Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2012, 23:12   #1
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Hallo,
ich hatte bis letzte Woche einen GVU Trojaner. Trotz Infizierung hab ich es geschafft, auf meinem Computer zuzugreifen und konnte mir Antivir, Trojanhunter, Trojanremove und malwarebyte herunterladen. Antivir hat nichts erkennt. Nur mit malwarebyte Anti-Malware konnte ich den Trojaner entfernen. Jetzt läuft aber mein rechner sehr langsam und nach dem Hochfahren erscheint folgende Fehlermeldung:

"Problem beim Starten von c:user/.../AppData/local/Temp/roper0dun.exe"

ich habe hier in einem Thread gesehen, dass jemand die gleiche Fehlermeldung hat und dass er sich OTL runterladen soll und weitere Anweisungen befolgen soll. (http://www.trojaner-board.de/119165-...amfenster.html)
Ich habe mir jetzt mal auch OTL runtergeladen, einen Scan durchgeführt aber nichts weiteres, also die Anweisungen nicht befolgt. Das mit den Kopieren und Einfügen der Skripten war mit zu heikel. Muß ja nicht gleich identisch mit meinem Com sein. Zudem bin ich Computerleihe. Man muß ja nicht alles nachmachen....( zudem steht da auch nicht auf andere Coms anwenden)

Vor zehn Minuten habe ich noch einen zusätzlichen Scan mit Malwarebytes Anti Malware durchgeführt und es erscheint folgende Fehlermeldung:

"[Shell_NotifyIcon] Die Ausführung der gewünschten Aktion ist fehlgeschlagen. Fehlermeldung: 1008"

Kann mir jemand helfen bitte? Bin total verzweifelt. Ich habe das Gefühl, ich schreibe gerade meine Doktorarbeit auf einem Rechner mit tickender Zeitbombe...
Danke im Voraus.
Martin

ich habe jetzt malware geupdatet und das ist meine Logdatei:


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org
 
Datenbank Version: v2012.07.12.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: POLLUX [Administrator]
 
Schutz: Aktiviert
 
12.07.2012 14:43:07
mbam-log-2012-07-12 (18-25-14).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423165
Laufzeit: 3 Stunde(n), 1 Minute(n), 45 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
 
Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 1
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
 
(Ende)
         
was kann ich denn mit OTL machen?

Grüße

Martin

ich habe jetzt auch mal OTL laufen lassen, das kam dabei raus:
Code:
ATTFilter
OTL logfile created on: 13.07.2012 00:39:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 56,54% Memory free
7,73 Gb Paging File | 5,30 Gb Available in Paging File | 68,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 350,69 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive D: | 264,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,74 Gb Total Space | 1,81 Gb Free Space | 48,48% Space Free | Partition Type: FAT32
Drive F: | 15,11 Gb Total Space | 15,10 Gb Free Space | 99,93% Space Free | Partition Type: FAT32
 
Computer Name: POLLUX | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 18:49:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Downloads\OTL(1).exe
PRC - [2012.07.12 00:12:07 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.25 13:23:04 | 001,200,752 | ---- | M] (SPAMfighter) -- C:\Dateien Martin\Programme\Rescue\Spywarefighter\SPYWAREfighter\swproTray.exe
PRC - [2012.06.25 12:44:56 | 000,717,312 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2012.06.25 12:44:56 | 000,237,344 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2012.06.24 19:50:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.19 08:45:55 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.02 14:08:46 | 001,453,704 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2011.11.04 14:29:24 | 001,370,224 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\mshaktuell.exe
PRC - [2011.10.04 19:28:28 | 001,088,280 | ---- | M] (Mischel Internet Security) -- C:\Dateien Martin\Programme\Rescue\trojan hunter\TrojanHunter 5.5\THGuard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.02 18:44:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Dateien Martin\Programme\Spiele\DOD\Steam.exe
PRC - [2011.06.23 08:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.12.02 00:38:38 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.12 00:11:52 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.24 19:50:53 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.19 08:45:52 | 020,313,384 | ---- | M] () -- C:\Dateien Martin\Programme\Spiele\DOD\bin\libcef.dll
MOD - [2012.06.19 08:45:49 | 000,895,312 | ---- | M] () -- C:\Dateien Martin\Programme\Spiele\DOD\bin\chromehtml.dll
MOD - [2012.06.19 08:45:47 | 000,123,192 | ---- | M] () -- C:\Dateien Martin\Programme\Spiele\DOD\bin\avutil-51.dll
MOD - [2012.06.19 08:45:45 | 000,190,776 | ---- | M] () -- C:\Dateien Martin\Programme\Spiele\DOD\bin\avformat-53.dll
MOD - [2012.06.19 08:45:43 | 001,099,576 | ---- | M] () -- C:\Dateien Martin\Programme\Spiele\DOD\bin\avcodec-53.dll
MOD - [2012.06.14 15:28:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 15:27:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 15:52:11 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.12 14:36:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 14:35:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 14:35:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 14:35:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 14:35:49 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 14:35:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.04 14:30:58 | 001,868,912 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wfvie12.dll
MOD - [2011.11.04 14:29:50 | 007,559,792 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wgui12.dll
MOD - [2011.11.04 14:29:24 | 001,370,224 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\mshaktuell.exe
MOD - [2011.11.04 14:29:02 | 004,278,896 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wauff12.dll
MOD - [2011.11.04 14:29:02 | 000,135,792 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\rsodbc47.dll
MOD - [2011.11.04 14:29:00 | 000,028,672 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\rsdcom47.dll
MOD - [2011.11.04 14:26:38 | 002,943,600 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wcore12.dll
MOD - [2011.11.04 14:26:36 | 001,607,792 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wreli12.dll
MOD - [2011.11.04 14:26:30 | 001,537,136 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\wsteu12.dll
MOD - [2011.11.04 14:26:30 | 000,318,064 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\rsguiwinapi47.dll
MOD - [2011.11.04 14:26:28 | 000,261,232 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\rscorewinapi47.dll
MOD - [2011.11.04 13:47:20 | 000,865,280 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtcluceners47.dll
MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\phononrs47.dll
MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtwebkitrs47.dll
MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qttestrs47.dll
MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtscriptrs47.dll
MOD - [2011.11.04 13:47:12 | 000,704,000 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtsqlrs47.dll
MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtsvgrs47.dll
MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtguirs47.dll
MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qt3supportrs47.dll
MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtnetworkrs47.dll
MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtxmlrs47.dll
MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Dateien Martin\Programme\WISO Steuer-Programm\qtcorers47.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.02 00:38:38 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.05.25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.05.25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010.08.25 16:41:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.12 00:12:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.25 12:44:56 | 000,717,312 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2012.06.25 12:44:56 | 000,237,344 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2012.06.24 19:50:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 08:45:55 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.23 08:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.12.02 00:50:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.25 12:44:58 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.06.23 07:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 18:50:48 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.25 16:05:44 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6F003FA3-D17C-4B6E-8EFF-4AB0976D2B43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=160a72b4-0005-11e1-b7bb-1c7508420b12&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=160a72b4-0005-11e1-b7bb-1c7508420b12&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Dateien Martin\Programme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.29 17:21:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.07 10:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:50:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 09:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Neu\Programme\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Neu\Programme\firefox\plugins [2012.04.19 09:07:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:50:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 09:07:45 | 000,000,000 | ---D | M]
 
[2011.10.05 10:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.07.03 17:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\ly0uzfem.default\extensions
[2012.07.03 17:58:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\ly0uzfem.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\searchplugins\startsear.xml
[2011.10.05 10:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.24 19:50:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.24 19:50:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 19:50:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 19:50:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 19:50:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 19:50:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 19:50:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Neu\Programme\firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Neu\Programme\firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Neu\Programme\firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Dateien Martin\Programme\itunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: vshare plugin = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\
CHR - Extension: Skype Click to Call = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
 
O1 HOSTS File: ([2012.06.05 11:56:59 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120707102946.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120707102946.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Dateien Martin\Programme\Rescue\Spywarefighter\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKLM..\Run: [THGuard] C:\Dateien Martin\Programme\Rescue\trojan hunter\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TrojanScanner] C:\Dateien Martin\Programme\Rescue\Trojan Remover\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Steam] C:\Dateien Martin\Programme\Spiele\DOD\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.99.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D97FE7-7680-4268-AEB4-1EC4487D4302}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FFB3970-FC67-4254-914E-A2A475FBBFFE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.12 19:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.07.12 13:01:03 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.07.12 13:01:02 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.07.12 13:00:54 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.12 13:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.12 12:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.07.11 23:10:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.07.11 23:10:39 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.07.11 22:34:35 | 000,000,000 | ---D | C] -- C:\01225ed99555a2d60925
[2012.07.11 22:31:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 22:31:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 22:31:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 22:31:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 22:31:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 22:31:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 22:31:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 22:31:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 22:31:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 22:31:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 22:31:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 22:31:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 22:31:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 22:28:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 22:28:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 22:28:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 22:27:55 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 22:27:26 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 12:27:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\ElevatedDiagnostics
[2012.07.08 11:28:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2012.07.08 11:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.08 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.08 11:25:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.06 09:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012.07.06 09:58:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Fighters
[2012.07.06 09:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.07.06 09:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2012.07.06 09:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2012.07.06 09:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.07.06 09:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012.07.06 08:58:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Simply Super Software
[2012.07.06 08:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.06 08:58:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Simply Super Software
[2012.07.06 08:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.05 11:58:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrojanHunter
[2012.07.05 11:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.05 10:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.07.05 10:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2012.07.05 10:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2012.07.04 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\knorpelgrafiken
[2012.07.04 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Corel
[2012.07.04 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
[2012.07.04 10:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012.07.04 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Mein Steuer-Sparbuch Heute
[2012.07.03 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Buhl
[2012.07.03 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2012.07.03 20:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012.07.03 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2012.07.03 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.03 17:59:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.03 17:59:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.03 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\OpenCandy
[2012.07.03 17:58:21 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.03 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.07.01 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.26 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Macromedia
[2012.06.26 22:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.26 22:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.06.26 22:08:39 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.26 22:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.21 10:44:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 10:44:48 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 10:44:48 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 10:44:28 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 10:44:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 10:44:28 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 10:44:15 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 10:44:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.14 14:57:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 14:57:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 14:57:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 14:57:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 14:57:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 14:57:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 14:57:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 14:57:07 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 14:57:06 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.13 00:44:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.13 00:33:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.13 00:32:49 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Martin-Notification.job
[2012.07.13 00:32:48 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3649484421-4039234630-1323491903-1000UA.job
[2012.07.13 00:32:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 00:32:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 19:14:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 19:14:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 19:11:32 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012.07.12 19:06:46 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Martin-Startup.job
[2012.07.12 19:04:17 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 18:27:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3649484421-4039234630-1323491903-1000Core.job
[2012.07.12 17:38:25 | 000,002,408 | ---- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2012.07.12 13:00:43 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.12 13:00:43 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.12 12:18:51 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 11:55:11 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2012.07.12 09:39:11 | 000,320,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 00:12:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 00:12:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.11 22:25:45 | 000,000,355 | ---- | M] () -- C:\Users\Martin\Desktop\Computer - Verknüpfung.lnk
[2012.07.08 11:31:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.06 09:58:55 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.07.06 08:58:31 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.05 10:30:11 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.05 10:13:09 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.07.05 10:13:09 | 000,001,148 | ---- | M] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk
[2012.07.05 10:10:25 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 10:10:25 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 10:10:25 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 10:10:25 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 10:10:25 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 00:27:50 | 000,001,893 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 21:00:34 | 000,000,080 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.03 21:00:13 | 000,001,949 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.07.03 21:00:13 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012.07.03 17:58:23 | 000,001,555 | ---- | M] () -- C:\Users\Martin\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 18:38:25 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.07.01 18:38:25 | 000,002,098 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.25 12:44:58 | 000,013,720 | ---- | M] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2012.06.23 00:22:20 | 000,001,979 | ---- | M] () -- C:\Users\Martin\Desktop\PASW Statistics 18.lnk
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.12 13:00:43 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.12 13:00:43 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.12 13:00:41 | 000,002,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.12 11:58:15 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Martin-Startup.job
[2012.07.12 11:55:36 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Martin-Notification.job
[2012.07.12 11:55:11 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2012.07.11 22:25:45 | 000,000,355 | ---- | C] () -- C:\Users\Martin\Desktop\Computer - Verknüpfung.lnk
[2012.07.08 11:25:45 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 09:58:55 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.07.06 08:58:31 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.06 08:58:29 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.07.06 08:58:29 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.07.05 10:13:09 | 000,001,148 | ---- | C] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk
[2012.07.05 10:12:58 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.07.05 00:27:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.05 00:27:50 | 000,001,893 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 21:00:33 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2012.07.03 21:00:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.07.03 21:00:13 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012.06.26 22:08:43 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.26 22:08:43 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.26 22:08:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.25 12:44:58 | 000,013,720 | ---- | C] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2012.06.23 00:22:20 | 000,001,979 | ---- | C] () -- C:\Users\Martin\Desktop\PASW Statistics 18.lnk
[2012.05.14 14:53:38 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.05.14 14:53:38 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.05.14 00:01:54 | 000,001,070 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.25 18:55:32 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.05.25 18:42:52 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.25 18:42:52 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2011.05.15 13:46:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.05.14 20:54:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.14 20:49:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.14 19:46:28 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.02 00:53:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.02 00:41:52 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.02 00:38:44 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.12.02 00:38:44 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.12.02 00:38:44 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.09.08 10:03:09 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
 
========== LOP Check ==========
 
[2012.07.03 17:58:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2011.07.02 11:03:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.06 09:59:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fighters
[2012.06.05 11:03:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juniper Networks
[2012.07.03 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy
[2012.07.06 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Simply Super Software
[2012.05.09 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client
[2011.05.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TP
[2012.07.05 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrojanHunter
[2012.07.03 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2012.05.27 18:33:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.13 00:32:49 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-Martin-Notification.job
[2012.07.12 19:06:46 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-Martin-Startup.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C64BF02A
 
