Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.BundleInstaller.ib und PUB.InstallBrain

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.01.2013, 19:55   #1
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hallo zusammen,

malewarebytes hat den o.g. Virus auf dem Laptop meiner Freundin entdeckt. Da ihr mir bereits einmal so nett mit meinem eigenen Laptop geholfen habt, wende ich mich erneut an euch.

Hier kommt das Malewarebytes-Logfile

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: NALANI [Administrator]

02.01.2013 16:21:11
MBAM-log-2013-01-02 (19-06-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381876
Laufzeit: 1 Stunde(n), 13 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)
         

Hier kommen die OTL-Logs

Code:
ATTFilter
OTL logfile created on: 02.01.2013 19:01:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 61,08% Memory free
15,96 Gb Paging File | 12,34 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,22 Gb Total Space | 151,06 Gb Free Space | 66,78% Space Free | Partition Type: NTFS
Drive D: | 224,44 Gb Total Space | 218,95 Gb Free Space | 97,56% Space Free | Partition Type: NTFS
 
Computer Name: NALANI | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.02 19:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.11.11 00:31:43 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.11.06 21:27:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012.11.02 20:18:54 | 002,400,792 | ---- | M] () -- C:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.06 13:25:54 | 000,009,824 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
PRC - [2011.09.06 13:22:46 | 000,063,488 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
PRC - [2011.05.27 15:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.12.23 14:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010.12.23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010.12.09 06:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.12.09 06:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.11.20 13:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.11.12 02:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.10.06 05:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010.09.18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.09.18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 03:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.08.25 19:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010.07.26 10:20:36 | 000,058,976 | ---- | M] (Tcam) -- C:\DATEV\PROGRAMM\VIWAS\Tools\USBScanner.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.08.25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 09:10:08 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d1a34ee93168657925ce2cfc68d8b63c\IAStorUtil.ni.dll
MOD - [2012.12.05 09:10:08 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\54d19fac3bfc693f87db68571844895a\IAStorCommon.ni.dll
MOD - [2012.12.05 08:14:13 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.12.05 08:14:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.12.05 08:13:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.12.05 08:13:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.12.05 08:13:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.12.05 08:13:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.12.05 08:13:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.12.05 08:13:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.12.05 08:12:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.02 20:18:54 | 002,400,792 | ---- | M] () -- C:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.exe
MOD - [2012.11.02 20:17:36 | 002,139,160 | ---- | M] () -- c:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.dll
MOD - [2012.08.21 12:19:50 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\Datev.Viwas.UserSession.Interfaces\6.1.0.0__cbc631f1c682336b\Datev.Viwas.UserSession.Interfaces.dll
MOD - [2011.03.31 18:29:46 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll
MOD - [2011.03.23 06:50:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.12.23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010.12.23 14:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.10.28 03:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.08.25 19:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV - [2012.11.02 20:18:54 | 002,400,792 | ---- | M] () [Auto | Running] -- C:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.exe -- (eType Manager)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.06 13:22:46 | 000,063,488 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe -- (DATEV ViwasClientService)
SRV - [2011.07.25 01:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011.05.27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.03.22 22:20:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.09 06:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.10.29 19:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.10.08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.10.06 05:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.08.25 19:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010.08.25 19:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.08.25 19:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.03.31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 20:22:10 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2010.12.10 20:22:10 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2010.12.10 20:22:10 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.28 04:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.28 03:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.25 19:07:00 | 000,470,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,120,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,098,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.08.25 19:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010.08.25 19:07:00 | 000,078,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.07.20 10:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 22:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes,DefaultScope = {21E15AF4-57D6-43DC-A1B8-7F59D740F28E}
IE - HKCU\..\SearchScopes\{21E15AF4-57D6-43DC-A1B8-7F59D740F28E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGNI_deDE509
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Download\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\FirefoxExtension [2012.11.09 21:27:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{528bcd12-8e45-4595-96dd-c92c3989c536}: D:\Programme\Multimessenger\ThunderbirdSyncProxy [2011.07.03 09:37:26 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Program Files (x86)\etype\file2linktemplateX.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AUTOSTARTEXECUTE] C:\DATEV\PROGRAMM\Install\DvInesAutostartHelper.exe (DATEV eG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIWAS - USB Scanner.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starstable.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} hxxp://www.starstable.com/plugin/PXStudioRuntimeAX.cab (PXStudioRuntimeAX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1689E1F5-9DBD-4A2C-A36F-7550389FBBAB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4994AFB8-763D-4160-859E-E9C6A80B5D73}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B69A84-AB52-4A15-B29E-FDA71F5106C3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0825DEB-9B26-4C3E-A7E0-F42DD7E5AC9B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypem~1.dll) - c:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.02 19:00:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2013.01.02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2013.01.02 16:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.02 16:12:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.02 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.02 16:11:35 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Programs
[2012.12.22 20:19:27 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\EgisTec
[2012.12.09 19:41:28 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Secunia PSI
[2012.12.09 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.12.04 16:49:06 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Amazon MP3
[2012.12.04 11:04:32 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\Akademie für Tierheilkunde Studienkosten TP-Dateien
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.02 19:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2013.01.02 18:59:55 | 000,000,000 | ---- | M] () -- C:\Users\Flo\defogger_reenable
[2013.01.02 18:58:58 | 000,050,477 | ---- | M] () -- C:\Users\Flo\Desktop\Defogger.exe
[2013.01.02 18:35:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.02 15:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.02 00:35:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.01 15:25:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 15:25:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 15:17:08 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.30 11:07:32 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.30 11:07:32 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.30 11:07:32 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.30 11:07:32 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.30 11:07:32 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 22:00:19 | 000,005,354 | ---- | M] () -- C:\Users\Flo\Desktop\christmas song 2012.wpl
[2012.12.22 21:00:45 | 000,447,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.09 19:39:01 | 000,001,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.12.07 13:09:16 | 000,127,095 | ---- | M] () -- C:\Users\Flo\Desktop\Pdf.pdf
[2012.12.07 12:29:23 | 000,124,783 | ---- | M] () -- C:\Users\Flo\Desktop\20121207122038745.tif
[2012.12.04 11:04:32 | 000,012,513 | ---- | M] () -- C:\Users\Flo\Desktop\Akademie für Tierheilkunde Studienkosten TP.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.02 18:59:55 | 000,000,000 | ---- | C] () -- C:\Users\Flo\defogger_reenable
[2013.01.02 18:58:51 | 000,050,477 | ---- | C] () -- C:\Users\Flo\Desktop\Defogger.exe
[2012.12.23 22:00:05 | 000,005,354 | ---- | C] () -- C:\Users\Flo\Desktop\christmas song 2012.wpl
[2012.12.09 19:39:01 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.12.07 13:09:16 | 000,127,095 | ---- | C] () -- C:\Users\Flo\Desktop\Pdf.pdf
[2012.12.07 12:29:22 | 000,124,783 | ---- | C] () -- C:\Users\Flo\Desktop\20121207122038745.tif
[2012.12.07 06:21:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.07 06:14:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.04 11:04:31 | 000,012,513 | ---- | C] () -- C:\Users\Flo\Desktop\Akademie für Tierheilkunde Studienkosten TP.htm
[2012.08.21 11:56:51 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 21:20:34 | 000,007,597 | ---- | C] () -- C:\Users\Flo\AppData\Local\Resmon.ResmonCfg
[2011.10.07 20:06:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.03 11:53:28 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.07.03 11:53:01 | 000,000,096 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.07.03 11:51:21 | 000,000,097 | ---- | C] () -- C:\Windows\Startup.INI
[2011.03.22 22:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.22 22:01:49 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.10 20:09:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.30 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\1&1 Mail & Media GmbH
[2011.08.06 12:06:20 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Amazon
[2011.07.03 12:01:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DATEV
[2012.10.01 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoft
[2011.06.22 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.09 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\eType
[2012.10.23 10:58:14 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\GetRightToGo
[2012.10.01 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenCandy
[2011.06.14 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\PowerCinema
[2012.12.04 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\QuickScan
[2011.10.07 20:08:28 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Synaptics
[2012.10.01 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TuneUp Software
[2011.07.03 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\WEB.DE
[2011.09.14 13:15:38 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 304 bytes -> C:\Users\Flo\Desktop\ANzeige.jpg:Updt_SummaryInformation

