15 21:00:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2008.09.05 13:27:27 | 000,000,000 | ---D | M] -- C:\Acer

[2008.09.11 15:21:48 | 000,000,000 | ---D | M] -- C:\AcerSW

[2008.03.21 22:05:47 | 000,000,000 | ---D | M] -- C:\Book

[2010.05.13 21:53:59 | 000,000,000 | ---D | M] -- C:\Boot

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.09.03 15:08:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2008.03.21 22:05:47 | 000,000,000 | ---D | M] -- C:\DRV

[2012.10.11 13:11:46 | 000,000,000 | ---D | M] -- C:\FRST

[2010.05.28 11:14:13 | 000,000,000 | ---D | M] -- C:\Games

[2012.07.08 21:17:18 | 000,000,000 | R--D | M] -- C:\MSOCache

[2010.08.10 13:20:09 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.10.15 20:54:36 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.10.11 23:52:50 | 000,000,000 | ---D | M] -- C:\ProgramData

[2008.09.03 15:08:55 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.10.15 21:04:34 | 000,000,000 | ---D | M] -- C:\Qoobox

[2012.10.15 09:30:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.10.12 08:18:03 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine

[2008.09.05 13:26:21 | 000,000,000 | R--D | M] -- C:\Users

[2012.10.15 21:00:21 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\erdnt\cache\regedit.exe

[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe

[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\erdnt\cache\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-24 09:17:42

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[_default.pif] -> c:\windows\_default.pif -> HardLink

[bfsvc.exe] -> c:\windows\bfsvc.exe -> HardLink

[C:\Windows\$NtUninstallKB26798$] ->  -> Unknown point type

[explorer.exe] -> c:\windows\explorer.exe -> HardLink

[fveupdate.exe] -> c:\windows\fveupdate.exe -> HardLink

[HelpPane.exe] -> c:\windows\HelpPane.exe -> HardLink

[hh.exe] -> c:\windows\hh.exe -> HardLink

[mib.bin] -> c:\windows\mib.bin -> HardLink

[notepad.exe] -> c:\windows\notepad.exe -> HardLink

[regedit.exe] -> c:\windows\regedit.exe -> HardLink

[twain.dll] -> c:\windows\twain.dll -> HardLink

[twain_32.dll] -> c:\windows\twain_32.dll -> HardLink

[twunk_16.exe] -> c:\windows\twunk_16.exe -> HardLink

[twunk_32.exe] -> c:\windows\twunk_32.exe -> HardLink

[winhelp.exe] -> c:\windows\winhelp.exe -> HardLink

[winhlp32.exe] -> c:\windows\winhlp32.exe -> HardLink

[WMSysPr9.prx] -> c:\windows\WMSysPr9.prx -> HardLink

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
 

< End of report >

Psychotic

16.10.2012 08:54

Scan mit adwcleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Golderto

16.10.2012 09:06

Code:

# AdwCleaner v2.005 - Datei am 16/10/2012 um 10:05:53 erstellt

# Aktualisiert am 14/10/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : media - MEDIA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\media\Downloads\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\searchplugins\Askcom.xml

Ordner Gefunden : C:\Program Files\Ask.com

Ordner Gefunden : C:\ProgramData\Ask

Ordner Gefunden : C:\Users\media\AppData\LocalLow\AskToolbar

Ordner Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\Conduit

Ordner Gefunden : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com

Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\APN

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gefunden : HKCU\Software\Ask.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\Software\APN

Schlüssel Gefunden : HKLM\Software\AskToolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gefunden : HKU\S-1-5-21-3532016870-2659621917-2767292664-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0.1 (de)
 

Profilname : default 

Datei : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\prefs.js
 

Gefunden : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Gefunden : user_pref("CT2438727.CTID", "CT2438727");

Gefunden : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");

Gefunden : user_pref("CT2438727.CurrentServerDate", "27-2-2010");

Gefunden : user_pref("CT2438727.DialogsAlignMode", "LTR");

Gefunden : user_pref("CT2438727.FirstServerDate", "27-2-2010");