< End of report >
         
könnt ihr damit was anfangen? Bitte helft mir.
Grüße

Alt 15.07.2012, 17:26   #2
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{6F003FA3-D17C-4B6E-8EFF-4AB0976D2B43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=160a72b4-0005-11e1-b7bb-1c7508420b12&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Web Search" 
FF - prefs.js..browser.search.defaultenginename: "Web Search" 
FF - prefs.js..browser.search.order.1: "Web Search" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de/" 
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=160a72b4-0005-11e1-b7bb-1c7508420b12&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll File not found 
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe /auto 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C64BF02A 
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\searchplugins\startsear.xml 
[2012.07.08 11:31:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad 
[2012.07.05 10:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter 
[2012.07.05 10:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 
[2012.07.05 10:13:09 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll 
[2012.07.05 10:13:09 | 000,001,148 | ---- | M] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk 
[2012.07.05 10:13:09 | 000,001,148 | ---- | C] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk 
[2012.07.05 00:27:50 | 000,001,893 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.05 00:27:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad 
[2012.07.05 00:27:50 | 000,001,893 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 15.07.2012, 23:12   #3
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Hallo t´John,

danke erstmal für deine Antwort und zweitens Danke: das Fenster mit der Fehlermeldung ist verschwunden....unglaublich!
Hier wie du gesagt hast die OTL file, nach dem Neustart:
soll ich nochwas machen?
Grüße
Martin



Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F003FA3-D17C-4B6E-8EFF-4AB0976D2B43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F003FA3-D17C-4B6E-8EFF-4AB0976D2B43}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.spiegel.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://startsear.ch/?aff=1&src=sp&cf=160a72b4-0005-11e1-b7bb-1c7508420b12&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Martin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetI deleted successfully.
C:\Windows\PLFSetI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c47a7451-fd98-11df-acff-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c47a7451-fd98-11df-acff-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c47a7451-fd98-11df-acff-806e6f6e6963}\ not found.
File D:\start.exe /auto not found.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:C64BF02A deleted successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\searchplugins\startsear.xml moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
Folder C:\ProgramData\TrojanHunter\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter\ not found.
C:\Windows\SysWOW64\streamhlp.dll moved successfully.
File C:\Users\Martin\Desktop\TrojanHunter.lnk not found.
File C:\Users\Martin\Desktop\TrojanHunter.lnk not found.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
File C:\ProgramData\nud0repor.pad not found.
File C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File  not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Martin\Downloads\cmd.bat deleted successfully.
C:\Users\Martin\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Martin
->Temp folder emptied: 1187963156 bytes
->Temporary Internet Files folder emptied: 90948908 bytes
->Java cache emptied: 293999 bytes
->FireFox cache emptied: 280405976 bytes
->Google Chrome cache emptied: 6837292 bytes
->Flash cache emptied: 1732 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 18567 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 470387399 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71002 bytes
RecycleBin emptied: 7027229798 bytes
 
Total Files Cleaned = 8.644,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Martin
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07152012_235341

Files\Folders moved on Reboot...
File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot.
File\Folder C:\Users\Martin\AppData\Local\Temp\2011-10-11-1191550489_04-RG.PDF  not found!
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.02.17 11:20:28 | 000,281,600 | ---- | M] (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll : MD5=7B17107D054A88C6D1ECC285B502D2D9
File C:\Users\Martin\AppData\Local\Temp\2011-10-11-1191550489_04-RG.PDF  not found!
File C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.15 23:57:16 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...
         
hallo liebes trojan board team und vor allem t´john.
Mein Computer läuft wieder einwandfrei! Ich kann wieder sorglos arbeiten. das war super von dir! Ich Danke euch nochmals und werde euch weiterempfehlen!!!!!
Kann ich irgendwo was spenden?

Grüße

Martin
__________________

Alt 16.07.2012, 15:49   #4
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Sehr gut!

Wir sind noch nicht fertig

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 20:21   #5
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Achso,....
ok, einmal die logdatei antimalware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: POLLUX [Administrator]

Schutz: Aktiviert

16.07.2012 19:01:17
mbam-log-2012-07-16 (19-01-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415209
Laufzeit: 1 Stunde(n), 57 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
danach habe ich alles (infizierte registrierungsschlüssel) gelöscht.
so und hier noch adwcleaner logdatei:
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 21:17:25
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martin - POLLUX
# Running from : C:\Users\Martin\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Martin\AppData\Roaming\Babylon
Folder Found : C:\Users\Martin\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\BabylonToolbar
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
[x64] Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
[x64] Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=b2461b2900000000000000ffb00b9207

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\prefs.js

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "b2461b2900000000000000ffb00b9207");
Found : user_pref("extensions.BabylonToolbar_i.id", "b2461b2900000000000000ffb00b9207");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15536");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:35:02");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                "description": "vshare.tv plugin",
Found :                "name": "vshare plugin",
Found :                   "path": "chvsharetvplg.dll",
Found :    "homepage": "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=b2461b2900000000000000ff[...]
Found :          "name": "vShare.tv plug-in",
Found :          "path": "C:\\Users\\Martin\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\[...]
Found :          "name": "vShare.tv plug-in",
Found :          "path": "C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npvsharetvplg.dll",
Found :          "name": "vShare.tv plug-in"
Found :       "urls_to_restore_on_startup": ["hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=b2[...]

*************************

AdwCleaner[R1].txt - [12755 octets] - [16/07/2012 21:17:25]

########## EOF - C:\AdwCleaner[R1].txt - [12884 octets] ##########
         


Alt 16.07.2012, 20:43   #6
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach zur Kontrolle:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe

Alt 17.07.2012, 09:28   #7
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



hallo t´john,

also,...einmal adwcleaner:
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 01:29:47
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martin - POLLUX
# Running from : C:\Users\Martin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12782 octets] - [16/07/2012 21:17:25]
AdwCleaner[R2].txt - [12843 octets] - [16/07/2012 21:22:11]
AdwCleaner[R3].txt - [12904 octets] - [16/07/2012 21:26:17]
AdwCleaner[S1].txt - [10510 octets] - [16/07/2012 21:26:32]
AdwCleaner[S2].txt - [1093 octets] - [17/07/2012 01:29:47]

########## EOF - C:\AdwCleaner[S2].txt - [1221 octets] ##########
         
...und einmal emisoft:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 17.07.2012 01:43:05

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	17.07.2012 01:43:53

Key: hkey_current_user\software\microsoft\wab 	gefunden: Trace.Registry.win32.zbot!E1

Gescannt	647223
Gefunden	1

Scan Ende:	17.07.2012 03:07:07
Scan Zeit:	1:23:14
         
ich habe noch nichts gelöscht,....
Grüße
Martin

Alt 17.07.2012, 15:51   #8
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Sehr gut!

Lasse den Fund loeschen!


Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.07.2012, 09:58   #9
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



hallo t´john.
ich möchte gerne sicher sein, dass all meine programme geschlossen sind. leider funktioniert die seite nicht, wie man alles schließt. kannst du mir da kurz helfen, ? danke
martin

Alt 18.07.2012, 10:00   #10
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Schliesse alle laufenden Programme wie Browser und Virenscanner. Das reicht.
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.07.2012, 13:54   #11
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Kleines Problem,... ich kann alles ausschalten, außer McAfee. Nirgendswo kann ich dieses ding deaktivieren. Selbst nachdem ich mit dem Taskmanager alles geschlossen habe, fährt sich McAfee selbst wieder hoch.
Kannst du mir helfen?
Grüße Martin

OK ich hab Mcafee deaktivieren können. Paßt.
Ich habe jetzt mal combofix laufen lassen hier die logfiles, die ich posten sollte:
Code:
ATTFilter
ComboFix 12-07-18.01 - Martin 18.07.2012  15:52:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2625 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe
c:\windows\SysWow64\lsprst7.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-18 bis 2012-07-18  ))))))))))))))))))))))))))))))
.
.
2012-07-18 14:12 . 2012-07-18 14:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-16 23:37 . 2012-07-18 14:15	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-07-15 21:53 . 2012-07-15 21:53	--------	d-----w-	C:\_OTL
2012-07-15 19:36 . 2012-07-15 19:37	237	----a-w-	C:\user.js
2012-07-11 22:30 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 21:10 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-07-11 21:10 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-07-11 20:34 . 2012-07-11 20:46	--------	d-----w-	C:\01225ed99555a2d60925
2012-07-11 20:28 . 2012-06-02 05:50	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-11 20:27 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 20:27 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 20:27 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 20:27 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-11 20:27 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 20:27 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 20:27 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 20:27 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 20:27 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 20:27 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 20:27 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 20:27 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-08 10:27 . 2012-07-15 22:14	--------	d-----w-	c:\users\Martin\AppData\Local\ElevatedDiagnostics
2012-07-08 09:28 . 2012-07-08 09:28	--------	d-----w-	c:\users\Martin\AppData\Roaming\Malwarebytes
2012-07-08 09:25 . 2012-07-08 09:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-08 09:25 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-07 08:29 . 2012-05-25 15:09	29312	----a-w-	c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-07-06 07:59 . 2012-07-11 20:12	--------	d-----w-	c:\programdata\clp
2012-07-06 07:58 . 2012-07-15 20:51	--------	d-----w-	c:\users\Martin\AppData\Roaming\Fighters
2012-07-06 07:58 . 2012-07-06 07:58	--------	d-----w-	c:\programdata\Common Toolkit Suite
2012-07-06 07:57 . 2012-07-15 20:51	--------	d-----w-	c:\programdata\Fighters
2012-07-05 09:58 . 2012-07-05 09:58	--------	d-----w-	c:\users\Martin\AppData\Roaming\TrojanHunter
2012-07-05 09:56 . 2012-07-05 09:56	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-07-04 09:20 . 2012-07-04 09:20	--------	d-----w-	c:\users\Martin\AppData\Roaming\Corel
2012-07-04 08:52 . 2012-07-04 08:52	--------	d-----w-	c:\program files (x86)\Common Files\Corel
2012-07-03 19:00 . 2012-07-03 19:00	--------	d-----w-	c:\users\Martin\AppData\Local\Buhl
2012-07-03 18:54 . 2012-07-03 19:00	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2012-07-03 15:59 . 2012-07-03 15:59	--------	d-----w-	c:\users\Martin\AppData\Roaming\TuneUp Software
2012-07-03 15:59 . 2012-07-03 16:00	--------	d-----w-	c:\programdata\TuneUp Software
2012-07-03 15:59 . 2012-07-12 10:43	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-03 15:59 . 2012-07-03 15:59	--------	d--h--w-	c:\programdata\Common Files
2012-07-03 15:58 . 2012-06-22 14:32	405144	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-03 15:56 . 2012-07-03 15:58	--------	d-----w-	c:\users\Martin\AppData\Roaming\DVDVideoSoft
2012-06-26 20:09 . 2012-06-26 20:09	--------	d-----w-	c:\users\Martin\AppData\Local\Macromedia
2012-06-26 20:08 . 2012-07-11 20:12	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-06-26 20:08 . 2012-07-01 16:38	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-06-26 20:08 . 2012-07-11 22:12	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 20:08 . 2012-06-26 20:08	--------	d-----w-	c:\windows\system32\Macromed
2012-06-24 17:50 . 2012-06-24 17:50	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 17:50 . 2012-06-24 17:50	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 08:44 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 08:44 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 08:44 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 08:44 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 08:44 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 08:44 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 08:44 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 08:44 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 08:44 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:12 . 2011-05-15 12:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 11:06 . 2012-06-14 12:57	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 12:57	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 12:57	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 12:57	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 12:57	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 12:57	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 12:57	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 12:57	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 12:57	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 12:57	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 12:57	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 12:57	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 12:57	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 12:57	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59F7FE53-2860-44B1-968A-E54E3E949A07}]
2012-06-18 15:27	269824	----a-w-	c:\users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\dateien martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-06-17 3367328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 ColorZillaStatsUpdater;ColorZillaStats Updater;c:\users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [2012-06-18 18432]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\dateien martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-05-25 162224]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6856192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 22:12]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 20:46]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 20:46]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3649484421-4039234630-1323491903-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 15:53]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3649484421-4039234630-1323491903-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 15:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ly0uzfem.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mozilla Firefox 4.0.1 (x86 de) - c:\neu\Programme\firefox\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-18  16:32:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-18 14:31
.
Vor Suchlauf: 12 Verzeichnis(se), 393.471.438.848 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 393.338.904.576 Bytes frei
.
- - End Of File - - 3D434ACC2A226FABAE36D8CDDCB1D9C0
         

und

Code:
ATTFilter
 Update for Microsoft Office 2007 (KB2508958)
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.194.1021
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Airport Mania First Flight
Amazonia
Apple Application Support
Apple Software Update
Backup Manager Basic
Brother MFL-Pro Suite DCP-7030
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CorelDRAW Graphics Suite 12
CyberLink PowerDVD 9
Day of Defeat: Source
Dream Day First Home
eBay Worldwide
Emsisoft Anti-Malware
eSobi v2
Farm Frenzy 2
Free YouTube to MP3 Converter version 3.11.25.627
Galapago
Google Chrome
Google Earth Plug-in
Google Update Helper
Heroes of Hellas
IBM SPSS Statistics 19
Identity Card
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware Version 1.62.0.1300
McAfee Internet Security Suite
McAfee Security Scan Plus
Merriam Websters Spell Jam
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Klick-und-Los 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Starter 2010 - Deutsch
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Firefox 4.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
PASW Statistics 18
Poker Pop
PX Profile Update
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Shredder
Skype Click to Call
Skype™ 5.8
Spin & Win
Steam
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
WinZip 15.0
WISO Steuer-Sparbuch 2012
         
ich habe noch ein in Qoobox eine "Combofix-quarantined-file" gefunden. Vielleicht interessiert dich das....:
Code:
ATTFilter
2012-07-18 14:31:03 . 2012-07-18 14:31:03            1,312 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Mozilla Firefox 4.0.1 (x86 de).reg.dat
2012-07-18 14:30:48 . 2012-07-18 14:30:48               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2012-07-18 13:56:42 . 2012-07-18 13:56:42           18,255 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-07-18 09:18:24 . 2012-07-18 13:51:07              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-07-15 19:30:59 . 2012-07-15 19:31:00        1,619,910 ----a-w-  C:\Qoobox\Quarantine\C\Users\Martin\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe.vir
2012-05-14 12:53:38 . 2012-06-05 09:43:35              205 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\lsprst7.dll.vir
2010-08-30 09:12:22 . 2010-03-02 22:59:32          131,984 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\FullRemove.exe.vir
         
Soooo,....was ich noch sagen wollte:
nachdem Combofix fertig war, also nach Neustart, logfileerstellung, usw. konnte ich keine Icons mehr anklicken. Eine Fehlermeldung sagte bei jedem Iconklicken:
"Es wurde versucht, einem Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Erst nach einem zweiten neustart, klappt wieder alles.
mfg
martin

Alt 18.07.2012, 15:56   #12
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Sehr gut!