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.01.2013 19:01:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 61,08% Memory free
15,96 Gb Paging File | 12,34 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,22 Gb Total Space | 151,06 Gb Free Space | 66,78% Space Free | Partition Type: NTFS
Drive D: | 224,44 Gb Total Space | 218,95 Gb Free Space | 97,56% Space Free | Partition Type: NTFS
 
Computer Name: NALANI | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07655224-5449-4069-85D4-4A2E2AAEC3B1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0EEF4E78-7EBB-4139-AAB8-832D7570B7C1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{18FF7331-4B88-4FBE-9539-CEE2127059C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1A13C89F-7F7A-4C3F-BF92-F1579AE1FB17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2570F0D7-85F1-4144-A656-E4D7C246AC3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3AF2E11D-9E97-476D-9CDC-34CC390F7B2C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3F026DE6-BBDD-4A03-9C4A-F6A092C46600}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5408FAD2-109A-4BE6-BCA7-87811C625123}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | 
"{5D1B0D6B-C0EB-486C-A27B-9DC20C8D2376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{94A7D2E8-D9F1-4D96-B399-7C85658E21B1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9D604D6C-3BEF-45A7-ADB7-24B0A610BD43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DA8A7BB-A5FB-4400-9AB8-9D7B1C8EB728}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B74096AE-ABBF-45F3-B873-2C99F6BD4AA9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BAD29A8B-79ED-49D6-A4BC-C0C29416E59C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC7C72F9-37EE-4DB5-909A-A0CE2DF670DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DAF6368B-8D7C-4D66-957A-266AE872DEB3}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA5D124-3DEB-486F-9F8C-CB5C3FC55096}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10E5E226-D5FE-4EBD-A904-84A6E4E9D736}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1BA77F01-FE83-4489-BB02-40F9390CA5B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2076E324-D1B1-4373-A5C5-010938BD3D9A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{2191FD5B-6D5B-4688-92D0-E6B0EC8AB6BB}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{3391B6E0-F130-4D58-B8D4-9BD942D8CBBD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{40B013BE-8B5C-40F8-B8CD-694A04B9A46A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{482CD896-8B90-4B99-A044-5D279C1B016C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CA04018-FF91-46FA-BA86-ABA2335D830A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 
"{549467B1-2395-44CB-8EF6-BE440AB3CD84}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{7B0BE56A-BF70-4CC7-9D2A-596B57E7FBC7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{7C03A9EC-E02C-4139-9617-546EF59509F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{891160F8-6D92-4E79-BEA6-B52AC9FBE8C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{921F76A9-8C6F-4157-9415-E9CE785ABE96}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{923E75D9-3534-4EBD-BF87-A24085FCD4D4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AD3E72BA-50F1-4112-8279-637718031856}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CE4F56B2-1D93-4E47-AA3B-CCE20867A383}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D1FDFD45-ED02-4DE8-9FE7-5766652533AC}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{D2247FD1-BCF9-4967-99EE-5E1A0116F3B6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{D867A624-B777-49D4-A220-DD7625D418CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E3DDABF9-D656-4303-A4EC-F085517213FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FEC66DB7-3DAE-4861-BE58-C7C2D0E78C4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FF5BF585-8B9C-476B-8420-A197870011ED}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"TCP Query User{DAD36BDF-E660-4173-A7DB-3E0BACCAFE4B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9439CB17-7467-45FF-B8BF-5C7EAB562F15}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f24fd65f-41b7-4c85-9ee6-b4b5490cc92a}" = Nero 9
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"DATEVB00000482.0" = DATEV Installation V.2.91
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Office14.STANDARD" = Microsoft Office Standard 2010
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"WEB.DE MultiMessenger" = WEB.DE MultiMessenger
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2012 17:23:10 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:23:59 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:24:48 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:25:37 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:26:26 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:27:15 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:28:04 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:28:53 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:29:42 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
Error - 30.12.2012 17:30:31 | Computer Name = Nalani | Source = DATEV ViwasClientService | ID = 0
Description = Es ist ein Problem beim Analysieren der geplanten Tasks aufgetreten:
Fehler
 beim Lesen der VIWAS-Daten.  Datei: C:\ProgramData\DATEV\Daten\Viwas\ViwasPrimaryKeys.xml