Gefunden : user_pref("CT2438727.FirstTime", true);

Gefunden : user_pref("CT2438727.FirstTimeFF3", true);

Gefunden : user_pref("CT2438727.GroupingInvalidateCache", false);

Gefunden : user_pref("CT2438727.GroupingLastCheckTime", "0");

Gefunden : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");

Gefunden : user_pref("CT2438727.GroupingServerCheckInterval", 1440);

Gefunden : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Gefunden : user_pref("CT2438727.Initialize", true);

Gefunden : user_pref("CT2438727.InitializeCommonPrefs", true);

Gefunden : user_pref("CT2438727.InstalledDate", "Sat Feb 27 2010 13:36:20 GMT+0100");

Gefunden : user_pref("CT2438727.InvalidateCache", false);

Gefunden : user_pref("CT2438727.IsGrouping", false);

Gefunden : user_pref("CT2438727.IsMulticommunity", false);

Gefunden : user_pref("CT2438727.IsOpenThankYouPage", true);

Gefunden : user_pref("CT2438727.IsOpenUninstallPage", true);

Gefunden : user_pref("CT2438727.LanguagePackLastCheckTime", "Sat Feb 27 2010 13:36:20 GMT+0100");

Gefunden : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);

Gefunden : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Gefunden : user_pref("CT2438727.LastLogin_2.5.7.3", "Sat Feb 27 2010 13:36:23 GMT+0100");

Gefunden : user_pref("CT2438727.LatestVersion", "2.1.0.18");

Gefunden : user_pref("CT2438727.Locale", "en");

Gefunden : user_pref("CT2438727.LoginCache", 4);

Gefunden : user_pref("CT2438727.MCDetectTooltipHeight", "83");

Gefunden : user_pref("CT2438727.MCDetectTooltipShow", false);

Gefunden : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Gefunden : user_pref("CT2438727.MCDetectTooltipWidth", "295");

Gefunden : user_pref("CT2438727.RadioLastCheckTime", "0");

Gefunden : user_pref("CT2438727.RadioLastUpdateIPServer", "0");

Gefunden : user_pref("CT2438727.RadioLastUpdateServer", "0");

Gefunden : user_pref("CT2438727.SHRINK_TOOLBAR", 1);

Gefunden : user_pref("CT2438727.SearchBoxWidth", 143);

Gefunden : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Gefunden : user_pref("CT2438727.SearchFromAddressBarIsInit", true);

Gefunden : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]

Gefunden : user_pref("CT2438727.SearchInNewTabEnabled", true);

Gefunden : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);

Gefunden : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sat Feb 27 2010 13:36:23 GMT+0100");

Gefunden : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]

Gefunden : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Gefunden : user_pref("CT2438727.SearchInNewTabUserEnabled", false);

Gefunden : user_pref("CT2438727.SettingsCheckIntervalMin", 120);

Gefunden : user_pref("CT2438727.SettingsLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");

Gefunden : user_pref("CT2438727.SettingsLastUpdate", "1266424830");

Gefunden : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);

Gefunden : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Feb 27 2010 13:36:18 GMT+0100");

Gefunden : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1266424830");

Gefunden : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Gefunden : user_pref("CT2438727.UserID", "UN30182459095590657");

Gefunden : user_pref("CT2438727.ValidationData_Toolbar", 2);

Gefunden : user_pref("CT2438727.alertChannelId", "832836");

Gefunden : user_pref("CT2438727.clientLogIsEnabled", true);

Gefunden : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Gefunden : user_pref("CT2438727.myStuffEnabled", true);

Gefunden : user_pref("CT2438727.myStuffPublihserMinWidth", 400);

Gefunden : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]

Gefunden : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);

Gefunden : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Gefunden : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");

Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");

Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");

Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Gefunden : user_pref("CommunityToolbar.alert.locale", "en");

Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 27 2010 13:36:18 GMT+0100");

Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");

Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Gefunden : user_pref("CommunityToolbar.alert.userId", "{37c415de-8be0-4628-a4b4-1ebae7359a0a}");

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");

Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");

Gefunden : user_pref("browser.search.order.1", "Ask.com");

Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

*************************
 

AdwCleaner[R1].txt - [10950 octets] - [16/10/2012 10:05:53]
 

########## EOF - C:\AdwCleaner[R1].txt - [11011 octets] ##########

Psychotic

16.10.2012 09:14

Schritt 1: Fix mit adwCleaner

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

[C:\Windows\$NtUninstallKB26798$] ->  -> Unknown point type

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 64 bytes -> C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25

:Commands

[purity]

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3: MBAM

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Golderto

16.10.2012 10:28

Wow.. das ging ja lange ;)... hat alles funktioniert:
Hier die Logs:

Schritt 1:

Code:

# AdwCleaner v2.005 - Datei am 16/10/2012 um 10:16:24 erstellt

# Aktualisiert am 14/10/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : media - MEDIA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\media\Downloads\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\searchplugins\Askcom.xml

Gelöscht mit Neustart : C:\Program Files\Ask.com

Ordner Gelöscht : C:\ProgramData\Ask

Ordner Gelöscht : C:\Users\media\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\Conduit

Ordner Gelöscht : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\extensions\toolbar@ask.com

Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\APN

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\Software\APN

Schlüssel Gelöscht : HKLM\Software\AskToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0.1 (de)
 

Profilname : default 

Datei : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\prefs.js
 

C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\n5rn3q93.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Gelöscht : user_pref("CT2438727.CTID", "CT2438727");

Gelöscht : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");

Gelöscht : user_pref("CT2438727.CurrentServerDate", "27-2-2010");

Gelöscht : user_pref("CT2438727.DialogsAlignMode", "LTR");

Gelöscht : user_pref("CT2438727.FirstServerDate", "27-2-2010");

Gelöscht : user_pref("CT2438727.FirstTime", true);

Gelöscht : user_pref("CT2438727.FirstTimeFF3", true);

Gelöscht : user_pref("CT2438727.GroupingInvalidateCache", false);

Gelöscht : user_pref("CT2438727.GroupingLastCheckTime", "0");

Gelöscht : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");

Gelöscht : user_pref("CT2438727.GroupingServerCheckInterval", 1440);

Gelöscht : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Gelöscht : user_pref("CT2438727.Initialize", true);

Gelöscht : user_pref("CT2438727.InitializeCommonPrefs", true);

Gelöscht : user_pref("CT2438727.InstalledDate", "Sat Feb 27 2010 13:36:20 GMT+0100");

Gelöscht : user_pref("CT2438727.InvalidateCache", false);

Gelöscht : user_pref("CT2438727.IsGrouping", false);

Gelöscht : user_pref("CT2438727.IsMulticommunity", false);

Gelöscht : user_pref("CT2438727.IsOpenThankYouPage", true);

Gelöscht : user_pref("CT2438727.IsOpenUninstallPage", true);

Gelöscht : user_pref("CT2438727.LanguagePackLastCheckTime", "Sat Feb 27 2010 13:36:20 GMT+0100");

Gelöscht : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);

Gelöscht : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Gelöscht : user_pref("CT2438727.LastLogin_2.5.7.3", "Sat Feb 27 2010 13:36:23 GMT+0100");

Gelöscht : user_pref("CT2438727.LatestVersion", "2.1.0.18");

Gelöscht : user_pref("CT2438727.Locale", "en");

Gelöscht : user_pref("CT2438727.LoginCache", 4);

Gelöscht : user_pref("CT2438727.MCDetectTooltipHeight", "83");

Gelöscht : user_pref("CT2438727.MCDetectTooltipShow", false);

Gelöscht : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Gelöscht : user_pref("CT2438727.MCDetectTooltipWidth", "295");

Gelöscht : user_pref("CT2438727.RadioLastCheckTime", "0");

Gelöscht : user_pref("CT2438727.RadioLastUpdateIPServer", "0");

Gelöscht : user_pref("CT2438727.RadioLastUpdateServer", "0");

Gelöscht : user_pref("CT2438727.SHRINK_TOOLBAR", 1);