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.


danach:


Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 21:38   #13
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



hallo t´john,
danke für deine geduld. ich hatte momentan viel zu tun. aber hier die log datei von eset, irgandwas hatte er schon wieder gefunden......:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09b274127b90a44aa3981cc3be37ee72
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 12:59:04
# local_time=2012-07-20 02:59:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1135044 8011062 0 0
# compatibility_mode=5893 16776574 66 85 22257221 94415416 0 0
# compatibility_mode=8192 67108863 100 0 8913 8913 0 0
# scanned=66257
# found=0
# cleaned=0
# scan_time=3577
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09b274127b90a44aa3981cc3be37ee72
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 01:03:14
# local_time=2012-07-20 03:03:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1138681 8014699 0 0
# compatibility_mode=5893 16776574 66 85 22260858 94419053 0 0
# compatibility_mode=8192 67108863 100 0 12550 12550 0 0
# scanned=9362
# found=0
# cleaned=0
# scan_time=191
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09b274127b90a44aa3981cc3be37ee72
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 02:22:30
# local_time=2012-07-20 04:22:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 16777213 100 75 1138902 8014920 0 0
# compatibility_mode=5893 16776574 66 85 22261079 94419274 0 0
# compatibility_mode=8192 67108863 100 0 12771 12771 0 0
# scanned=66308
# found=0
# cleaned=0
# scan_time=4724
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09b274127b90a44aa3981cc3be37ee72
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 07:32:48
# local_time=2012-07-20 09:32:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 16777213 100 75 1155227 8031245 0 0
# compatibility_mode=5893 16776574 66 85 22277404 94435599 0 0
# compatibility_mode=8192 67108863 100 0 29096 29096 0 0
# scanned=212588
# found=1
# cleaned=0
# scan_time=7039
C:\Users\Martin\Downloads\slow-pcfighter_Web.exe	a variant of Win32/SlowPCfighter application (unable to clean)	00000000000000000000000000000000	I
         
Grüße und schönes WE

Martin

Alt 20.07.2012, 21:43   #14
t'john
/// Helfer-Team
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



Der Fund ist harmlos. Musst du mal runtergeladen haben

Deinstalliere:
Emsisoft Anti-Malware


TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 09:31   #15
Mistermartin
 
nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Standard

nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe



kurzer zwischen-report vor neustart. von tdsskiller:

Code:
ATTFilter
10:25:47.0277 4480	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:25:49.0277 4480	============================================================
10:25:49.0277 4480	Current date / time: 2012/07/21 10:25:49.0277
10:25:49.0277 4480	SystemInfo:
10:25:49.0277 4480	
10:25:49.0277 4480	OS Version: 6.1.7601 ServicePack: 1.0
10:25:49.0277 4480	Product type: Workstation
10:25:49.0277 4480	ComputerName: POLLUX
10:25:49.0277 4480	UserName: Martin
10:25:49.0277 4480	Windows directory: C:\Windows
10:25:49.0277 4480	System windows directory: C:\Windows
10:25:49.0277 4480	Running under WOW64
10:25:49.0277 4480	Processor architecture: Intel x64
10:25:49.0277 4480	Number of processors: 4
10:25:49.0277 4480	Page size: 0x1000
10:25:49.0277 4480	Boot type: Normal boot
10:25:49.0277 4480	============================================================
10:25:51.0027 4480	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:25:51.0027 4480	Drive \Device\Harddisk1\DR1 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:25:51.0027 4480	============================================================
10:25:51.0027 4480	\Device\Harddisk0\DR0:
10:25:51.0027 4480	MBR partitions:
10:25:51.0027 4480	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
10:25:51.0027 4480	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
10:25:51.0027 4480	\Device\Harddisk1\DR1:
10:25:51.0027 4480	MBR partitions:
10:25:51.0027 4480	============================================================
10:25:51.0067 4480	C: <-> \Device\Harddisk0\DR0\Partition1
10:25:51.0067 4480	============================================================
10:25:51.0067 4480	Initialize success
10:25:51.0067 4480	============================================================
10:25:56.0578 8068	============================================================
10:25:56.0578 8068	Scan started
10:25:56.0578 8068	Mode: Manual; 
10:25:56.0578 8068	============================================================
10:25:57.0148 8068	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:25:57.0198 8068	1394ohci - ok
10:25:57.0298 8068	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:25:57.0368 8068	ACPI - ok
10:25:57.0418 8068	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:25:57.0478 8068	AcpiPmi - ok
10:25:57.0628 8068	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:25:57.0688 8068	AdobeARMservice - ok
10:25:57.0818 8068	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:25:57.0828 8068	AdobeFlashPlayerUpdateSvc - ok
10:25:57.0918 8068	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:25:57.0928 8068	adp94xx - ok
10:25:57.0978 8068	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:25:57.0998 8068	adpahci - ok
10:25:58.0018 8068	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:25:58.0028 8068	adpu320 - ok
10:25:58.0058 8068	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:25:58.0068 8068	AeLookupSvc - ok
10:25:58.0148 8068	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:25:58.0158 8068	AFD - ok
10:25:58.0208 8068	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:25:58.0218 8068	agp440 - ok
10:25:58.0238 8068	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:25:58.0238 8068	ALG - ok
10:25:58.0288 8068	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:25:58.0298 8068	aliide - ok
10:25:58.0348 8068	AMD External Events Utility (ff779f9de1cdf477033858b7681ceda8) C:\Windows\system32\atiesrxx.exe
10:25:58.0348 8068	AMD External Events Utility - ok
10:25:58.0368 8068	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:25:58.0368 8068	amdide - ok
10:25:58.0418 8068	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:25:58.0418 8068	AmdK8 - ok
10:25:58.0828 8068	amdkmdag        (ef2b99dcee397b45f50594696d7b5339) C:\Windows\system32\DRIVERS\atikmdag.sys
10:25:58.0918 8068	amdkmdag - ok
10:25:59.0028 8068	amdkmdap        (239dce60bee6e1576c803948ab4d54c5) C:\Windows\system32\DRIVERS\atikmpag.sys
10:25:59.0078 8068	amdkmdap - ok
10:25:59.0108 8068	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:25:59.0118 8068	AmdPPM - ok
10:25:59.0168 8068	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:25:59.0228 8068	amdsata - ok
10:25:59.0258 8068	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:25:59.0258 8068	amdsbs - ok
10:25:59.0278 8068	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:25:59.0318 8068	amdxata - ok
10:25:59.0358 8068	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:25:59.0398 8068	AppID - ok
10:25:59.0428 8068	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:25:59.0438 8068	AppIDSvc - ok
10:25:59.0498 8068	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:25:59.0498 8068	Appinfo - ok
10:25:59.0658 8068	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:25:59.0728 8068	Apple Mobile Device - ok
10:25:59.0798 8068	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:25:59.0798 8068	arc - ok
10:25:59.0808 8068	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:25:59.0818 8068	arcsas - ok
10:25:59.0838 8068	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:25:59.0848 8068	AsyncMac - ok
10:25:59.0908 8068	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:25:59.0918 8068	atapi - ok
10:26:00.0028 8068	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:26:00.0079 8068	AudioEndpointBuilder - ok
10:26:00.0079 8068	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:26:00.0119 8068	AudioSrv - ok
10:26:00.0139 8068	AVFSFilter - ok
10:26:00.0209 8068	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:26:00.0269 8068	AxInstSV - ok
10:26:00.0329 8068	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:26:00.0349 8068	b06bdrv - ok
10:26:00.0379 8068	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:26:00.0389 8068	b57nd60a - ok
10:26:00.0669 8068	BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:26:00.0759 8068	BCM43XX - ok
10:26:00.0859 8068	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:26:00.0859 8068	BDESVC - ok
10:26:00.0899 8068	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:26:00.0899 8068	Beep - ok
10:26:01.0029 8068	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:26:01.0090 8068	BFE - ok
10:26:01.0160 8068	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:26:01.0240 8068	BITS - ok
10:26:01.0290 8068	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:26:01.0300 8068	blbdrive - ok
10:26:01.0320 8068	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:26:01.0380 8068	bowser - ok
10:26:01.0400 8068	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:26:01.0400 8068	BrFiltLo - ok
10:26:01.0410 8068	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:26:01.0420 8068	BrFiltUp - ok
10:26:01.0460 8068	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:26:01.0460 8068	BridgeMP - ok
10:26:01.0530 8068	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:26:01.0570 8068	Browser - ok
10:26:01.0610 8068	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:26:01.0620 8068	Brserid - ok
10:26:01.0630 8068	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:26:01.0630 8068	BrSerWdm - ok
10:26:01.0660 8068	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:26:01.0660 8068	BrUsbMdm - ok
10:26:01.0670 8068	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:26:01.0670 8068	BrUsbSer - ok
10:26:01.0680 8068	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:26:01.0690 8068	BTHMODEM - ok
10:26:01.0730 8068	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:26:01.0730 8068	bthserv - ok
10:26:01.0740 8068	catchme - ok
10:26:01.0790 8068	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:26:01.0800 8068	cdfs - ok
10:26:01.0870 8068	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:26:01.0937 8068	cdrom - ok
10:26:01.0999 8068	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:26:02.0046 8068	CertPropSvc - ok
10:26:02.0093 8068	cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
10:26:02.0140 8068	cfwids - ok
10:26:02.0170 8068	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:26:02.0180 8068	circlass - ok
10:26:02.0220 8068	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:26:02.0230 8068	CLFS - ok
10:26:02.0320 8068	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:26:02.0330 8068	clr_optimization_v2.0.50727_32 - ok
10:26:02.0360 8068	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:26:02.0370 8068	clr_optimization_v2.0.50727_64 - ok
10:26:02.0440 8068	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:26:02.0440 8068	clr_optimization_v4.0.30319_32 - ok
10:26:02.0460 8068	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:26:02.0520 8068	clr_optimization_v4.0.30319_64 - ok
10:26:02.0540 8068	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:26:02.0550 8068	CmBatt - ok
10:26:02.0590 8068	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:26:02.0590 8068	cmdide - ok
10:26:02.0660 8068	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:26:02.0710 8068	CNG - ok
10:26:02.0840 8068	ColorZillaStatsUpdater (091a2d76a1fffa523cd453cbabc4078d) C:\Users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
10:26:02.0910 8068	ColorZillaStatsUpdater - ok
10:26:02.0930 8068	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:26:02.0940 8068	Compbatt - ok
10:26:03.0000 8068	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:26:03.0040 8068	CompositeBus - ok
10:26:03.0050 8068	COMSysApp - ok
10:26:03.0070 8068	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:26:03.0070 8068	crcdisk - ok
10:26:03.0130 8068	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:26:03.0140 8068	CryptSvc - ok
10:26:03.0260 8068	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:26:03.0330 8068	cvhsvc - ok
10:26:03.0410 8068	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
10:26:03.0410 8068	dc3d - ok
10:26:03.0500 8068	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:26:03.0510 8068	DcomLaunch - ok
10:26:03.0550 8068	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:26:03.0560 8068	defragsvc - ok
10:26:03.0620 8068	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:26:03.0670 8068	DfsC - ok
10:26:03.0710 8068	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:26:03.0710 8068	Dhcp - ok
10:26:03.0740 8068	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:26:03.0740 8068	discache - ok
10:26:03.0770 8068	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:26:03.0770 8068	Disk - ok
10:26:03.0810 8068	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:26:03.0810 8068	Dnscache - ok
10:26:03.0870 8068	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:26:03.0920 8068	dot3svc - ok
10:26:03.0940 8068	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:26:03.0940 8068	DPS - ok
10:26:03.0970 8068	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:26:03.0980 8068	drmkaud - ok
10:26:04.0080 8068	DsiWMIService   (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:26:04.0140 8068	DsiWMIService - ok
10:26:04.0201 8068	dsNcAdpt        (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:26:04.0263 8068	dsNcAdpt - ok
10:26:04.0326 8068	dsNcService     (bc4851b8cd478b93fcaedb95052a824d) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:26:04.0408 8068	dsNcService - ok
10:26:04.0508 8068	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:26:04.0578 8068	DXGKrnl - ok
10:26:04.0608 8068	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:26:04.0608 8068	EapHost - ok
10:26:04.0828 8068	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:26:04.0888 8068	ebdrv - ok
10:26:05.0038 8068	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:26:05.0038 8068	EFS - ok
10:26:05.0168 8068	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:26:05.0178 8068	ehRecvr - ok
10:26:05.0208 8068	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:26:05.0208 8068	ehSched - ok
10:26:05.0288 8068	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:26:05.0298 8068	elxstor - ok
10:26:05.0438 8068	ePowerSvc       (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:26:05.0498 8068	ePowerSvc - ok
10:26:05.0628 8068	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:26:05.0628 8068	ErrDev - ok
10:26:05.0698 8068	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:26:05.0708 8068	EventSystem - ok
10:26:05.0748 8068	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:26:05.0758 8068	exfat - ok
10:26:05.0778 8068	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:26:05.0788 8068	fastfat - ok
10:26:05.0888 8068	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:26:05.0958 8068	Fax - ok
10:26:05.0998 8068	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:26:06.0008 8068	fdc - ok
10:26:06.0048 8068	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:26:06.0058 8068	fdPHost - ok
10:26:06.0098 8068	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:26:06.0098 8068	FDResPub - ok
10:26:06.0118 8068	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:26:06.0118 8068	FileInfo - ok
10:26:06.0148 8068	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:26:06.0148 8068	Filetrace - ok
10:26:06.0258 8068	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:26:06.0338 8068	FLEXnet Licensing Service - ok
10:26:06.0368 8068	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:26:06.0368 8068	flpydisk - ok
10:26:06.0448 8068	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:26:06.0448 8068	FltMgr - ok
10:26:06.0538 8068	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:26:06.0558 8068	FontCache - ok
10:26:06.0638 8068	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:26:06.0708 8068	FontCache3.0.0.0 - ok
10:26:06.0758 8068	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:26:06.0768 8068	FsDepends - ok
10:26:06.0818 8068	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:26:06.0878 8068	Fs_Rec - ok
10:26:06.0948 8068	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:26:07.0008 8068	fvevol - ok
10:26:07.0018 8068	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:26:07.0028 8068	gagp30kx - ok
10:26:07.0098 8068	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:26:07.0148 8068	GEARAspiWDM - ok
10:26:07.0258 8068	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:26:07.0298 8068	gpsvc - ok
10:26:07.0368 8068	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
10:26:07.0438 8068	GREGService - ok
10:26:07.0538 8068	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:26:07.0538 8068	gupdate - ok
10:26:07.0568 8068	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:26:07.0568 8068	gupdatem - ok
10:26:07.0608 8068	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:26:07.0608 8068	hcw85cir - ok
10:26:07.0688 8068	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:26:07.0748 8068	HdAudAddService - ok
10:26:07.0778 8068	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:26:07.0818 8068	HDAudBus - ok
10:26:07.0858 8068	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:26:07.0918 8068	HECIx64 - ok
10:26:07.0938 8068	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:26:07.0938 8068	HidBatt - ok
10:26:07.0988 8068	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:26:07.0988 8068	HidBth - ok
10:26:08.0008 8068	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:26:08.0018 8068	HidIr - ok
10:26:08.0038 8068	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:26:08.0048 8068	hidserv - ok
10:26:08.0118 8068	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:26:08.0168 8068	HidUsb - ok
10:26:08.0238 8068	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:26:08.0238 8068	hkmsvc - ok
10:26:08.0298 8068	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:26:08.0348 8068	HomeGroupListener - ok
10:26:08.0408 8068	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:26:08.0408 8068	HomeGroupProvider - ok
10:26:08.0458 8068	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:26:08.0508 8068	HpSAMD - ok
10:26:08.0598 8068	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:26:08.0608 8068	HTTP - ok
10:26:08.0668 8068	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:26:08.0668 8068	hwpolicy - ok
10:26:08.0718 8068	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:26:08.0728 8068	i8042prt - ok
10:26:08.0788 8068	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
10:26:08.0798 8068	iaStor - ok
10:26:08.0868 8068	IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:26:08.0928 8068	IAStorDataMgrSvc - ok
10:26:08.0988 8068	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:26:09.0048 8068	iaStorV - ok
10:26:09.0178 8068	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:26:09.0188 8068	idsvc - ok
10:26:09.0248 8068	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:26:09.0258 8068	iirsp - ok
10:26:09.0348 8068	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:26:09.0368 8068	IKEEXT - ok
10:26:09.0418 8068	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
10:26:09.0478 8068	Impcd - ok
10:26:09.0638 8068	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
10:26:09.0698 8068	IntcAzAudAddService - ok
10:26:09.0828 8068	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:26:09.0838 8068	intelide - ok
10:26:09.0898 8068	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:26:09.0908 8068	intelppm - ok
10:26:09.0938 8068	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:26:09.0948 8068	IPBusEnum - ok
10:26:09.0978 8068	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:26:10.0028 8068	IpFilterDriver - ok
10:26:10.0078 8068	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:26:10.0128 8068	iphlpsvc - ok
10:26:10.0168 8068	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:26:10.0218 8068	IPMIDRV - ok
10:26:10.0258 8068	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:26:10.0268 8068	IPNAT - ok
10:26:10.0418 8068	iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:26:10.0478 8068	iPod Service - ok
10:26:10.0508 8068	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:26:10.0508 8068	IRENUM - ok
10:26:10.0548 8068	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:26:10.0558 8068	isapnp - ok
10:26:10.0628 8068	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:26:10.0688 8068	iScsiPrt - ok
10:26:10.0728 8068	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:26:10.0778 8068	k57nd60a - ok
10:26:10.0808 8068	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:26:10.0818 8068	kbdclass - ok
10:26:10.0878 8068	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:26:10.0938 8068	kbdhid - ok
10:26:10.0988 8068	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:26:10.0988 8068	KeyIso - ok
10:26:11.0048 8068	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:26:11.0048 8068	KSecDD - ok
10:26:11.0068 8068	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:26:11.0118 8068	KSecPkg - ok
10:26:11.0138 8068	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:26:11.0148 8068	ksthunk - ok
10:26:11.0188 8068	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:26:11.0208 8068	KtmRm - ok
10:26:11.0288 8068	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:26:11.0298 8068	LanmanServer - ok
10:26:11.0348 8068	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:26:11.0348 8068	LanmanWorkstation - ok
10:26:11.0378 8068	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:26:11.0378 8068	lltdio - ok
10:26:11.0428 8068	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:26:11.0438 8068	lltdsvc - ok
10:26:11.0458 8068	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:26:11.0468 8068	lmhosts - ok
10:26:11.0538 8068	LMS             (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:26:11.0628 8068	LMS - ok
10:26:11.0668 8068	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:26:11.0668 8068	LSI_FC - ok
10:26:11.0688 8068	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:26:11.0698 8068	LSI_SAS - ok
10:26:11.0718 8068	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:26:11.0718 8068	LSI_SAS2 - ok
10:26:11.0748 8068	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:26:11.0758 8068	LSI_SCSI - ok
10:26:11.0778 8068	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:26:11.0788 8068	luafv - ok
10:26:11.0868 8068	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:26:11.0918 8068	MBAMProtector - ok
10:26:12.0138 8068	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
10:26:12.0208 8068	MBAMService - ok
10:26:12.0268 8068	McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:26:12.0268 8068	McAfee SiteAdvisor Service - ok
10:26:12.0398 8068	McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
10:26:12.0468 8068	McComponentHostService - ok
10:26:12.0468 8068	McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:26:12.0478 8068	McMPFSvc - ok
10:26:12.0498 8068	mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:26:12.0498 8068	mcmscsvc - ok
10:26:12.0508 8068	McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:26:12.0508 8068	McNaiAnn - ok
10:26:12.0518 8068	McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:26:12.0518 8068	McNASvc - ok
10:26:12.0608 8068	McODS           (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
10:26:12.0658 8068	McODS - ok
10:26:12.0668 8068	McOobeSv        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:26:12.0668 8068	McOobeSv - ok
10:26:12.0668 8068	McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:26:12.0668 8068	McProxy - ok
10:26:12.0708 8068	McShield        (597c77235621e7ddd32a68574fde6464) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:26:12.0758 8068	McShield - ok
10:26:12.0878 8068	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:26:12.0918 8068	Mcx2Svc - ok
10:26:12.0968 8068	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:26:12.0968 8068	megasas - ok
10:26:12.0998 8068	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:26:13.0008 8068	MegaSR - ok
10:26:13.0058 8068	mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
10:26:13.0118 8068	mfeapfk - ok
10:26:13.0168 8068	mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
10:26:13.0238 8068	mfeavfk - ok
10:26:13.0278 8068	mfeavfk01 - ok
10:26:13.0328 8068	mfefire         (134bb16f93a07c2c89b0b9c399382bdb) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:26:13.0378 8068	mfefire - ok
10:26:13.0438 8068	mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
10:26:13.0448 8068	mfefirek - ok
10:26:13.0508 8068	mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
10:26:13.0568 8068	mfehidk - ok
10:26:13.0568 8068	mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:26:13.0608 8068	mfenlfk - ok
10:26:13.0658 8068	mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
10:26:13.0718 8068	mferkdet - ok
10:26:13.0778 8068	mfevtp          (4d0ecd05abb518ea323f651f4ab8458f) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
10:26:13.0828 8068	mfevtp - ok
10:26:13.0878 8068	mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
10:26:13.0928 8068	mfewfpk - ok
10:26:13.0978 8068	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:26:13.0978 8068	MMCSS - ok
10:26:14.0008 8068	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:26:14.0008 8068	Modem - ok
10:26:14.0048 8068	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:26:14.0048 8068	monitor - ok
10:26:14.0098 8068	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:26:14.0098 8068	mouclass - ok
10:26:14.0118 8068	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:26:14.0118 8068	mouhid - ok
10:26:14.0169 8068	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:26:14.0169 8068	mountmgr - ok
10:26:14.0289 8068	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:26:14.0359 8068	MozillaMaintenance - ok
10:26:14.0389 8068	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:26:14.0429 8068	mpio - ok
10:26:14.0459 8068	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:26:14.0469 8068	mpsdrv - ok
10:26:14.0549 8068	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:26:14.0599 8068	MpsSvc - ok
10:26:14.0649 8068	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:26:14.0709 8068	MRxDAV - ok
10:26:14.0749 8068	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:26:14.0789 8068	mrxsmb - ok
10:26:14.0829 8068	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:26:14.0879 8068	mrxsmb10 - ok
10:26:14.0899 8068	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:26:14.0899 8068	mrxsmb20 - ok
10:26:14.0949 8068	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:26:15.0009 8068	msahci - ok
10:26:15.0039 8068	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:26:15.0089 8068	msdsm - ok
10:26:15.0129 8068	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:26:15.0139 8068	MSDTC - ok