Fehler:
 '.', hexidezimaler Wert 0x00, ist ein ungültiges Zeichen. Zeile 1, Position 1.
 
[ System Events ]
Error - 04.12.2012 17:56:17 | Computer Name = Nalani | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 80.
 
Error - 04.12.2012 17:56:17 | Computer Name = Nalani | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 80.
 
Error - 05.12.2012 03:10:06 | Computer Name = Nalani | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?12.?2012 um 03:56:17 unerwartet heruntergefahren.
 
Error - 07.12.2012 02:30:11 | Computer Name = Nalani | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Software Protection erreicht.
 
Error - 07.12.2012 02:30:11 | Computer Name = Nalani | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 12.12.2012 07:41:21 | Computer Name = Nalani | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?12.?2012 um 09:58:54 unerwartet heruntergefahren.
 
Error - 14.12.2012 13:22:09 | Computer Name = Nalani | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst DsiWMIService erreicht.
 
Error - 14.12.2012 14:11:41 | Computer Name = Nalani | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst DsiWMIService erreicht.
 
Error - 24.12.2012 10:57:09 | Computer Name = Nalani | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?12.?2012 um 15:01:29 unerwartet heruntergefahren.
 
Error - 01.01.2013 10:17:10 | Computer Name = Nalani | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?01.?2013 um 14:46:10 unerwartet heruntergefahren.
 
 
< End of report >
         
Bin für jede Hilfe dankbar!

Gruß,

Chr.Bernhard

Alt 02.01.2013, 20:06   #2
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 02.01.2013, 20:27   #3
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Danke für deine Anwort :-)