Gelöscht : user_pref("CT2438727.SearchBoxWidth", 143);

Gelöscht : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Gelöscht : user_pref("CT2438727.SearchFromAddressBarIsInit", true);

Gelöscht : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]

Gelöscht : user_pref("CT2438727.SearchInNewTabEnabled", true);

Gelöscht : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);

Gelöscht : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sat Feb 27 2010 13:36:23 GMT+0100");

Gelöscht : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]

Gelöscht : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Gelöscht : user_pref("CT2438727.SearchInNewTabUserEnabled", false);

Gelöscht : user_pref("CT2438727.SettingsCheckIntervalMin", 120);

Gelöscht : user_pref("CT2438727.SettingsLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");

Gelöscht : user_pref("CT2438727.SettingsLastUpdate", "1266424830");

Gelöscht : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);

Gelöscht : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Feb 27 2010 13:36:18 GMT+0100");

Gelöscht : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1266424830");

Gelöscht : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Gelöscht : user_pref("CT2438727.UserID", "UN30182459095590657");

Gelöscht : user_pref("CT2438727.ValidationData_Toolbar", 2);

Gelöscht : user_pref("CT2438727.alertChannelId", "832836");

Gelöscht : user_pref("CT2438727.clientLogIsEnabled", true);

Gelöscht : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Gelöscht : user_pref("CT2438727.myStuffEnabled", true);

Gelöscht : user_pref("CT2438727.myStuffPublihserMinWidth", 400);

Gelöscht : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]

Gelöscht : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);

Gelöscht : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Gelöscht : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");

Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");

Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 27 2010 13:38:03 GMT+0100");

Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");

Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 27 2010 13:36:18 GMT+0100");

Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");

Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Gelöscht : user_pref("CommunityToolbar.alert.userId", "{37c415de-8be0-4628-a4b4-1ebae7359a0a}");

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

*************************
 

AdwCleaner[R1].txt - [11081 octets] - [16/10/2012 10:05:53]

AdwCleaner[S1].txt - [10827 octets] - [16/10/2012 10:16:24]
 

########## EOF - C:\AdwCleaner[S1].txt - [10888 octets] ##########

Schritt 2:

Code:

All processes killed

========== OTL ==========

Unable to remove Unknown point type C:\Windows\$NtUninstallKB26798$

ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.

ADS C:\ProgramData\TEMP:9F683177 deleted successfully.

ADS C:\Users\media\Desktop\TomVic - The Movie.mpeg:TOC.WMV deleted successfully.

ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.

ADS C:\ProgramData\TEMP:8173A019 deleted successfully.

ADS C:\ProgramData\TEMP:861A898F deleted successfully.

ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.

ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.

ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.

ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: media

->Temp folder emptied: 865713 bytes

->Temporary Internet Files folder emptied: 1549901863 bytes

->Java cache emptied: 74876629 bytes

->FireFox cache emptied: 65382171 bytes

->Flash cache emptied: 6240878 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 286 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 675840 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 81607 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.619,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10162012_102244
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Schritt 3:

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.16.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

media :: MEDIA-PC [Administrator]
 

Schutz: Aktiviert
 

16.10.2012 10:36:16

mbam-log-2012-10-16 (10-36-16).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 355612

Laufzeit: 34 Minute(n), 18 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 11

C:\FRST\Quarantine\6eb1f9e0\U\00000001.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\000000cf.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\80000000.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\800000c0.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\800000cb.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\FRST\Quarantine\6eb1f9e0\U\800000cf.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Qoobox\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\VirtualStore\Windows\System32\cooper.mine (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\media\AppData\Local\VirtualStore\Windows\System32\net.net (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Psychotic

16.10.2012 10:44

--------------------------------------

Psychotic

16.10.2012 10:50

junction.exe

Downloade dir bitte Junction.zip und speichere diese auf deinem Desktop.
Extrahiere den Inhalt von Junction.zip und speichere die junction.exe auf deinem Systemlaufwerk. ( Meistens C: )

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

@echo off

cd \

echo Please wait

junction -d C:\Windows\$NtUninstallKB26798$ > log.txt

cls

echo Finish

notepad log.txt

del %0

Wähle Datei --> Speichern unter
Dateiname: junc.bat
Dateityp: Wähle Alle Dateien (*.*)
Speichere die Datei auf deinen Desktop.