10:26:15.0159 8068	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:26:15.0159 8068	Msfs - ok
10:26:15.0179 8068	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:26:15.0179 8068	mshidkmdf - ok
10:26:15.0229 8068	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:26:15.0239 8068	msisadrv - ok
10:26:15.0269 8068	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:26:15.0279 8068	MSiSCSI - ok
10:26:15.0279 8068	msiserver - ok
10:26:15.0359 8068	MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:26:15.0369 8068	MSK80Service - ok
10:26:15.0399 8068	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:26:15.0409 8068	MSKSSRV - ok
10:26:15.0429 8068	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:26:15.0439 8068	MSPCLOCK - ok
10:26:15.0449 8068	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:26:15.0449 8068	MSPQM - ok
10:26:15.0519 8068	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:26:15.0569 8068	MsRPC - ok
10:26:15.0629 8068	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:26:15.0629 8068	mssmbios - ok
10:26:15.0669 8068	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:26:15.0669 8068	MSTEE - ok
10:26:15.0689 8068	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:26:15.0689 8068	MTConfig - ok
10:26:15.0729 8068	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:26:15.0729 8068	Mup - ok
10:26:15.0769 8068	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:26:15.0819 8068	mwlPSDFilter - ok
10:26:15.0829 8068	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:26:15.0869 8068	mwlPSDNServ - ok
10:26:15.0869 8068	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:26:15.0909 8068	mwlPSDVDisk - ok
10:26:15.0999 8068	MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
10:26:16.0059 8068	MWLService - ok
10:26:16.0139 8068	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:26:16.0139 8068	napagent - ok
10:26:16.0189 8068	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:26:16.0199 8068	NativeWifiP - ok
10:26:16.0269 8068	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:26:16.0279 8068	NDIS - ok
10:26:16.0319 8068	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:26:16.0319 8068	NdisCap - ok
10:26:16.0349 8068	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:26:16.0349 8068	NdisTapi - ok
10:26:16.0399 8068	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:26:16.0409 8068	Ndisuio - ok
10:26:16.0449 8068	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:26:16.0509 8068	NdisWan - ok
10:26:16.0559 8068	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:26:16.0609 8068	NDProxy - ok
10:26:16.0649 8068	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
10:26:16.0699 8068	Netaapl - ok
10:26:16.0739 8068	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:26:16.0749 8068	NetBIOS - ok
10:26:16.0799 8068	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:26:16.0799 8068	NetBT - ok
10:26:16.0849 8068	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:26:16.0849 8068	Netlogon - ok
10:26:16.0909 8068	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:26:16.0919 8068	Netman - ok
10:26:16.0949 8068	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:26:16.0959 8068	netprofm - ok
10:26:17.0039 8068	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:17.0049 8068	NetTcpPortSharing - ok
10:26:17.0079 8068	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:26:17.0089 8068	nfrd960 - ok
10:26:17.0159 8068	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:26:17.0169 8068	NlaSvc - ok
10:26:17.0379 8068	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:26:17.0449 8068	NOBU - ok
10:26:17.0559 8068	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:26:17.0569 8068	Npfs - ok
10:26:17.0599 8068	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:26:17.0599 8068	nsi - ok
10:26:17.0609 8068	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:26:17.0609 8068	nsiproxy - ok
10:26:17.0749 8068	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:26:17.0819 8068	Ntfs - ok
10:26:17.0889 8068	NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
10:26:17.0959 8068	NTI IScheduleSvc - ok
10:26:18.0139 8068	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
10:26:18.0199 8068	NTIDrvr - ok
10:26:18.0229 8068	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:26:18.0239 8068	Null - ok
10:26:18.0289 8068	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:26:18.0349 8068	nvraid - ok
10:26:18.0369 8068	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:26:18.0409 8068	nvstor - ok
10:26:18.0449 8068	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:26:18.0459 8068	nv_agp - ok
10:26:18.0589 8068	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:26:18.0599 8068	odserv - ok
10:26:18.0629 8068	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:26:18.0639 8068	ohci1394 - ok
10:26:18.0689 8068	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:26:18.0749 8068	ose - ok
10:26:19.0069 8068	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:26:19.0220 8068	osppsvc - ok
10:26:19.0340 8068	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:26:19.0350 8068	p2pimsvc - ok
10:26:19.0390 8068	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:26:19.0410 8068	p2psvc - ok
10:26:19.0450 8068	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:26:19.0450 8068	Parport - ok
10:26:19.0500 8068	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:26:19.0550 8068	partmgr - ok
10:26:19.0560 8068	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:26:19.0570 8068	PcaSvc - ok
10:26:19.0620 8068	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:26:19.0680 8068	pci - ok
10:26:19.0690 8068	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:26:19.0700 8068	pciide - ok
10:26:19.0720 8068	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:26:19.0730 8068	pcmcia - ok
10:26:19.0750 8068	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:26:19.0760 8068	pcw - ok
10:26:19.0790 8068	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:26:19.0810 8068	PEAUTH - ok
10:26:19.0890 8068	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:26:19.0890 8068	PerfHost - ok
10:26:20.0050 8068	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:26:20.0110 8068	pla - ok
10:26:20.0200 8068	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:26:20.0250 8068	PlugPlay - ok
10:26:20.0270 8068	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:26:20.0280 8068	PNRPAutoReg - ok
10:26:20.0320 8068	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:26:20.0330 8068	PNRPsvc - ok
10:26:20.0400 8068	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:26:20.0410 8068	PolicyAgent - ok
10:26:20.0440 8068	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:26:20.0450 8068	Power - ok
10:26:20.0520 8068	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:26:20.0580 8068	PptpMiniport - ok
10:26:20.0600 8068	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:26:20.0600 8068	Processor - ok
10:26:20.0670 8068	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:26:20.0680 8068	ProfSvc - ok
10:26:20.0730 8068	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:26:20.0730 8068	ProtectedStorage - ok
10:26:20.0790 8068	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:26:20.0790 8068	Psched - ok
10:26:20.0980 8068	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:26:21.0010 8068	ql2300 - ok
10:26:21.0130 8068	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:26:21.0140 8068	ql40xx - ok
10:26:21.0171 8068	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:26:21.0171 8068	QWAVE - ok
10:26:21.0202 8068	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:26:21.0202 8068	QWAVEdrv - ok
10:26:21.0218 8068	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:26:21.0218 8068	RasAcd - ok
10:26:21.0249 8068	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:26:21.0249 8068	RasAgileVpn - ok
10:26:21.0265 8068	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:26:21.0280 8068	RasAuto - ok
10:26:21.0327 8068	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:26:21.0374 8068	Rasl2tp - ok
10:26:21.0450 8068	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:26:21.0500 8068	RasMan - ok
10:26:21.0530 8068	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:26:21.0540 8068	RasPppoe - ok
10:26:21.0560 8068	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:26:21.0570 8068	RasSstp - ok
10:26:21.0610 8068	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:26:21.0670 8068	rdbss - ok
10:26:21.0690 8068	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:26:21.0700 8068	rdpbus - ok
10:26:21.0710 8068	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:26:21.0710 8068	RDPCDD - ok
10:26:21.0740 8068	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:26:21.0740 8068	RDPENCDD - ok
10:26:21.0750 8068	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:26:21.0750 8068	RDPREFMP - ok
10:26:21.0800 8068	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:26:21.0850 8068	RDPWD - ok
10:26:21.0920 8068	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:26:21.0980 8068	rdyboost - ok
10:26:22.0010 8068	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:26:22.0010 8068	RemoteAccess - ok
10:26:22.0050 8068	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:26:22.0050 8068	RemoteRegistry - ok
10:26:22.0090 8068	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:26:22.0090 8068	RpcEptMapper - ok
10:26:22.0120 8068	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:26:22.0120 8068	RpcLocator - ok
10:26:22.0210 8068	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:26:22.0220 8068	RpcSs - ok
10:26:22.0260 8068	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:26:22.0260 8068	rspndr - ok
10:26:22.0310 8068	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
10:26:22.0370 8068	RSUSBSTOR - ok
10:26:22.0410 8068	RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
10:26:22.0450 8068	RTHDMIAzAudService - ok
10:26:22.0500 8068	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:26:22.0500 8068	SamSs - ok
10:26:22.0540 8068	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:26:22.0580 8068	sbp2port - ok
10:26:22.0610 8068	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:26:22.0610 8068	SCardSvr - ok
10:26:22.0670 8068	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:26:22.0670 8068	scfilter - ok
10:26:22.0770 8068	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:26:22.0820 8068	Schedule - ok
10:26:22.0860 8068	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:26:22.0860 8068	SCPolicySvc - ok
10:26:22.0920 8068	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:26:22.0970 8068	SDRSVC - ok
10:26:23.0020 8068	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:26:23.0020 8068	secdrv - ok
10:26:23.0070 8068	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:26:23.0110 8068	seclogon - ok
10:26:23.0140 8068	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:26:23.0151 8068	SENS - ok
10:26:23.0161 8068	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:26:23.0171 8068	SensrSvc - ok
10:26:23.0181 8068	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:26:23.0181 8068	Serenum - ok
10:26:23.0221 8068	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:26:23.0221 8068	Serial - ok
10:26:23.0261 8068	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:26:23.0271 8068	sermouse - ok
10:26:23.0311 8068	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:26:23.0351 8068	SessionEnv - ok
10:26:23.0401 8068	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:26:23.0401 8068	sffdisk - ok
10:26:23.0411 8068	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:26:23.0421 8068	sffp_mmc - ok
10:26:23.0421 8068	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:26:23.0467 8068	sffp_sd - ok
10:26:23.0499 8068	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:26:23.0499 8068	sfloppy - ok
10:26:23.0839 8068	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:26:23.0909 8068	Sftfs - ok
10:26:24.0059 8068	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:26:24.0059 8068	sftlist - ok
10:26:24.0349 8068	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:26:24.0419 8068	Sftplay - ok
10:26:24.0419 8068	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:26:24.0419 8068	Sftredir - ok
10:26:24.0449 8068	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:26:24.0489 8068	Sftvol - ok
10:26:24.0519 8068	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:26:24.0519 8068	sftvsa - ok
10:26:24.0569 8068	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:26:24.0579 8068	SharedAccess - ok
10:26:24.0639 8068	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:26:24.0649 8068	ShellHWDetection - ok
10:26:24.0669 8068	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:26:24.0669 8068	SiSRaid2 - ok
10:26:24.0689 8068	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:26:24.0699 8068	SiSRaid4 - ok
10:26:24.0769 8068	SkypeUpdate     (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:26:31.0268 8068	SkypeUpdate - ok
10:26:31.0315 8068	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:26:31.0331 8068	Smb - ok
10:26:31.0378 8068	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:26:31.0378 8068	SNMPTRAP - ok
10:26:31.0403 8068	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:26:31.0403 8068	spldr - ok
10:26:31.0463 8068	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:26:31.0473 8068	Spooler - ok
10:26:31.0723 8068	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:26:31.0763 8068	sppsvc - ok
10:26:31.0863 8068	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:26:31.0873 8068	sppuinotify - ok
10:26:31.0953 8068	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:26:32.0013 8068	srv - ok
10:26:32.0073 8068	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:26:32.0133 8068	srv2 - ok
10:26:32.0153 8068	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:26:32.0193 8068	srvnet - ok
10:26:32.0213 8068	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:26:32.0213 8068	SSDPSRV - ok
10:26:32.0233 8068	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:26:32.0243 8068	SstpSvc - ok
10:26:32.0293 8068	Steam Client Service - ok
10:26:32.0313 8068	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:26:32.0323 8068	stexstor - ok
10:26:32.0403 8068	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:26:32.0463 8068	stisvc - ok
10:26:32.0513 8068	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:26:32.0523 8068	swenum - ok
10:26:32.0573 8068	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:26:32.0593 8068	swprv - ok
10:26:32.0653 8068	SynTP           (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
10:26:32.0713 8068	SynTP - ok
10:26:32.0843 8068	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:26:32.0863 8068	SysMain - ok
10:26:32.0983 8068	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:26:33.0033 8068	TabletInputService - ok
10:26:33.0063 8068	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:26:33.0093 8068	TapiSrv - ok
10:26:33.0113 8068	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:26:33.0113 8068	TBS - ok
10:26:33.0274 8068	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:26:33.0294 8068	Tcpip - ok
10:26:33.0533 8068	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:26:33.0549 8068	TCPIP6 - ok
10:26:33.0683 8068	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:26:33.0733 8068	tcpipreg - ok
10:26:33.0763 8068	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:26:33.0763 8068	TDPIPE - ok
10:26:33.0803 8068	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:26:33.0803 8068	TDTCP - ok
10:26:33.0883 8068	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:26:33.0933 8068	tdx - ok
10:26:34.0003 8068	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:26:34.0053 8068	TermDD - ok
10:26:34.0113 8068	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:26:34.0163 8068	TermService - ok
10:26:34.0183 8068	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:26:34.0193 8068	Themes - ok
10:26:34.0213 8068	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:26:34.0213 8068	THREADORDER - ok
10:26:34.0233 8068	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:26:34.0243 8068	TrkWks - ok
10:26:34.0323 8068	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:26:34.0383 8068	TrustedInstaller - ok
10:26:34.0433 8068	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:26:34.0493 8068	tssecsrv - ok
10:26:34.0553 8068	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:26:34.0603 8068	TsUsbFlt - ok
10:26:34.0693 8068	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:26:34.0703 8068	tunnel - ok
10:26:34.0723 8068	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
10:26:34.0783 8068	TurboB - ok
10:26:34.0853 8068	TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:26:34.0903 8068	TurboBoost - ok
10:26:34.0923 8068	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:26:34.0933 8068	uagp35 - ok
10:26:34.0973 8068	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
10:26:35.0023 8068	UBHelper - ok
10:26:35.0093 8068	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:26:35.0153 8068	udfs - ok
10:26:35.0163 8068	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:26:35.0163 8068	UI0Detect - ok
10:26:35.0224 8068	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:26:35.0224 8068	uliagpkx - ok
10:26:35.0264 8068	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:26:35.0314 8068	umbus - ok
10:26:35.0344 8068	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:26:35.0344 8068	UmPass - ok
10:26:35.0514 8068	UNS             (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:26:35.0624 8068	UNS - ok
10:26:35.0689 8068	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:26:35.0767 8068	Updater Service - ok
10:26:35.0892 8068	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:26:35.0902 8068	upnphost - ok
10:26:35.0992 8068	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:26:36.0032 8068	USBAAPL64 - ok
10:26:36.0092 8068	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:26:36.0092 8068	usbccgp - ok
10:26:36.0122 8068	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:26:36.0122 8068	usbcir - ok
10:26:36.0152 8068	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:26:36.0202 8068	usbehci - ok
10:26:36.0252 8068	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:26:36.0292 8068	usbhub - ok
10:26:36.0332 8068	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:26:36.0382 8068	usbohci - ok
10:26:36.0422 8068	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:26:36.0422 8068	usbprint - ok
10:26:36.0462 8068	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:26:36.0472 8068	usbscan - ok
10:26:36.0512 8068	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:26:36.0582 8068	USBSTOR - ok
10:26:36.0612 8068	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:26:36.0652 8068	usbuhci - ok
10:26:36.0732 8068	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:26:36.0792 8068	usbvideo - ok
10:26:36.0822 8068	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:26:36.0822 8068	UxSms - ok
10:26:36.0872 8068	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:26:36.0872 8068	VaultSvc - ok
10:26:36.0922 8068	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:26:36.0922 8068	vdrvroot - ok
10:26:37.0002 8068	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:26:37.0012 8068	vds - ok
10:26:37.0042 8068	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:26:37.0052 8068	vga - ok
10:26:37.0062 8068	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:26:37.0072 8068	VgaSave - ok
10:26:37.0112 8068	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:26:37.0172 8068	vhdmp - ok
10:26:37.0202 8068	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:26:37.0202 8068	viaide - ok
10:26:37.0253 8068	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:26:37.0323 8068	volmgr - ok
10:26:37.0383 8068	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:26:37.0393 8068	volmgrx - ok
10:26:37.0423 8068	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:26:37.0493 8068	volsnap - ok
10:26:37.0533 8068	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:26:37.0543 8068	vsmraid - ok
10:26:37.0663 8068	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:26:37.0683 8068	VSS - ok
10:26:37.0793 8068	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:26:37.0803 8068	vwifibus - ok
10:26:37.0823 8068	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:26:37.0833 8068	vwififlt - ok
10:26:37.0853 8068	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:26:37.0853 8068	vwifimp - ok
10:26:37.0903 8068	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:26:37.0913 8068	W32Time - ok
10:26:37.0970 8068	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:26:37.0985 8068	WacomPen - ok
10:26:38.0032 8068	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:38.0032 8068	WANARP - ok
10:26:38.0048 8068	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:38.0048 8068	Wanarpv6 - ok
10:26:38.0181 8068	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:26:38.0201 8068	wbengine - ok
10:26:38.0312 8068	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:26:38.0322 8068	WbioSrvc - ok
10:26:38.0392 8068	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:26:38.0442 8068	wcncsvc - ok
10:26:38.0452 8068	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:26:38.0462 8068	WcsPlugInService - ok
10:26:38.0492 8068	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:26:38.0502 8068	Wd - ok
10:26:38.0552 8068	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:26:38.0572 8068	Wdf01000 - ok
10:26:38.0602 8068	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:26:38.0612 8068	WdiServiceHost - ok
10:26:38.0612 8068	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:26:38.0622 8068	WdiSystemHost - ok
10:26:38.0682 8068	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:26:38.0722 8068	WebClient - ok
10:26:38.0762 8068	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:26:38.0762 8068	Wecsvc - ok
10:26:38.0782 8068	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:26:38.0782 8068	wercplsupport - ok
10:26:38.0802 8068	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:26:38.0802 8068	WerSvc - ok
10:26:38.0852 8068	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:26:38.0852 8068	WfpLwf - ok
10:26:38.0872 8068	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:26:38.0882 8068	WIMMount - ok
10:26:38.0922 8068	WinDefend - ok
10:26:38.0942 8068	WinHttpAutoProxySvc - ok
10:26:39.0012 8068	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:26:39.0022 8068	Winmgmt - ok
10:26:39.0172 8068	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:26:39.0222 8068	WinRM - ok
10:26:39.0362 8068	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:26:39.0412 8068	WinUsb - ok
10:26:39.0492 8068	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:26:39.0512 8068	Wlansvc - ok
10:26:39.0572 8068	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:26:39.0582 8068	WmiAcpi - ok
10:26:39.0652 8068	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:26:39.0652 8068	wmiApSrv - ok
10:26:39.0692 8068	WMPNetworkSvc - ok
10:26:39.0732 8068	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:26:39.0732 8068	WPCSvc - ok
10:26:39.0782 8068	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:26:39.0832 8068	WPDBusEnum - ok
10:26:39.0852 8068	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:26:39.0852 8068	ws2ifsl - ok
10:26:39.0862 8068	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:26:39.0872 8068	wscsvc - ok
10:26:39.0872 8068	WSearch - ok
10:26:40.0082 8068	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:26:40.0102 8068	wuauserv - ok
10:26:40.0235 8068	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:26:40.0235 8068	WudfPf - ok
10:26:40.0282 8068	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:26:40.0328 8068	WUDFRd - ok
10:26:40.0391 8068	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:26:40.0441 8068	wudfsvc - ok
10:26:40.0471 8068	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:26:40.0481 8068	WwanSvc - ok
10:26:40.0531 8068	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:26:40.0901 8068	\Device\Harddisk0\DR0 - ok
10:26:40.0901 8068	MBR (0x1B8)     (d78b97c21d9715044c01ef2a15e4a3e3) \Device\Harddisk1\DR1
10:26:40.0951 8068	\Device\Harddisk1\DR1 - ok
10:26:40.0961 8068	Boot (0x1200)   (ee5f1170ea49935efafc55831de43b3d) \Device\Harddisk0\DR0\Partition0