Hier kommt das Logfile

Code:
ATTFilter
20:22:25.0907 7192  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:22:26.0207 7192  ============================================================
20:22:26.0207 7192  Current date / time: 2013/01/02 20:22:26.0207
20:22:26.0207 7192  SystemInfo:
20:22:26.0207 7192  
20:22:26.0207 7192  OS Version: 6.1.7601 ServicePack: 1.0
20:22:26.0207 7192  Product type: Workstation
20:22:26.0207 7192  ComputerName: NALANI
20:22:26.0207 7192  UserName: Flo
20:22:26.0207 7192  Windows directory: C:\Windows
20:22:26.0207 7192  System windows directory: C:\Windows
20:22:26.0207 7192  Running under WOW64
20:22:26.0207 7192  Processor architecture: Intel x64
20:22:26.0207 7192  Number of processors: 8
20:22:26.0207 7192  Page size: 0x1000
20:22:26.0207 7192  Boot type: Normal boot
20:22:26.0207 7192  ============================================================
20:22:26.0747 7192  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:26.0747 7192  ============================================================
20:22:26.0747 7192  \Device\Harddisk0\DR0:
20:22:26.0747 7192  MBR partitions:
20:22:26.0747 7192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
20:22:26.0747 7192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C473000
20:22:26.0767 7192  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E2A6000, BlocksNum 0x1C0DF800
20:22:26.0767 7192  ============================================================
20:22:26.0847 7192  C: <-> \Device\Harddisk0\DR0\Partition2
20:22:26.0887 7192  D: <-> \Device\Harddisk0\DR0\Partition3
20:22:26.0887 7192  ============================================================
20:22:26.0887 7192  Initialize success
20:22:26.0887 7192  ============================================================
20:23:26.0987 4664  ============================================================
20:23:26.0987 4664  Scan started
20:23:26.0987 4664  Mode: Manual; SigCheck; TDLFS; 
20:23:26.0987 4664  ============================================================
20:23:27.0497 4664  ================ Scan system memory ========================
20:23:27.0497 4664  System memory - ok
20:23:27.0497 4664  ================ Scan services =============================
20:23:27.0857 4664  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:23:27.0987 4664  1394ohci - ok
20:23:28.0057 4664  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:23:28.0087 4664  ACPI - ok
20:23:28.0127 4664  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:23:28.0257 4664  AcpiPmi - ok
20:23:28.0357 4664  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:23:28.0377 4664  AdobeARMservice - ok
20:23:28.0447 4664  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:28.0477 4664  adp94xx - ok
20:23:28.0527 4664  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:23:28.0557 4664  adpahci - ok
20:23:28.0587 4664  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:23:28.0597 4664  adpu320 - ok
20:23:28.0627 4664  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:23:28.0827 4664  AeLookupSvc - ok
20:23:28.0917 4664  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:23:28.0967 4664  AFD - ok
20:23:29.0017 4664  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:23:29.0027 4664  agp440 - ok
20:23:29.0047 4664  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:23:29.0127 4664  ALG - ok
20:23:29.0157 4664  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:23:29.0187 4664  aliide - ok
20:23:29.0217 4664  [ 9CB927E76D3F65A02741A4D9A690178C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:23:29.0307 4664  AMD External Events Utility - ok
20:23:29.0317 4664  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:23:29.0327 4664  amdide - ok
20:23:29.0357 4664  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:23:29.0427 4664  AmdK8 - ok
20:23:29.0637 4664  [ B8660FB5431F136635FB6446AC67FAAE ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:29.0898 4664  amdkmdag - ok
20:23:29.0898 4664  [ 5FC9D833F726383D9D60205F5A3CF16B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:29.0938 4664  amdkmdap - ok
20:23:29.0958 4664  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:23:29.0968 4664  AmdPPM - ok
20:23:30.0018 4664  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:23:30.0028 4664  amdsata - ok
20:23:30.0058 4664  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:30.0088 4664  amdsbs - ok
20:23:30.0098 4664  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:23:30.0108 4664  amdxata - ok
20:23:30.0168 4664  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:23:30.0358 4664  AppID - ok
20:23:30.0378 4664  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:23:30.0438 4664  AppIDSvc - ok
20:23:30.0498 4664  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:23:30.0548 4664  Appinfo - ok
20:23:30.0568 4664  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:23:30.0578 4664  arc - ok
20:23:30.0578 4664  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:23:30.0588 4664  arcsas - ok
20:23:30.0728 4664  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:23:30.0748 4664  aspnet_state - ok
20:23:30.0778 4664  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:30.0838 4664  AsyncMac - ok
20:23:30.0858 4664  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:23:30.0868 4664  atapi - ok
20:23:30.0978 4664  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:23:31.0018 4664  athr - ok
20:23:31.0048 4664  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:23:31.0068 4664  AtiHdmiService - ok
20:23:31.0128 4664  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:23:31.0218 4664  AudioEndpointBuilder - ok
20:23:31.0248 4664  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:23:31.0288 4664  AudioSrv - ok
20:23:31.0348 4664  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:23:31.0488 4664  AxInstSV - ok
20:23:31.0538 4664  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:31.0628 4664  b06bdrv - ok
20:23:31.0678 4664  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:31.0728 4664  b57nd60a - ok
20:23:31.0758 4664  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:23:31.0788 4664  BDESVC - ok
20:23:31.0798 4664  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:23:31.0858 4664  Beep - ok
20:23:31.0918 4664  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:23:31.0978 4664  BFE - ok
20:23:32.0008 4664  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:23:32.0068 4664  BITS - ok
20:23:32.0098 4664  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:32.0128 4664  blbdrive - ok
20:23:32.0168 4664  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:23:32.0208 4664  bowser - ok
20:23:32.0218 4664  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:32.0328 4664  BrFiltLo - ok
20:23:32.0338 4664  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:32.0398 4664  BrFiltUp - ok
20:23:32.0428 4664  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:23:32.0468 4664  Browser - ok
20:23:32.0498 4664  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:23:32.0568 4664  Brserid - ok
20:23:32.0588 4664  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:32.0628 4664  BrSerWdm - ok
20:23:32.0638 4664  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:32.0698 4664  BrUsbMdm - ok
20:23:32.0718 4664  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:32.0828 4664  BrUsbSer - ok
20:23:32.0848 4664  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:32.0938 4664  BTHMODEM - ok
20:23:32.0968 4664  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:23:33.0008 4664  bthserv - ok
20:23:33.0028 4664  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:23:33.0068 4664  cdfs - ok
20:23:33.0108 4664  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:23:33.0158 4664  cdrom - ok