Es sollte nun ungefähr so aussehen http://larusso.trojaner-board.de/Images/bat.jpg
Starte die junc.bat.

Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde öffnet sich ein Textdokument ( log.txt ). Kopiere den Inhalt bitte hier in dein Thema.
( Auch zu finden unter C:\log.txt )

Golderto

16.10.2012 10:56

Hey Marius!

Alles gemacht - aber die Log-datei ist leer, da steht nichts drinnen...

lg

Sorry!
Mein Fehler!!! hatte die Datei nicht auf C: gespeichert...

Nun, hier die log-datei:

Code:

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright (C) 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com
 

Error deleting C:\Windows\$NtUninstallKB26798$: Das Verzeichnis ist nicht leer.

Psychotic

16.10.2012 11:13

Zitat:

@echo off
cd \
echo Please wait
junction -q > log.txt
cls
echo Finish
notepad log.txt
del %0

Ändere die junc.bat wie oben beschrieben ab und führe sie erneut aus.
Poste die log.txt.

Golderto

16.10.2012 11:17

Code:

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright (C) 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com
 

Error deleting C:\Windows\$NtUninstallKB26798$: Das Verzeichnis ist nicht leer.

Psychotic

16.10.2012 11:18

Lösche die log.txt und führe die batch erneut aus.
Poste das log.

Golderto

16.10.2012 11:22

Code:

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright (C) 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com
 

No matching files were found.

Psychotic

16.10.2012 12:09

Sieht ganz gut aus - kontrollieren wir alles nochmal! :)

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Golderto

16.10.2012 12:34

Hey Marius!

Vielen Dank erstmal!
Ich werde nun wahrscheinlich die nächsten Schritte erst am Donnerstagnachmittag durchführen können...

Werde die Ergebnisse dann posten!

Lg und danke soweit!

Golderto

18.10.2012 19:11

Sooo...

Schritt 1:

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.10.18.07
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

media :: MEDIA-PC [Administrator]
 

18.10.2012 19:11:41

mbam-log-2012-10-18 (19-11-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 356665

Laufzeit: 33 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Schritt 2:

Code:

C:\Documents and Settings\media\Desktop\0.14343505040701832.exe        Win32/Kryptik.AFLQ trojan

C:\FRST\Quarantine\netbt.sys        a variant of Win32/Rootkit.Kryptik.FX trojan

C:\FRST\Quarantine\6eb1f9e0\X        a variant of Win32/Kryptik.WTU trojan

C:\FRST\Quarantine\ofrvdjtupebarrp\main.html        HTML/Ransom.B trojan

C:\Qoobox\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir        Win32/Toolbar.MyWebSearch.Q application

C:\Qoobox\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir        Win32/Toolbar.MyWebSearch application

C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0000\svc0000\tsk0000.dta        a variant of Win32/Rootkit.Kryptik.FX trojan

C:\TDSSKiller_Quarantine\12.10.2012_09.17.18\rtkt0001\svc0000\tsk0000.dta        a variant of Win32/Rootkit.Kryptik.FX trojan

C:\Users\media\Desktop\0.14343505040701832.exe        Win32/Kryptik.AFLQ trojan

Psychotic

19.10.2012 06:28

CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

FILE::

C:\Documents and Settings\media\Desktop\0.14343505040701832.exe

C:\Users\media\Desktop\0.14343505040701832.exe

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Golderto

19.10.2012 08:51

Hey Marius!

Habe alles so gemacht, wie beschrieben... aber wieder das gleiche Problem... Combofix macht nichts... startet normal, dann heißt es wieder, er sucht ca. 10 Minuten und dauert 30 Minuten...

lg

Psychotic

19.10.2012 09:39

Dann eben so! :)

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:files

C:\Documents and Settings\media\Desktop\0.14343505040701832.exe

C:\Users\media\Desktop\0.14343505040701832.exe

:Commands

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Golderto

19.10.2012 10:00

Code:

All processes killed

========== FILES ==========

C:\Documents and Settings\media\Desktop\0.14343505040701832.exe moved successfully.