10:26:40.0961 8068	\Device\Harddisk0\DR0\Partition0 - ok
10:26:41.0191 8068	Boot (0x1200)   (10bccd5c14c6bed83ece6cc2cc940580) \Device\Harddisk0\DR0\Partition1
10:26:41.0191 8068	\Device\Harddisk0\DR0\Partition1 - ok
10:26:41.0191 8068	============================================================
10:26:41.0191 8068	Scan finished
10:26:41.0191 8068	============================================================
10:26:41.0211 5080	Detected object count: 0
10:26:41.0211 5080	Actual detected object count: 0
10:28:54.0174 8740	============================================================
10:28:54.0174 8740	Scan started
10:28:54.0174 8740	Mode: Manual; SigCheck; TDLFS; 
10:28:54.0174 8740	============================================================
10:28:54.0299 8740	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:28:54.0455 8740	1394ohci - ok
10:28:54.0501 8740	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:28:54.0517 8740	ACPI - ok
10:28:54.0533 8740	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:28:54.0611 8740	AcpiPmi - ok
10:28:54.0704 8740	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:28:54.0782 8740	AdobeARMservice - ok
10:28:54.0876 8740	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:28:54.0891 8740	AdobeFlashPlayerUpdateSvc - ok
10:28:54.0938 8740	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:28:54.0954 8740	adp94xx - ok
10:28:54.0985 8740	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:28:55.0001 8740	adpahci - ok
10:28:55.0016 8740	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:28:55.0032 8740	adpu320 - ok
10:28:55.0047 8740	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:28:55.0188 8740	AeLookupSvc - ok
10:28:55.0250 8740	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:28:55.0297 8740	AFD - ok
10:28:55.0328 8740	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:28:55.0328 8740	agp440 - ok
10:28:55.0360 8740	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:28:55.0406 8740	ALG - ok
10:28:55.0422 8740	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:28:55.0438 8740	aliide - ok
10:28:55.0453 8740	AMD External Events Utility (ff779f9de1cdf477033858b7681ceda8) C:\Windows\system32\atiesrxx.exe
10:28:55.0531 8740	AMD External Events Utility - ok
10:28:55.0547 8740	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:28:55.0562 8740	amdide - ok
10:28:55.0594 8740	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:28:55.0640 8740	AmdK8 - ok
10:28:56.0046 8740	amdkmdag        (ef2b99dcee397b45f50594696d7b5339) C:\Windows\system32\DRIVERS\atikmdag.sys
10:28:56.0140 8740	amdkmdag - ok
10:28:56.0249 8740	amdkmdap        (239dce60bee6e1576c803948ab4d54c5) C:\Windows\system32\DRIVERS\atikmpag.sys
10:28:56.0296 8740	amdkmdap - ok
10:28:56.0327 8740	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:28:56.0358 8740	AmdPPM - ok
10:28:56.0374 8740	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:28:56.0389 8740	amdsata - ok
10:28:56.0420 8740	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:28:56.0436 8740	amdsbs - ok
10:28:56.0452 8740	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:28:56.0452 8740	amdxata - ok
10:28:56.0483 8740	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:28:56.0623 8740	AppID - ok
10:28:56.0639 8740	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:28:56.0701 8740	AppIDSvc - ok
10:28:56.0732 8740	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:28:56.0779 8740	Appinfo - ok
10:28:56.0920 8740	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:28:56.0935 8740	Apple Mobile Device - ok
10:28:56.0982 8740	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:28:56.0998 8740	arc - ok
10:28:57.0013 8740	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:28:57.0029 8740	arcsas - ok
10:28:57.0044 8740	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:28:57.0122 8740	AsyncMac - ok
10:28:57.0154 8740	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:28:57.0154 8740	atapi - ok
10:28:57.0232 8740	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:28:57.0310 8740	AudioEndpointBuilder - ok
10:28:57.0310 8740	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:28:57.0388 8740	AudioSrv - ok
10:28:57.0388 8740	AVFSFilter - ok
10:28:57.0512 8740	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:28:57.0622 8740	AxInstSV - ok
10:28:57.0668 8740	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:28:57.0715 8740	b06bdrv - ok
10:28:57.0746 8740	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:28:57.0793 8740	b57nd60a - ok
10:28:58.0027 8740	BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:28:58.0136 8740	BCM43XX - ok
10:28:58.0230 8740	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:28:58.0277 8740	BDESVC - ok
10:28:58.0308 8740	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:28:58.0402 8740	Beep - ok
10:28:58.0464 8740	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:28:58.0542 8740	BFE - ok
10:28:58.0604 8740	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:28:58.0698 8740	BITS - ok
10:28:58.0745 8740	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:28:58.0776 8740	blbdrive - ok
10:28:58.0807 8740	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:28:58.0901 8740	bowser - ok
10:28:58.0916 8740	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:28:58.0963 8740	BrFiltLo - ok
10:28:58.0979 8740	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:28:59.0026 8740	BrFiltUp - ok
10:28:59.0057 8740	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:28:59.0104 8740	BridgeMP - ok
10:28:59.0150 8740	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:28:59.0213 8740	Browser - ok
10:28:59.0244 8740	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:28:59.0306 8740	Brserid - ok
10:28:59.0322 8740	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:28:59.0338 8740	BrSerWdm - ok
10:28:59.0353 8740	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:28:59.0400 8740	BrUsbMdm - ok
10:28:59.0416 8740	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:28:59.0447 8740	BrUsbSer - ok
10:28:59.0462 8740	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:28:59.0509 8740	BTHMODEM - ok
10:28:59.0540 8740	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:28:59.0618 8740	bthserv - ok
10:28:59.0618 8740	catchme - ok
10:28:59.0650 8740	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:28:59.0728 8740	cdfs - ok
10:28:59.0759 8740	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:28:59.0806 8740	cdrom - ok
10:28:59.0837 8740	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:28:59.0899 8740	CertPropSvc - ok
10:28:59.0946 8740	cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
10:29:00.0008 8740	cfwids - ok
10:29:00.0055 8740	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:29:00.0118 8740	circlass - ok
10:29:00.0180 8740	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:29:00.0196 8740	CLFS - ok
10:29:00.0289 8740	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:29:00.0320 8740	clr_optimization_v2.0.50727_32 - ok
10:29:00.0352 8740	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:29:00.0352 8740	clr_optimization_v2.0.50727_64 - ok
10:29:00.0414 8740	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:29:00.0430 8740	clr_optimization_v4.0.30319_32 - ok
10:29:00.0445 8740	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:29:00.0461 8740	clr_optimization_v4.0.30319_64 - ok
10:29:00.0476 8740	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:00.0508 8740	CmBatt - ok
10:29:00.0523 8740	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:29:00.0539 8740	cmdide - ok
10:29:00.0586 8740	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:29:00.0648 8740	CNG - ok
10:29:00.0726 8740	ColorZillaStatsUpdater (091a2d76a1fffa523cd453cbabc4078d) C:\Users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
10:29:00.0757 8740	ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - warning
10:29:00.0757 8740	ColorZillaStatsUpdater - detected UnsignedFile.Multi.Generic (1)
10:29:00.0788 8740	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:29:00.0788 8740	Compbatt - ok
10:29:00.0820 8740	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:29:00.0913 8740	CompositeBus - ok
10:29:00.0913 8740	COMSysApp - ok
10:29:00.0944 8740	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:29:00.0960 8740	crcdisk - ok
10:29:00.0976 8740	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:29:01.0038 8740	CryptSvc - ok
10:29:01.0163 8740	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:29:01.0241 8740	cvhsvc - ok
10:29:01.0288 8740	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
10:29:01.0303 8740	dc3d - ok
10:29:01.0366 8740	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:29:01.0428 8740	DcomLaunch - ok
10:29:01.0490 8740	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:29:01.0553 8740	defragsvc - ok
10:29:01.0584 8740	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:29:01.0646 8740	DfsC - ok
10:29:01.0693 8740	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:29:01.0740 8740	Dhcp - ok
10:29:01.0756 8740	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:29:01.0818 8740	discache - ok
10:29:01.0818 8740	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:29:01.0834 8740	Disk - ok
10:29:01.0865 8740	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:29:01.0927 8740	Dnscache - ok
10:29:01.0974 8740	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:29:02.0036 8740	dot3svc - ok
10:29:02.0068 8740	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:29:02.0114 8740	DPS - ok
10:29:02.0146 8740	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:29:02.0177 8740	drmkaud - ok
10:29:02.0270 8740	DsiWMIService   (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:29:02.0302 8740	DsiWMIService - ok
10:29:02.0333 8740	dsNcAdpt        (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:29:02.0395 8740	dsNcAdpt - ok
10:29:02.0458 8740	dsNcService     (bc4851b8cd478b93fcaedb95052a824d) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:29:02.0489 8740	dsNcService - ok
10:29:02.0582 8740	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:29:02.0614 8740	DXGKrnl - ok
10:29:02.0645 8740	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:29:02.0707 8740	EapHost - ok
10:29:02.0910 8740	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:29:02.0957 8740	ebdrv - ok
10:29:03.0082 8740	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:29:03.0144 8740	EFS - ok
10:29:03.0238 8740	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:29:03.0316 8740	ehRecvr - ok
10:29:03.0347 8740	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:29:03.0378 8740	ehSched - ok
10:29:03.0456 8740	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:29:03.0487 8740	elxstor - ok
10:29:03.0596 8740	ePowerSvc       (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:29:03.0628 8740	ePowerSvc - ok
10:29:03.0768 8740	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:29:03.0799 8740	ErrDev - ok
10:29:03.0862 8740	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:29:03.0924 8740	EventSystem - ok
10:29:03.0955 8740	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:29:04.0033 8740	exfat - ok
10:29:04.0064 8740	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:29:04.0142 8740	fastfat - ok
10:29:04.0205 8740	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:29:04.0252 8740	Fax - ok
10:29:04.0283 8740	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:29:04.0314 8740	fdc - ok
10:29:04.0345 8740	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:29:04.0423 8740	fdPHost - ok
10:29:04.0439 8740	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:29:04.0517 8740	FDResPub - ok
10:29:04.0532 8740	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:29:04.0548 8740	FileInfo - ok
10:29:04.0579 8740	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:29:04.0673 8740	Filetrace - ok
10:29:04.0782 8740	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:29:04.0813 8740	FLEXnet Licensing Service - ok
10:29:04.0829 8740	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:29:04.0860 8740	flpydisk - ok
10:29:04.0907 8740	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:29:04.0922 8740	FltMgr - ok
10:29:05.0000 8740	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:29:05.0032 8740	FontCache - ok
10:29:05.0110 8740	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:05.0125 8740	FontCache3.0.0.0 - ok
10:29:05.0172 8740	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:29:05.0203 8740	FsDepends - ok
10:29:05.0234 8740	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:29:05.0250 8740	Fs_Rec - ok
10:29:05.0312 8740	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:29:05.0375 8740	fvevol - ok
10:29:05.0375 8740	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:29:05.0390 8740	gagp30kx - ok
10:29:05.0422 8740	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:29:05.0437 8740	GEARAspiWDM - ok
10:29:05.0500 8740	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:29:05.0562 8740	gpsvc - ok
10:29:05.0624 8740	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
10:29:05.0640 8740	GREGService - ok
10:29:05.0687 8740	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:05.0702 8740	gupdate - ok
10:29:05.0702 8740	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:05.0702 8740	gupdatem - ok
10:29:05.0749 8740	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:29:05.0796 8740	hcw85cir - ok
10:29:05.0843 8740	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:29:05.0874 8740	HdAudAddService - ok
10:29:05.0905 8740	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:29:05.0983 8740	HDAudBus - ok
10:29:05.0999 8740	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:29:06.0014 8740	HECIx64 - ok
10:29:06.0030 8740	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:29:06.0061 8740	HidBatt - ok
10:29:06.0092 8740	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:29:06.0124 8740	HidBth - ok
10:29:06.0139 8740	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:29:06.0170 8740	HidIr - ok
10:29:06.0217 8740	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:29:06.0280 8740	hidserv - ok
10:29:06.0311 8740	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:29:06.0326 8740	HidUsb - ok
10:29:06.0358 8740	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:29:06.0420 8740	hkmsvc - ok
10:29:06.0482 8740	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:29:06.0576 8740	HomeGroupListener - ok
10:29:06.0624 8740	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:29:06.0655 8740	HomeGroupProvider - ok
10:29:06.0686 8740	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:29:06.0686 8740	HpSAMD - ok
10:29:06.0795 8740	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:29:06.0858 8740	HTTP - ok
10:29:06.0905 8740	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:29:06.0920 8740	hwpolicy - ok
10:29:06.0951 8740	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:29:06.0967 8740	i8042prt - ok
10:29:07.0029 8740	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
10:29:07.0061 8740	iaStor - ok
10:29:07.0107 8740	IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:29:07.0170 8740	IAStorDataMgrSvc - ok
10:29:07.0217 8740	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:29:07.0232 8740	iaStorV - ok
10:29:07.0341 8740	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:29:07.0373 8740	idsvc - ok
10:29:07.0451 8740	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:29:07.0482 8740	iirsp - ok
10:29:07.0607 8740	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:29:07.0685 8740	IKEEXT - ok
10:29:07.0731 8740	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
10:29:07.0778 8740	Impcd - ok
10:29:07.0919 8740	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
10:29:07.0965 8740	IntcAzAudAddService - ok
10:29:08.0075 8740	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:29:08.0090 8740	intelide - ok
10:29:08.0137 8740	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:29:08.0168 8740	intelppm - ok
10:29:08.0199 8740	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:29:08.0246 8740	IPBusEnum - ok
10:29:08.0293 8740	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:08.0324 8740	IpFilterDriver - ok
10:29:08.0371 8740	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:29:08.0433 8740	iphlpsvc - ok
10:29:08.0465 8740	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:29:08.0480 8740	IPMIDRV - ok
10:29:08.0511 8740	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:29:08.0589 8740	IPNAT - ok
10:29:08.0683 8740	iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:29:08.0730 8740	iPod Service - ok
10:29:08.0745 8740	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:29:08.0792 8740	IRENUM - ok
10:29:08.0808 8740	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:29:08.0823 8740	isapnp - ok
10:29:08.0870 8740	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:29:08.0886 8740	iScsiPrt - ok
10:29:08.0933 8740	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:29:08.0948 8740	k57nd60a - ok
10:29:08.0964 8740	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:08.0964 8740	kbdclass - ok
10:29:09.0011 8740	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:09.0042 8740	kbdhid - ok
10:29:09.0073 8740	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:09.0073 8740	KeyIso - ok
10:29:09.0120 8740	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:29:09.0135 8740	KSecDD - ok
10:29:09.0167 8740	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:29:09.0182 8740	KSecPkg - ok
10:29:09.0198 8740	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:29:09.0260 8740	ksthunk - ok
10:29:09.0307 8740	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:29:09.0385 8740	KtmRm - ok
10:29:09.0416 8740	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:29:09.0479 8740	LanmanServer - ok
10:29:09.0510 8740	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:29:09.0557 8740	LanmanWorkstation - ok
10:29:09.0588 8740	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:29:09.0651 8740	lltdio - ok
10:29:09.0714 8740	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:29:09.0792 8740	lltdsvc - ok
10:29:09.0823 8740	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:29:09.0885 8740	lmhosts - ok
10:29:09.0963 8740	LMS             (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:29:09.0979 8740	LMS - ok
10:29:10.0026 8740	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:29:10.0041 8740	LSI_FC - ok
10:29:10.0057 8740	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:29:10.0072 8740	LSI_SAS - ok
10:29:10.0088 8740	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:29:10.0104 8740	LSI_SAS2 - ok
10:29:10.0119 8740	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:29:10.0135 8740	LSI_SCSI - ok
10:29:10.0150 8740	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:29:10.0213 8740	luafv - ok
10:29:10.0244 8740	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:29:10.0260 8740	MBAMProtector - ok
10:29:10.0384 8740	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Dateien Martin\Programme\Rescue\Malware\Malwarebytes' Anti-Malware\mbamservice.exe
10:29:10.0416 8740	MBAMService - ok
10:29:10.0462 8740	McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:29:10.0478 8740	McAfee SiteAdvisor Service - ok
10:29:10.0572 8740	McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
10:29:10.0587 8740	McComponentHostService - ok
10:29:10.0603 8740	McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:29:10.0618 8740	McMPFSvc - ok
10:29:10.0618 8740	mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:10.0634 8740	mcmscsvc - ok
10:29:10.0634 8740	McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:10.0650 8740	McNaiAnn - ok
10:29:10.0665 8740	McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:10.0681 8740	McNASvc - ok
10:29:10.0728 8740	McODS           (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
10:29:10.0759 8740	McODS - ok
10:29:10.0774 8740	McOobeSv        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:10.0790 8740	McOobeSv - ok
10:29:10.0790 8740	McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:29:10.0806 8740	McProxy - ok
10:29:10.0868 8740	McShield        (597c77235621e7ddd32a68574fde6464) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:29:10.0868 8740	McShield - ok
10:29:10.0977 8740	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:29:11.0008 8740	Mcx2Svc - ok
10:29:11.0055 8740	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:29:11.0071 8740	megasas - ok
10:29:11.0102 8740	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:29:11.0133 8740	MegaSR - ok
10:29:11.0164 8740	mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
10:29:11.0180 8740	mfeapfk - ok
10:29:11.0211 8740	mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
10:29:11.0211 8740	mfeavfk - ok
10:29:11.0227 8740	mfeavfk01 - ok
10:29:11.0258 8740	mfefire         (134bb16f93a07c2c89b0b9c399382bdb) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:29:11.0320 8740	mfefire - ok
10:29:11.0336 8740	mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
10:29:11.0367 8740	mfefirek - ok
10:29:11.0414 8740	mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
10:29:11.0445 8740	mfehidk - ok
10:29:11.0461 8740	mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:29:11.0461 8740	mfenlfk - ok
10:29:11.0492 8740	mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
10:29:11.0508 8740	mferkdet - ok
10:29:11.0570 8740	mfevtp          (4d0ecd05abb518ea323f651f4ab8458f) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
10:29:11.0632 8740	mfevtp - ok
10:29:11.0664 8740	mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
10:29:11.0679 8740	mfewfpk - ok
10:29:11.0710 8740	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:29:11.0788 8740	MMCSS - ok
10:29:11.0820 8740	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:29:11.0882 8740	Modem - ok
10:29:11.0898 8740	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:29:11.0929 8740	monitor - ok
10:29:11.0960 8740	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:29:11.0976 8740	mouclass - ok
10:29:11.0976 8740	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:29:12.0007 8740	mouhid - ok
10:29:12.0038 8740	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:29:12.0069 8740	mountmgr - ok
10:29:12.0116 8740	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:29:12.0132 8740	MozillaMaintenance - ok
10:29:12.0163 8740	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:29:12.0178 8740	mpio - ok
10:29:12.0225 8740	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:29:12.0272 8740	mpsdrv - ok
10:29:12.0350 8740	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:29:12.0412 8740	MpsSvc - ok
10:29:12.0444 8740	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:29:12.0490 8740	MRxDAV - ok
10:29:12.0522 8740	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:12.0553 8740	mrxsmb - ok
10:29:12.0600 8740	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:12.0631 8740	mrxsmb10 - ok
10:29:12.0647 8740	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:12.0679 8740	mrxsmb20 - ok
10:29:12.0710 8740	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:29:12.0725 8740	msahci - ok
10:29:12.0741 8740	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:29:12.0757 8740	msdsm - ok
10:29:12.0803 8740	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:29:12.0835 8740	MSDTC - ok
10:29:12.0881 8740	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:29:12.0928 8740	Msfs - ok
10:29:12.0944 8740	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:29:13.0006 8740	mshidkmdf - ok
10:29:13.0037 8740	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:29:13.0053 8740	msisadrv - ok
10:29:13.0084 8740	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:29:13.0147 8740	MSiSCSI - ok
10:29:13.0162 8740	msiserver - ok
10:29:13.0240 8740	MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:29:13.0256 8740	MSK80Service - ok
10:29:13.0271 8740	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:29:13.0349 8740	MSKSSRV - ok
10:29:13.0365 8740	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:13.0412 8740	MSPCLOCK - ok
10:29:13.0427 8740	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:29:13.0505 8740	MSPQM - ok
10:29:13.0552 8740	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:29:13.0599 8740	MsRPC - ok
10:29:13.0646 8740	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:29:13.0646 8740	mssmbios - ok