20:23:33.0208 4664  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:23:33.0288 4664  CertPropSvc - ok
20:23:33.0308 4664  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:23:33.0328 4664  circlass - ok
20:23:33.0368 4664  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:23:33.0378 4664  CLFS - ok
20:23:33.0428 4664  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:33.0458 4664  clr_optimization_v2.0.50727_32 - ok
20:23:33.0518 4664  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:33.0528 4664  clr_optimization_v2.0.50727_64 - ok
20:23:33.0618 4664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:33.0628 4664  clr_optimization_v4.0.30319_32 - ok
20:23:33.0638 4664  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:33.0648 4664  clr_optimization_v4.0.30319_64 - ok
20:23:33.0678 4664  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:33.0698 4664  CmBatt - ok
20:23:33.0718 4664  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:23:33.0728 4664  cmdide - ok
20:23:33.0778 4664  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:23:33.0818 4664  CNG - ok
20:23:33.0848 4664  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:23:33.0858 4664  Compbatt - ok
20:23:33.0918 4664  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:23:33.0988 4664  CompositeBus - ok
20:23:34.0008 4664  COMSysApp - ok
20:23:34.0028 4664  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:34.0058 4664  crcdisk - ok
20:23:34.0098 4664  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:23:34.0158 4664  CryptSvc - ok
20:23:34.0238 4664  [ 7C57F1944D9C45601541D248E1C1A80D ] DATEV Update-Service C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
20:23:34.0268 4664  DATEV Update-Service - ok
20:23:34.0318 4664  [ F1D6C9EC9968A4B0BD215FE9BD10139E ] DATEV ViwasClientService C:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
20:23:34.0338 4664  DATEV ViwasClientService ( UnsignedFile.Multi.Generic ) - warning
20:23:34.0338 4664  DATEV ViwasClientService - detected UnsignedFile.Multi.Generic (1)
20:23:34.0398 4664  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:23:34.0498 4664  DcomLaunch - ok
20:23:34.0548 4664  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:23:34.0598 4664  defragsvc - ok
20:23:34.0648 4664  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:23:34.0718 4664  DfsC - ok
20:23:34.0768 4664  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:23:34.0838 4664  Dhcp - ok
20:23:34.0858 4664  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:23:34.0928 4664  discache - ok
20:23:34.0978 4664  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:23:35.0008 4664  Disk - ok
20:23:35.0048 4664  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:23:35.0118 4664  Dnscache - ok
20:23:35.0158 4664  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:23:35.0208 4664  dot3svc - ok
20:23:35.0228 4664  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:23:35.0268 4664  DPS - ok
20:23:35.0288 4664  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:23:35.0308 4664  drmkaud - ok
20:23:35.0388 4664  [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:23:35.0428 4664  DsiWMIService - ok
20:23:35.0488 4664  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:23:35.0508 4664  DXGKrnl - ok
20:23:35.0528 4664  EagleX64 - ok
20:23:35.0558 4664  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:23:35.0598 4664  EapHost - ok
20:23:35.0698 4664  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:23:35.0758 4664  ebdrv - ok
20:23:35.0798 4664  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:23:35.0868 4664  EFS - ok
20:23:35.0918 4664  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:23:35.0928 4664  EgisTec Ticket Service - ok
20:23:35.0988 4664  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:23:36.0058 4664  ehRecvr - ok
20:23:36.0088 4664  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:23:36.0148 4664  ehSched - ok
20:23:36.0198 4664  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:23:36.0228 4664  elxstor - ok
20:23:36.0318 4664  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:23:36.0358 4664  ePowerSvc - ok
20:23:36.0368 4664  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:23:36.0388 4664  ErrDev - ok
20:23:36.0588 4664  [ 432348FC02E4293C42C66FE123F0641E ] eType Manager   C:\ProgramData\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.exe
20:23:36.0728 4664  eType Manager - ok
20:23:36.0758 4664  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:23:36.0808 4664  EventSystem - ok
20:23:36.0858 4664  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:23:36.0898 4664  exfat - ok
20:23:36.0908 4664  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:23:36.0948 4664  fastfat - ok
20:23:37.0018 4664  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:23:37.0108 4664  Fax - ok
20:23:37.0128 4664  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:23:37.0168 4664  fdc - ok
20:23:37.0188 4664  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:23:37.0238 4664  fdPHost - ok
20:23:37.0258 4664  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:23:37.0288 4664  FDResPub - ok
20:23:37.0318 4664  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:23:37.0328 4664  FileInfo - ok
20:23:37.0338 4664  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:23:37.0388 4664  Filetrace - ok
20:23:37.0448 4664  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:23:37.0488 4664  FLEXnet Licensing Service - ok
20:23:37.0498 4664  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:37.0518 4664  flpydisk - ok
20:23:37.0558 4664  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:23:37.0598 4664  FltMgr - ok
20:23:37.0648 4664  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:23:37.0758 4664  FontCache - ok
20:23:37.0808 4664  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:37.0828 4664  FontCache3.0.0.0 - ok
20:23:37.0838 4664  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:23:37.0858 4664  FsDepends - ok
20:23:37.0888 4664  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:23:37.0898 4664  Fs_Rec - ok
20:23:37.0938 4664  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:23:37.0978 4664  fvevol - ok
20:23:38.0008 4664  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:38.0028 4664  gagp30kx - ok
20:23:38.0078 4664  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:23:38.0158 4664  gpsvc - ok
20:23:38.0228 4664  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:23:38.0258 4664  GREGService - ok
20:23:38.0338 4664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:23:38.0368 4664  gupdate - ok
20:23:38.0368 4664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:23:38.0378 4664  gupdatem - ok
20:23:38.0418 4664  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:23:38.0428 4664  gusvc - ok
20:23:38.0438 4664  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:23:38.0478 4664  hcw85cir - ok
20:23:38.0538 4664  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:23:38.0578 4664  HdAudAddService - ok
20:23:38.0608 4664  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:23:38.0628 4664  HDAudBus - ok
20:23:38.0638 4664  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:38.0688 4664  HidBatt - ok
20:23:38.0718 4664  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:23:38.0758 4664  HidBth - ok
20:23:38.0798 4664  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:23:38.0838 4664  HidIr - ok
20:23:38.0868 4664  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:23:38.0918 4664  hidserv - ok
20:23:38.0978 4664  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:23:38.0988 4664  HidUsb - ok