File\Folder C:\Users\media\Desktop\0.14343505040701832.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: media

->Temp folder emptied: 2572113 bytes

->Temporary Internet Files folder emptied: 31150799 bytes

->Java cache emptied: 2777543 bytes

->FireFox cache emptied: 16847434 bytes

->Flash cache emptied: 22725 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 120091 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 51,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10192012_104952
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Psychotic

19.10.2012 11:50

Schritt 1: Adobe Flash Player update

Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
Starte das Setup und folge den Anweisungen auf dem Bildschirm.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 2: Java update

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme, speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:

Öffne erneut die Systemsteuerung --> Programme und Funktionen und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen ....
Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
Klicke erneut OK.

Schritt 3: Adobe Reader update

Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
Starte die Installation und folge den Anweisungen auf dem Bildschirm.
Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
Suche und entferne alle älteren Reader-Versionen.

Schritt 4: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:

Lade dir den aktuellen Firefox von hier herunter.
Starte das Setup und folge den Anweisungen auf dem Bildschirm.
Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
Entferne alle älteren Firefox-Versionen.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 5: Adobe Shockwave Player update

Dein Shockwave-Player ist veraltet. Um den Shockwave Player zu aktualisieren, gehe bitte wie folgt vor:

Besuche die Seite Adobe - Adobe Shockwave Player
Klicke auf die Schaltfläche "Zustimmen und installieren" und folge den Anweisungen auf dem Bildschirm.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 6: VLC-Player update

Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Player von hier herunter.
Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
Melde dich umgehend, falls Schwierigkeiten auftreten.

Windows Updates herunterladen und installieren

Drücke Windows + R Taste und kopiere nun folgenden Text in die Kommandozeile

Code:

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.

Stelle sicher das die automatischen Updates aktiviert sind.

Bestätige mit OK.

Drücke erneut Windows + R Taste und kopiere folgenden Text in die Kommandozeile

Code:

wuauclt.exe /detectnow /reportnow /updatenow

Installiere die gefundenen Updates mit der Option "Expressinstallation". Dein Rechner wird dich ggf. zum Neustart aufforden - führe diesen durch, so oft er gefordert wird.

Erst, wenn keine Updates mehr gefunden werden (das gelbe Schild-Symbol im Infobereich erscheint nicht mehr), geht es mit dem nächsten Schritt weiter!

Golderto

19.10.2012 18:35

Hallo Marius!...

Also...

Schritt 1, 2, 3, 4, 5 und 6 erfolreich abgeschlossen..

Zu Schritt 7 (Windows Updates herunterladen und installieren):
Den 1. Code...

Code:

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

...habe ich eingegeben, Automatische Updates waren aktiviert, also alles in Ordnung.

Wenn ich den 2. Code eintippe:

Code:

wuauclt.exe /detectnow /reportnow /updatenow

.. passiert aber gar nichts... also ich tippe den Code ins Ausführen - Fenster rein und nichts öffnet sich, kein Update wird installiert, usw....

Glg und vielen Dank für deine Hilfe... aufs Neue :crazy:

Psychotic

22.10.2012 06:44

Das ist normal - in dem Fall stehen keine Updates zur Verfügung!

Wie verhält sich der Rechner?

Golderto

22.10.2012 06:53

Der Rechner verhält sich ziemlich normal ;)...
aber seit ich McAfee deinstalliert habe, sollte ich wohl nun einen neuen Anti-Virus Scanner installieren... weißt du einen Guten?

lg

Psychotic

22.10.2012 08:38

Das kommt jetzt! :)

Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button

ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

Combofix /Uninstall

http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

ComboFix

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Antviren-Software

Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
Eine Auswahl kostenloser Antivirenprogramme:

AVG Free Anti-Virus
Avast! Free Anti-Virus
Microsoft Security Essentials
Hinweis:MSE wird auch durch Windows Updates angeboten, falls kein Virenscanner am System erkannt wird

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Falls combofix Probleme macht, gib Bescheid!