10:29:13.0677 8740	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:29:13.0739 8740	MSTEE - ok
10:29:13.0771 8740	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:29:13.0786 8740	MTConfig - ok
10:29:13.0817 8740	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:29:13.0833 8740	Mup - ok
10:29:13.0864 8740	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:29:13.0864 8740	mwlPSDFilter - ok
10:29:13.0880 8740	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:29:13.0880 8740	mwlPSDNServ - ok
10:29:13.0895 8740	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:29:13.0911 8740	mwlPSDVDisk - ok
10:29:13.0989 8740	MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
10:29:14.0020 8740	MWLService - ok
10:29:14.0067 8740	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:29:14.0145 8740	napagent - ok
10:29:14.0192 8740	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:29:14.0239 8740	NativeWifiP - ok
10:29:14.0317 8740	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:29:14.0348 8740	NDIS - ok
10:29:14.0363 8740	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:14.0410 8740	NdisCap - ok
10:29:14.0426 8740	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:14.0504 8740	NdisTapi - ok
10:29:14.0535 8740	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:14.0582 8740	Ndisuio - ok
10:29:14.0613 8740	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:14.0660 8740	NdisWan - ok
10:29:14.0691 8740	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:29:14.0753 8740	NDProxy - ok
10:29:14.0769 8740	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
10:29:14.0816 8740	Netaapl - ok
10:29:14.0847 8740	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:29:14.0909 8740	NetBIOS - ok
10:29:14.0941 8740	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:29:15.0003 8740	NetBT - ok
10:29:15.0034 8740	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:15.0050 8740	Netlogon - ok
10:29:15.0097 8740	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:29:15.0143 8740	Netman - ok
10:29:15.0175 8740	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:29:15.0253 8740	netprofm - ok
10:29:15.0331 8740	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:29:15.0362 8740	NetTcpPortSharing - ok
10:29:15.0393 8740	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:29:15.0393 8740	nfrd960 - ok
10:29:15.0455 8740	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:29:15.0518 8740	NlaSvc - ok
10:29:15.0721 8740	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:29:15.0767 8740	NOBU - ok
10:29:15.0877 8740	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:29:15.0955 8740	Npfs - ok
10:29:15.0970 8740	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:29:16.0048 8740	nsi - ok
10:29:16.0048 8740	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:29:16.0111 8740	nsiproxy - ok
10:29:16.0220 8740	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:29:16.0267 8740	Ntfs - ok
10:29:16.0329 8740	NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
10:29:16.0345 8740	NTI IScheduleSvc - ok
10:29:16.0454 8740	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
10:29:16.0469 8740	NTIDrvr - ok
10:29:16.0485 8740	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:29:16.0563 8740	Null - ok
10:29:16.0610 8740	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:29:16.0610 8740	nvraid - ok
10:29:16.0641 8740	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:29:16.0657 8740	nvstor - ok
10:29:16.0672 8740	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:29:16.0688 8740	nv_agp - ok
10:29:16.0781 8740	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:29:16.0797 8740	odserv - ok
10:29:16.0844 8740	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:29:16.0875 8740	ohci1394 - ok
10:29:16.0937 8740	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:16.0953 8740	ose - ok
10:29:17.0281 8740	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:29:17.0374 8740	osppsvc - ok
10:29:17.0483 8740	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:29:17.0546 8740	p2pimsvc - ok
10:29:17.0577 8740	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:29:17.0608 8740	p2psvc - ok
10:29:17.0671 8740	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:29:17.0702 8740	Parport - ok
10:29:17.0733 8740	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:29:17.0749 8740	partmgr - ok
10:29:17.0780 8740	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:29:17.0827 8740	PcaSvc - ok
10:29:17.0858 8740	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:29:17.0920 8740	pci - ok
10:29:17.0951 8740	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:29:17.0951 8740	pciide - ok
10:29:17.0998 8740	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:29:18.0029 8740	pcmcia - ok
10:29:18.0045 8740	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:29:18.0061 8740	pcw - ok
10:29:18.0092 8740	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:29:18.0154 8740	PEAUTH - ok
10:29:18.0232 8740	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:29:18.0263 8740	PerfHost - ok
10:29:18.0357 8740	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:29:18.0466 8740	pla - ok
10:29:18.0529 8740	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:29:18.0575 8740	PlugPlay - ok
10:29:18.0591 8740	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:29:18.0638 8740	PNRPAutoReg - ok
10:29:18.0669 8740	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:29:18.0685 8740	PNRPsvc - ok
10:29:18.0763 8740	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:29:18.0809 8740	PolicyAgent - ok
10:29:18.0856 8740	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:29:18.0903 8740	Power - ok
10:29:18.0965 8740	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:29:19.0012 8740	PptpMiniport - ok
10:29:19.0028 8740	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:29:19.0059 8740	Processor - ok
10:29:19.0106 8740	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:29:19.0168 8740	ProfSvc - ok
10:29:19.0199 8740	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:19.0215 8740	ProtectedStorage - ok
10:29:19.0246 8740	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:29:19.0309 8740	Psched - ok
10:29:19.0418 8740	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:29:19.0465 8740	ql2300 - ok
10:29:19.0589 8740	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:29:19.0605 8740	ql40xx - ok
10:29:19.0636 8740	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:29:19.0667 8740	QWAVE - ok
10:29:19.0667 8740	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:29:19.0699 8740	QWAVEdrv - ok
10:29:19.0730 8740	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:29:19.0777 8740	RasAcd - ok
10:29:19.0792 8740	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:19.0855 8740	RasAgileVpn - ok
10:29:19.0886 8740	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:29:19.0933 8740	RasAuto - ok
10:29:19.0979 8740	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:20.0026 8740	Rasl2tp - ok
10:29:20.0073 8740	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:29:20.0151 8740	RasMan - ok
10:29:20.0198 8740	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:20.0245 8740	RasPppoe - ok
10:29:20.0245 8740	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:29:20.0323 8740	RasSstp - ok
10:29:20.0369 8740	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:29:20.0416 8740	rdbss - ok
10:29:20.0447 8740	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:20.0463 8740	rdpbus - ok
10:29:20.0479 8740	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:20.0541 8740	RDPCDD - ok
10:29:20.0557 8740	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:29:20.0619 8740	RDPENCDD - ok
10:29:20.0650 8740	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:29:20.0697 8740	RDPREFMP - ok
10:29:20.0728 8740	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:29:20.0792 8740	RDPWD - ok
10:29:20.0854 8740	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:29:20.0870 8740	rdyboost - ok
10:29:20.0901 8740	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:29:20.0948 8740	RemoteAccess - ok
10:29:20.0979 8740	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:29:21.0057 8740	RemoteRegistry - ok
10:29:21.0088 8740	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:29:21.0135 8740	RpcEptMapper - ok
10:29:21.0166 8740	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:29:21.0197 8740	RpcLocator - ok
10:29:21.0244 8740	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:29:21.0306 8740	RpcSs - ok
10:29:21.0338 8740	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:29:21.0416 8740	rspndr - ok
10:29:21.0447 8740	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
10:29:21.0462 8740	RSUSBSTOR - ok
10:29:21.0494 8740	RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
10:29:21.0556 8740	RTHDMIAzAudService - ok
10:29:21.0587 8740	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:21.0603 8740	SamSs - ok
10:29:21.0634 8740	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:29:21.0650 8740	sbp2port - ok
10:29:21.0665 8740	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:29:21.0728 8740	SCardSvr - ok
10:29:21.0759 8740	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:29:21.0806 8740	scfilter - ok
10:29:21.0899 8740	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:29:21.0993 8740	Schedule - ok
10:29:22.0024 8740	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:29:22.0071 8740	SCPolicySvc - ok
10:29:22.0102 8740	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:29:22.0133 8740	SDRSVC - ok
10:29:22.0180 8740	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:29:22.0227 8740	secdrv - ok
10:29:22.0274 8740	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:29:22.0336 8740	seclogon - ok
10:29:22.0367 8740	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:29:22.0430 8740	SENS - ok
10:29:22.0430 8740	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:29:22.0508 8740	SensrSvc - ok
10:29:22.0523 8740	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:29:22.0554 8740	Serenum - ok
10:29:22.0586 8740	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:29:22.0601 8740	Serial - ok
10:29:22.0617 8740	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:29:22.0664 8740	sermouse - ok
10:29:22.0695 8740	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:29:22.0788 8740	SessionEnv - ok
10:29:22.0820 8740	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:29:22.0866 8740	sffdisk - ok
10:29:22.0882 8740	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:29:22.0913 8740	sffp_mmc - ok
10:29:22.0929 8740	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:29:22.0960 8740	sffp_sd - ok
10:29:22.0991 8740	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:29:23.0007 8740	sfloppy - ok
10:29:23.0085 8740	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:29:23.0100 8740	Sftfs - ok
10:29:23.0194 8740	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:29:23.0225 8740	sftlist - ok
10:29:23.0241 8740	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:29:23.0256 8740	Sftplay - ok
10:29:23.0272 8740	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:29:23.0272 8740	Sftredir - ok
10:29:23.0288 8740	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:29:23.0303 8740	Sftvol - ok
10:29:23.0319 8740	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:29:23.0334 8740	sftvsa - ok
10:29:23.0366 8740	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:29:23.0428 8740	SharedAccess - ok
10:29:23.0475 8740	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:29:23.0522 8740	ShellHWDetection - ok
10:29:23.0553 8740	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:29:23.0568 8740	SiSRaid2 - ok
10:29:23.0584 8740	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:29:23.0600 8740	SiSRaid4 - ok
10:29:23.0631 8740	SkypeUpdate     (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:29:25.0972 8740	SkypeUpdate - ok
10:29:26.0003 8740	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:29:26.0065 8740	Smb - ok
10:29:26.0112 8740	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:29:26.0112 8740	SNMPTRAP - ok
10:29:26.0143 8740	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:29:26.0143 8740	spldr - ok
10:29:26.0221 8740	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:29:26.0284 8740	Spooler - ok
10:29:26.0502 8740	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:29:26.0596 8740	sppsvc - ok
10:29:26.0705 8740	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:29:26.0767 8740	sppuinotify - ok
10:29:26.0831 8740	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:29:26.0909 8740	srv - ok
10:29:26.0940 8740	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:29:26.0971 8740	srv2 - ok
10:29:26.0987 8740	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:29:27.0034 8740	srvnet - ok
10:29:27.0080 8740	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:29:27.0143 8740	SSDPSRV - ok
10:29:27.0143 8740	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:29:27.0205 8740	SstpSvc - ok
10:29:27.0252 8740	Steam Client Service - ok
10:29:27.0268 8740	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:29:27.0283 8740	stexstor - ok
10:29:27.0346 8740	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:29:27.0408 8740	stisvc - ok
10:29:27.0439 8740	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:29:27.0455 8740	swenum - ok
10:29:27.0502 8740	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:29:27.0564 8740	swprv - ok
10:29:27.0595 8740	SynTP           (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
10:29:27.0626 8740	SynTP - ok
10:29:27.0751 8740	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:29:27.0782 8740	SysMain - ok
10:29:27.0892 8740	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:29:27.0954 8740	TabletInputService - ok
10:29:27.0985 8740	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:29:28.0048 8740	TapiSrv - ok
10:29:28.0079 8740	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:29:28.0157 8740	TBS - ok
10:29:28.0328 8740	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:29:28.0375 8740	Tcpip - ok
10:29:28.0594 8740	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:29:28.0640 8740	TCPIP6 - ok
10:29:28.0750 8740	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:29:28.0828 8740	tcpipreg - ok
10:29:28.0859 8740	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:29:28.0906 8740	TDPIPE - ok
10:29:28.0937 8740	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:29:28.0984 8740	TDTCP - ok
10:29:28.0999 8740	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:29:29.0062 8740	tdx - ok
10:29:29.0093 8740	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:29:29.0108 8740	TermDD - ok
10:29:29.0155 8740	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:29:29.0218 8740	TermService - ok
10:29:29.0249 8740	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:29:29.0264 8740	Themes - ok
10:29:29.0296 8740	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:29:29.0342 8740	THREADORDER - ok
10:29:29.0358 8740	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:29:29.0420 8740	TrkWks - ok
10:29:29.0483 8740	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:29:29.0592 8740	TrustedInstaller - ok
10:29:29.0623 8740	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:29.0670 8740	tssecsrv - ok
10:29:29.0686 8740	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:29:29.0732 8740	TsUsbFlt - ok
10:29:29.0779 8740	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:29:29.0843 8740	tunnel - ok
10:29:29.0874 8740	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
10:29:29.0889 8740	TurboB - ok
10:29:29.0952 8740	TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:29:29.0983 8740	TurboBoost - ok
10:29:29.0999 8740	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:29:30.0014 8740	uagp35 - ok
10:29:30.0014 8740	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
10:29:30.0030 8740	UBHelper - ok
10:29:30.0092 8740	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:29:30.0186 8740	udfs - ok
10:29:30.0217 8740	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:29:30.0248 8740	UI0Detect - ok
10:29:30.0264 8740	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:29:30.0279 8740	uliagpkx - ok
10:29:30.0311 8740	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:29:30.0342 8740	umbus - ok
10:29:30.0373 8740	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:29:30.0404 8740	UmPass - ok
10:29:30.0591 8740	UNS             (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:29:30.0638 8740	UNS - ok
10:29:30.0701 8740	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:29:30.0732 8740	Updater Service - ok
10:29:30.0857 8740	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:29:30.0935 8740	upnphost - ok
10:29:30.0997 8740	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:29:31.0044 8740	USBAAPL64 - ok
10:29:31.0075 8740	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:31.0122 8740	usbccgp - ok
10:29:31.0153 8740	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:29:31.0200 8740	usbcir - ok
10:29:31.0215 8740	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:29:31.0247 8740	usbehci - ok
10:29:31.0278 8740	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:29:31.0325 8740	usbhub - ok
10:29:31.0340 8740	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:29:31.0356 8740	usbohci - ok
10:29:31.0387 8740	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:29:31.0418 8740	usbprint - ok
10:29:31.0449 8740	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:29:31.0465 8740	usbscan - ok
10:29:31.0496 8740	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:31.0543 8740	USBSTOR - ok
10:29:31.0590 8740	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:29:31.0621 8740	usbuhci - ok
10:29:31.0668 8740	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:29:31.0715 8740	usbvideo - ok
10:29:31.0730 8740	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:29:31.0808 8740	UxSms - ok
10:29:31.0839 8740	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:29:31.0855 8740	VaultSvc - ok
10:29:31.0886 8740	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:29:31.0902 8740	vdrvroot - ok
10:29:31.0964 8740	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:29:32.0027 8740	vds - ok
10:29:32.0058 8740	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:32.0073 8740	vga - ok
10:29:32.0089 8740	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:29:32.0136 8740	VgaSave - ok
10:29:32.0183 8740	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:29:32.0214 8740	vhdmp - ok
10:29:32.0245 8740	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:29:32.0261 8740	viaide - ok
10:29:32.0276 8740	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:29:32.0339 8740	volmgr - ok
10:29:32.0385 8740	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:29:32.0401 8740	volmgrx - ok
10:29:32.0432 8740	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:29:32.0448 8740	volsnap - ok
10:29:32.0479 8740	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:29:32.0495 8740	vsmraid - ok
10:29:32.0619 8740	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:29:32.0682 8740	VSS - ok
10:29:32.0791 8740	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:29:32.0838 8740	vwifibus - ok
10:29:32.0838 8740	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:29:32.0869 8740	vwififlt - ok
10:29:32.0885 8740	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:29:32.0900 8740	vwifimp - ok
10:29:32.0963 8740	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:29:33.0025 8740	W32Time - ok
10:29:33.0041 8740	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:29:33.0072 8740	WacomPen - ok
10:29:33.0103 8740	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:33.0150 8740	WANARP - ok
10:29:33.0165 8740	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:33.0197 8740	Wanarpv6 - ok
10:29:33.0306 8740	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:29:33.0353 8740	wbengine - ok
10:29:33.0462 8740	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:29:33.0509 8740	WbioSrvc - ok
10:29:33.0571 8740	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:29:33.0649 8740	wcncsvc - ok
10:29:33.0665 8740	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:29:33.0727 8740	WcsPlugInService - ok
10:29:33.0774 8740	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:29:33.0789 8740	Wd - ok
10:29:33.0836 8740	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:29:33.0867 8740	Wdf01000 - ok
10:29:33.0883 8740	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:29:33.0961 8740	WdiServiceHost - ok
10:29:33.0961 8740	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:29:33.0992 8740	WdiSystemHost - ok
10:29:34.0039 8740	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:29:34.0070 8740	WebClient - ok
10:29:34.0117 8740	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:29:34.0195 8740	Wecsvc - ok
10:29:34.0211 8740	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:29:34.0289 8740	wercplsupport - ok
10:29:34.0289 8740	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:29:34.0351 8740	WerSvc - ok
10:29:34.0382 8740	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:34.0445 8740	WfpLwf - ok
10:29:34.0460 8740	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:29:34.0476 8740	WIMMount - ok
10:29:34.0507 8740	WinDefend - ok
10:29:34.0523 8740	WinHttpAutoProxySvc - ok
10:29:34.0601 8740	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:29:34.0679 8740	Winmgmt - ok
10:29:34.0835 8740	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:29:34.0913 8740	WinRM - ok
10:29:35.0053 8740	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:29:35.0084 8740	WinUsb - ok
10:29:35.0162 8740	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:29:35.0193 8740	Wlansvc - ok
10:29:35.0225 8740	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:29:35.0240 8740	WmiAcpi - ok
10:29:35.0303 8740	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:29:35.0349 8740	wmiApSrv - ok
10:29:35.0396 8740	WMPNetworkSvc - ok
10:29:35.0427 8740	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:29:35.0459 8740	WPCSvc - ok
10:29:35.0490 8740	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:29:35.0521 8740	WPDBusEnum - ok
10:29:35.0537 8740	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:29:35.0583 8740	ws2ifsl - ok
10:29:35.0599 8740	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:29:35.0630 8740	wscsvc - ok
10:29:35.0630 8740	WSearch - ok
10:29:35.0786 8740	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:29:35.0849 8740	wuauserv - ok
10:29:35.0974 8740	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:29:36.0037 8740	WudfPf - ok
10:29:36.0068 8740	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:36.0099 8740	WUDFRd - ok
10:29:36.0130 8740	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:29:36.0193 8740	wudfsvc - ok
10:29:36.0224 8740	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:29:36.0271 8740	WwanSvc - ok
10:29:36.0302 8740	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:29:36.0598 8740	\Device\Harddisk0\DR0 - ok
10:29:37.0566 8740	MBR (0x1B8)     (d78b97c21d9715044c01ef2a15e4a3e3) \Device\Harddisk1\DR1
10:29:37.0831 8740	\Device\Harddisk1\DR1 - ok
10:29:37.0831 8740	Boot (0x1200)   (ee5f1170ea49935efafc55831de43b3d) \Device\Harddisk0\DR0\Partition0
10:29:37.0831 8740	\Device\Harddisk0\DR0\Partition0 - ok
10:29:37.0846 8740	Boot (0x1200)   (10bccd5c14c6bed83ece6cc2cc940580) \Device\Harddisk0\DR0\Partition1
10:29:37.0846 8740	\Device\Harddisk0\DR0\Partition1 - ok
10:29:37.0862 8740	============================================================
10:29:37.0862 8740	Scan finished
10:29:37.0862 8740	============================================================
10:29:37.0862 6500	Detected object count: 1
10:29:37.0862 6500	Actual detected object count: 1
10:29:57.0769 6500	C:\Users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe - copied to quarantine
10:29:58.0970 6500	HKLM\SYSTEM\ControlSet001\services\ColorZillaStatsUpdater - will be deleted on reboot
10:29:59.0001 6500	HKLM\SYSTEM\ControlSet002\services\ColorZillaStatsUpdater - will be deleted on reboot
10:29:59.0204 6500	C:\Users\Martin\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe - will be deleted on reboot
10:29:59.0204 6500	ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - User select action: Delete
         