20:23:39.0038 4664  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:23:39.0108 4664  hkmsvc - ok
20:23:39.0148 4664  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:23:39.0178 4664  HomeGroupListener - ok
20:23:39.0218 4664  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:23:39.0248 4664  HomeGroupProvider - ok
20:23:39.0278 4664  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:23:39.0298 4664  HpSAMD - ok
20:23:39.0348 4664  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:23:39.0388 4664  HTCAND64 - ok
20:23:39.0468 4664  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
20:23:39.0488 4664  htcnprot - ok
20:23:39.0558 4664  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:23:39.0638 4664  HTTP - ok
20:23:39.0658 4664  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:23:39.0668 4664  hwpolicy - ok
20:23:39.0728 4664  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:23:39.0758 4664  i8042prt - ok
20:23:39.0798 4664  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:23:39.0818 4664  iaStor - ok
20:23:39.0868 4664  [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:23:39.0898 4664  IAStorDataMgrSvc - ok
20:23:39.0928 4664  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:23:39.0948 4664  iaStorV - ok
20:23:40.0008 4664  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:40.0048 4664  idsvc - ok
20:23:40.0088 4664  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:23:40.0098 4664  iirsp - ok
20:23:40.0128 4664  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:23:40.0218 4664  IKEEXT - ok
20:23:40.0318 4664  [ F4C031439501F6C1D336A36D7CB58F4F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:23:40.0368 4664  IntcAzAudAddService - ok
20:23:40.0378 4664  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:23:40.0388 4664  intelide - ok
20:23:40.0418 4664  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:23:40.0438 4664  intelppm - ok
20:23:40.0478 4664  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:23:40.0508 4664  IPBusEnum - ok
20:23:40.0558 4664  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:40.0638 4664  IpFilterDriver - ok
20:23:40.0698 4664  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:23:40.0738 4664  iphlpsvc - ok
20:23:40.0778 4664  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:23:40.0808 4664  IPMIDRV - ok
20:23:40.0808 4664  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:23:40.0848 4664  IPNAT - ok
20:23:40.0878 4664  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:23:40.0948 4664  IRENUM - ok
20:23:40.0978 4664  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:23:40.0988 4664  isapnp - ok
20:23:41.0018 4664  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:23:41.0028 4664  iScsiPrt - ok
20:23:41.0048 4664  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:23:41.0058 4664  kbdclass - ok
20:23:41.0098 4664  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:23:41.0108 4664  kbdhid - ok
20:23:41.0128 4664  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:23:41.0148 4664  KeyIso - ok
20:23:41.0178 4664  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:23:41.0188 4664  KSecDD - ok
20:23:41.0218 4664  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:23:41.0248 4664  KSecPkg - ok
20:23:41.0308 4664  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:23:41.0378 4664  ksthunk - ok
20:23:41.0418 4664  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:23:41.0458 4664  KtmRm - ok
20:23:41.0508 4664  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:23:41.0508 4664  L1C - ok
20:23:41.0568 4664  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:23:41.0618 4664  LanmanServer - ok
20:23:41.0668 4664  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:41.0728 4664  LanmanWorkstation - ok
20:23:41.0768 4664  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:23:41.0828 4664  lltdio - ok
20:23:41.0858 4664  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:23:41.0898 4664  lltdsvc - ok
20:23:41.0918 4664  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:23:41.0968 4664  lmhosts - ok
20:23:41.0998 4664  [ 926EBA26A8B49D1597751CED06B50862 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:23:42.0008 4664  LMS - ok
20:23:42.0038 4664  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:42.0048 4664  LSI_FC - ok
20:23:42.0058 4664  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:42.0068 4664  LSI_SAS - ok
20:23:42.0078 4664  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:42.0088 4664  LSI_SAS2 - ok
20:23:42.0098 4664  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:42.0118 4664  LSI_SCSI - ok
20:23:42.0128 4664  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:23:42.0168 4664  luafv - ok
20:23:42.0248 4664  [ 5D992CA633358DD0E7A16D88829DA087 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
20:23:42.0318 4664  McAfeeEngineService - ok
20:23:42.0398 4664  [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
20:23:42.0418 4664  McAfeeFramework - ok
20:23:42.0438 4664  [ 320BFA711222E371EF70E2ACCE7FA091 ] McShield        C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
20:23:42.0448 4664  McShield - ok
20:23:42.0468 4664  [ 3077FEEFA81B025390092F7FBF2B51C5 ] McTaskManager   C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
20:23:42.0498 4664  McTaskManager - ok
20:23:42.0538 4664  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:23:42.0598 4664  Mcx2Svc - ok
20:23:42.0608 4664  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:23:42.0618 4664  megasas - ok
20:23:42.0648 4664  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:42.0658 4664  MegaSR - ok
20:23:42.0708 4664  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:23:42.0728 4664  MEIx64 - ok
20:23:42.0778 4664  [ 07795C10658FA4350D222C7EF9077798 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
20:23:42.0808 4664  mfeapfk - ok
20:23:42.0858 4664  [ 3825F334915733B85EED24F0640FADAE ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
20:23:42.0888 4664  mfeavfk - ok
20:23:42.0918 4664  [ 6FE6964A4B4797EB6EF253E0DE8D64E4 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
20:23:42.0938 4664  mfehidk - ok
20:23:42.0958 4664  [ 5F21288266B9B51A61272B192365E87C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
20:23:42.0968 4664  mferkdet - ok
20:23:42.0988 4664  [ B6170FAD509317A963BE6D4C2E104D2F ] mfetdik         C:\Windows\system32\drivers\mfetdik.sys
20:23:42.0998 4664  mfetdik - ok
20:23:43.0008 4664  [ EDEE0AD70A1461AB45BD62A07751A34B ] mfevtp          C:\Windows\system32\mfevtps.exe
20:23:43.0018 4664  mfevtp - ok
20:23:43.0038 4664  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:23:43.0088 4664  MMCSS - ok
20:23:43.0098 4664  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:23:43.0148 4664  Modem - ok
20:23:43.0188 4664  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:23:43.0228 4664  monitor - ok
20:23:43.0278 4664  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:23:43.0288 4664  mouclass - ok
20:23:43.0308 4664  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:23:43.0348 4664  mouhid - ok
20:23:43.0388 4664  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:23:43.0418 4664  mountmgr - ok
20:23:43.0448 4664  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:23:43.0458 4664  mpio - ok
20:23:43.0468 4664  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:23:43.0498 4664  mpsdrv - ok
20:23:43.0548 4664  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:23:43.0598 4664  MpsSvc - ok
20:23:43.0628 4664  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:23:43.0688 4664  MRxDAV - ok
20:23:43.0718 4664  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:43.0788 4664  mrxsmb - ok
20:23:43.0808 4664  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:43.0848 4664  mrxsmb10 - ok