Golderto

22.10.2012 12:42

Liste der Anhänge anzeigen (Anzahl: 1)

Hey Marius!

Habe alles soweit gemacht, habe aber irgendwie das Gefühl gehabt, dass noch was nicht stimmt, weil ich gesehen habe, dass ca. 60 Windows-Updates da wären, die man machen könnte. jetzt habe ich den Viren-Scanner: MSE installiert, dieser lässt sich nicht updaten, zusätzlich hat er einen neuen(?) Virus gefunden (siehe Anhang)

lg

Psychotic

22.10.2012 12:53

Die Definitionsupdates von MSE kommen über Windows Update - wenn das also nicht funktioniert, ist das klar!

Versuchen wir was anderes...

FSS

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Golderto

22.10.2012 12:56

Code:

Farbar Service Scanner Version: 19-10-2012

Ran by media (administrator) on 22-10-2012 at 13:56:17

Running from "C:\Users\media\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Psychotic

22.10.2012 13:04

Hake zusätzlich Windows Updates an und starte den scanner erneut.

Golderto

22.10.2012 13:05

Code:

Farbar Service Scanner Version: 19-10-2012

Ran by media (administrator) on 22-10-2012 at 14:04:59

Running from "C:\Users\media\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Psychotic

22.10.2012 13:09

Wenn du über Start->Programme->windows Updates gehst und dort nach Windows updates suchen lässt, was passiert dann?

Golderto

22.10.2012 13:51

Liste der Anhänge anzeigen (Anzahl: 1)

.. Anhang...

Soll ich mal probieren, diese zu installieren?

Psychotic

22.10.2012 13:55

Ja, solltest du! :)

Golderto

22.10.2012 14:03

ok ... :lach:

Golderto

22.10.2012 14:08

Liste der Anhänge anzeigen (Anzahl: 2)

Viel hat's leider nicht gebracht... :stirn:

Psychotic

22.10.2012 14:21

Ich bin mal eben im Keller, den großen Hammer holen...

Windows all-in-one repair tool

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.

http://i1224.photobucket.com/albums/...3/Capture3.gif
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

http://i1224.photobucket.com/albums/...y3/Capture.gif
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

http://i1224.photobucket.com/albums/...3/Capture1.gif
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

http://i1238.photobucket.com/albums/...eakingtool.jpg

Golderto

22.10.2012 15:36

sooo... das habe ich nun alles gemacht.. soll ich nun nochmals versuchen Windows Update auszuführen?

lg

Falls ja, es geht immer noch nicht :confused:

Psychotic

23.10.2012 07:37

Zitat:

Klicken Sie auf Start und anschließend auf Ausführen.
Geben Sie %windir%\windowsupdate.log in das Feld Öffnen ein, und klicken Sie danach auf OK.

Quelle: microsoft.com

Poste den Inhalt dieser Datei in code-tags. Wenn das nicht funktioniert, speichere die Datei als Textdatei und hänge sie hier an.

Golderto

23.10.2012 07:53

Ok!

siehe Anhang

lg

Psychotic

23.10.2012 08:00

Ich sags ja ungern, aber versuchs nochmal mit combofix!

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Golderto

23.10.2012 08:27

:balla: ... Combofix geht wieder nicht...

Psychotic

23.10.2012 08:41

siehst du denn, dass dein Rechner arbeitet?

Golderto

23.10.2012 08:42

Ja... beim Rechner leuchtet immer wieder das Licht, das leuchtet, wenn er am arbeiten ist... und Combofix ist ja schon mal gegangen... aber jetzt kommt einfach wieder nur der bluescreen, bei dem es heißt ca. 10 Minuten warten...

Psychotic

23.10.2012 08:44

Dann würde ich einfach mal abwarten!

Golderto

23.10.2012 08:48

Alles klar, mache ich

Psychotic

24.10.2012 09:25

Hat sich was getan?

Alle Zeitangaben in WEZ +1. Es ist jetzt 16:27 Uhr.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19