Antwort

Themen zu nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe
alternate, anti-malware, antivir, ausführung, beim starten, computer, ctfmon.lnk, fehlermeldung, folge, folgende, google earth, heuristiks/extra, heuristiks/shuriken, hochfahren, hunter, ide, kopieren, langsam, locker, malwarebytes, mywinlocker, nichts, problem, problem beim starten von c, rechner, rechner sehr langsam, scan, searchscopes, sehr langsam, shell, starten, suite/avengine/avscanningservice.exe, suite/avengine/avwatchservice.exe, super, total, trojaner, trojanhunter, trotz, zusätzliche



Ähnliche Themen: nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. WIN 7 / E-Mail-ZIP ausgeführt / KIS meldet Trojaner C:\Users\Büro\AppData\Local\Temp\Grade_born\grade-try.exe
    Log-Analyse und Auswertung - 13.06.2015 (28)
  3. Fehlermeldung: c:\users\adminc~1\appdata\local\temp\7zs349a\hpslpsvc64.dll
    Alles rund um Windows - 27.12.2014 (29)
  4. bekomme nach dem hochfahren des pc folgende fehlermeldung :C:\Users\Eva\AppData\Local\Conduit\BackgroundContainer.dll Das angegebene Modul
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (9)
  5. bekomme nach dem hochfahren des pc folgende fehlermeldung :C:\Users\Eva\AppData\Local\Conduit\BackgroundContainer.dll Das angegebene Modul
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (11)
  6. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  7. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  8. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  9. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  10. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  11. GVU-Trojaner mit Webcamfenster (C:\Users\***\Appdata\Local\Temp\0_0u-I.exe)
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (9)
  12. C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung
    Log-Analyse und Auswertung - 08.07.2012 (5)
  13. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  14. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  15. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  16. TR/Sirefef.A.31 in C:\Users\***\AppData\Local\Temp\06263bf.cpl und weitere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (13)
  17. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)

Zum Thema nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe - Hallo, ich hatte bis letzte Woche einen GVU Trojaner. Trotz Infizierung hab ich es geschafft, auf meinem Computer zuzugreifen und konnte mir Antivir, Trojanhunter, Trojanremove und malwarebyte herunterladen. Antivir hat - nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe...
Archiv
Du betrachtest: nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.