20:23:43.0888 4664  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:43.0918 4664  mrxsmb20 - ok
20:23:43.0938 4664  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:23:43.0948 4664  msahci - ok
20:23:43.0958 4664  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:23:43.0978 4664  msdsm - ok
20:23:43.0998 4664  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:23:44.0008 4664  MSDTC - ok
20:23:44.0028 4664  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:23:44.0058 4664  Msfs - ok
20:23:44.0078 4664  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:23:44.0118 4664  mshidkmdf - ok
20:23:44.0138 4664  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:23:44.0148 4664  msisadrv - ok
20:23:44.0168 4664  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:23:44.0208 4664  MSiSCSI - ok
20:23:44.0208 4664  msiserver - ok
20:23:44.0238 4664  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:23:44.0278 4664  MSKSSRV - ok
20:23:44.0318 4664  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:44.0358 4664  MSPCLOCK - ok
20:23:44.0368 4664  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:23:44.0408 4664  MSPQM - ok
20:23:44.0438 4664  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:23:44.0458 4664  MsRPC - ok
20:23:44.0488 4664  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:23:44.0498 4664  mssmbios - ok
20:23:44.0518 4664  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:23:44.0548 4664  MSTEE - ok
20:23:44.0568 4664  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:44.0578 4664  MTConfig - ok
20:23:44.0588 4664  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:23:44.0598 4664  Mup - ok
20:23:44.0618 4664  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:23:44.0618 4664  mwlPSDFilter - ok
20:23:44.0628 4664  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:23:44.0638 4664  mwlPSDNServ - ok
20:23:44.0658 4664  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:23:44.0668 4664  mwlPSDVDisk - ok
20:23:44.0708 4664  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:23:44.0778 4664  napagent - ok
20:23:44.0808 4664  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:23:44.0848 4664  NativeWifiP - ok
20:23:44.0918 4664  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:23:44.0948 4664  NDIS - ok
20:23:44.0978 4664  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:45.0008 4664  NdisCap - ok
20:23:45.0028 4664  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:45.0068 4664  NdisTapi - ok
20:23:45.0118 4664  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:45.0178 4664  Ndisuio - ok
20:23:45.0218 4664  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:45.0268 4664  NdisWan - ok
20:23:45.0308 4664  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:23:45.0328 4664  NDProxy - ok
20:23:45.0458 4664  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:23:45.0488 4664  Nero BackItUp Scheduler 4.0 - ok
20:23:45.0498 4664  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:23:45.0528 4664  NetBIOS - ok
20:23:45.0558 4664  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:23:45.0648 4664  NetBT - ok
20:23:45.0668 4664  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:23:45.0678 4664  Netlogon - ok
20:23:45.0708 4664  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:23:45.0788 4664  Netman - ok
20:23:45.0818 4664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:45.0828 4664  NetMsmqActivator - ok
20:23:45.0828 4664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:45.0838 4664  NetPipeActivator - ok
20:23:45.0868 4664  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:23:45.0898 4664  netprofm - ok
20:23:45.0908 4664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:45.0918 4664  NetTcpActivator - ok
20:23:45.0918 4664  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:45.0928 4664  NetTcpPortSharing - ok
20:23:45.0948 4664  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:45.0958 4664  nfrd960 - ok
20:23:45.0998 4664  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:23:46.0028 4664  NlaSvc - ok
20:23:46.0048 4664  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:23:46.0078 4664  Npfs - ok
20:23:46.0088 4664  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:23:46.0128 4664  nsi - ok
20:23:46.0148 4664  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:23:46.0208 4664  nsiproxy - ok
20:23:46.0288 4664  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:23:46.0358 4664  Ntfs - ok
20:23:46.0418 4664  [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
20:23:46.0448 4664  NTI IScheduleSvc - ok
20:23:46.0488 4664  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:23:46.0508 4664  NTIDrvr - ok
20:23:46.0508 4664  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:23:46.0598 4664  Null - ok
20:23:46.0648 4664  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:23:46.0678 4664  nusb3hub - ok
20:23:46.0738 4664  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:23:46.0818 4664  nusb3xhc - ok
20:23:46.0868 4664  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:23:46.0898 4664  nvraid - ok
20:23:46.0918 4664  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:23:46.0938 4664  nvstor - ok
20:23:46.0968 4664  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:23:47.0008 4664  nv_agp - ok
20:23:47.0048 4664  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:23:47.0078 4664  ohci1394 - ok
20:23:47.0148 4664  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:47.0168 4664  ose - ok
20:23:47.0378 4664  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:23:47.0538 4664  osppsvc - ok
20:23:47.0568 4664  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:23:47.0648 4664  p2pimsvc - ok
20:23:47.0688 4664  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:23:47.0728 4664  p2psvc - ok
20:23:47.0768 4664  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:23:47.0808 4664  Parport - ok
20:23:47.0838 4664  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:23:47.0868 4664  partmgr - ok
20:23:47.0928 4664  [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:23:47.0938 4664  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:23:47.0938 4664  PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:23:47.0958 4664  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:23:47.0998 4664  PcaSvc - ok
20:23:48.0018 4664  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:23:48.0028 4664  pci - ok
20:23:48.0048 4664  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:23:48.0058 4664  pciide - ok
20:23:48.0078 4664  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:48.0088 4664  pcmcia - ok
20:23:48.0108 4664  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:23:48.0118 4664  pcw - ok
20:23:48.0148 4664  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:23:48.0188 4664  PEAUTH - ok
20:23:48.0308 4664  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:23:48.0358 4664  PerfHost - ok
20:23:48.0418 4664  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:23:48.0478 4664  pla - ok
20:23:48.0518 4664  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:23:48.0598 4664  PlugPlay - ok
20:23:48.0598 4664  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:23:48.0618 4664  PNRPAutoReg - ok
20:23:48.0628 4664  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:23:48.0638 4664  PNRPsvc - ok
20:23:48.0668 4664  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:23:48.0718 4664  PolicyAgent - ok
20:23:48.0748 4664  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:23:48.0788 4664  Power - ok
20:23:48.0828 4664  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:23:48.0858 4664  PptpMiniport - ok
20:23:48.0878 4664  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:23:48.0898 4664  Processor - ok
20:23:48.0928 4664  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:23:48.0968 4664  ProfSvc - ok
20:23:48.0988 4664  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:23:48.0998 4664  ProtectedStorage - ok
20:23:49.0058 4664  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:23:49.0128 4664  Psched - ok
20:23:49.0208 4664  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
20:23:49.0228 4664  PSI - ok
20:23:49.0298 4664  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:23:49.0408 4664  ql2300 - ok
20:23:49.0418 4664  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:49.0428 4664  ql40xx - ok
20:23:49.0458 4664  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:23:49.0498 4664  QWAVE - ok
20:23:49.0508 4664  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:23:49.0538 4664  QWAVEdrv - ok
20:23:49.0548 4664  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:23:49.0578 4664  RasAcd - ok
20:23:49.0608 4664  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:49.0688 4664  RasAgileVpn - ok
20:23:49.0718 4664  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:23:49.0748 4664  RasAuto - ok
20:23:49.0768 4664  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:49.0808 4664  Rasl2tp - ok
20:23:49.0848 4664  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:23:49.0888 4664  RasMan - ok
20:23:49.0898 4664  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:49.0958 4664  RasPppoe - ok
20:23:49.0968 4664  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:23:49.0998 4664  RasSstp - ok
20:23:50.0018 4664  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:23:50.0048 4664  rdbss - ok
20:23:50.0068 4664  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:50.0078 4664  rdpbus - ok
20:23:50.0108 4664  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:50.0158 4664  RDPCDD - ok
20:23:50.0168 4664  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:23:50.0198 4664  RDPENCDD - ok
20:23:50.0208 4664  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:23:50.0238 4664  RDPREFMP - ok
20:23:50.0308 4664  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:23:50.0358 4664  RdpVideoMiniport - ok
20:23:50.0398 4664  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:23:50.0478 4664  RDPWD - ok
20:23:50.0538 4664  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:23:50.0578 4664  rdyboost - ok
20:23:50.0608 4664  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:23:50.0688 4664  RemoteAccess - ok
20:23:50.0718 4664  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:23:50.0748 4664  RemoteRegistry - ok
20:23:50.0768 4664  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:23:50.0808 4664  RpcEptMapper - ok
20:23:50.0838 4664  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:23:50.0888 4664  RpcLocator - ok
20:23:50.0928 4664  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:23:50.0978 4664  RpcSs - ok
20:23:51.0008 4664  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:23:51.0048 4664  rspndr - ok
20:23:51.0098 4664  [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:23:51.0128 4664  RSUSBSTOR - ok
20:23:51.0158 4664  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:23:51.0168 4664  SamSs - ok
20:23:51.0208 4664  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:23:51.0238 4664  sbp2port - ok
20:23:51.0258 4664  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:23:51.0298 4664  SCardSvr - ok
20:23:51.0328 4664  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:23:51.0428 4664  scfilter - ok
20:23:51.0478 4664  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:23:51.0558 4664  Schedule - ok
20:23:51.0598 4664  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:23:51.0648 4664  SCPolicySvc - ok
20:23:51.0758 4664  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
20:23:51.0798 4664  ScrybeUpdater - ok
20:23:51.0828 4664  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:23:51.0848 4664  SDRSVC - ok
20:23:51.0878 4664  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:23:51.0928 4664  secdrv - ok
20:23:51.0978 4664  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:23:52.0038 4664  seclogon - ok
20:23:52.0148 4664  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
20:23:52.0228 4664  Secunia PSI Agent - ok
20:23:52.0248 4664  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
20:23:52.0268 4664  Secunia Update Agent - ok
20:23:52.0298 4664  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:23:52.0338 4664  SENS - ok
20:23:52.0348 4664  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:23:52.0378 4664  SensrSvc - ok
20:23:52.0418 4664  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:23:52.0438 4664  Serenum - ok
20:23:52.0468 4664  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:23:52.0508 4664  Serial - ok
20:23:52.0578 4664  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:23:52.0618 4664  sermouse - ok
20:23:52.0658 4664  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:23:52.0688 4664  SessionEnv - ok
20:23:52.0728 4664  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:23:52.0798 4664  sffdisk - ok
20:23:52.0818 4664  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:23:52.0868 4664  sffp_mmc - ok
20:23:52.0888 4664  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:23:52.0918 4664  sffp_sd - ok
20:23:52.0958 4664  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:52.0988 4664  sfloppy - ok
20:23:53.0018 4664  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:23:53.0058 4664  SharedAccess - ok
20:23:53.0108 4664  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:23:53.0188 4664  ShellHWDetection - ok
20:23:53.0208 4664  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:53.0228 4664  SiSRaid2 - ok
20:23:53.0238 4664  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:53.0248 4664  SiSRaid4 - ok
20:23:53.0258 4664  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:23:53.0288 4664  Smb - ok
20:23:53.0308 4664  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:23:53.0328 4664  SNMPTRAP - ok
20:23:53.0338 4664  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:23:53.0348 4664  spldr - ok
20:23:53.0388 4664  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:23:53.0428 4664  Spooler - ok
20:23:53.0528 4664  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:23:53.0598 4664  sppsvc - ok
20:23:53.0628 4664  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:23:53.0708 4664  sppuinotify - ok
20:23:53.0748 4664  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:23:53.0818 4664  srv - ok
20:23:53.0838 4664  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:23:53.0868 4664  srv2 - ok
20:23:53.0908 4664  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:23:53.0938 4664  srvnet - ok
20:23:53.0968 4664  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:23:54.0038 4664  SSDPSRV - ok
20:23:54.0058 4664  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:23:54.0108 4664  SstpSvc - ok
20:23:54.0128 4664  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:23:54.0138 4664  stexstor - ok
20:23:54.0198 4664  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:23:54.0238 4664  stisvc - ok
20:23:54.0278 4664  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:23:54.0278 4664  swenum - ok
20:23:54.0298 4664  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:23:54.0348 4664  swprv - ok
20:23:54.0448 4664  [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:23:54.0548 4664  SynTP - ok
20:23:54.0658 4664  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:23:54.0748 4664  SysMain - ok
20:23:54.0788 4664  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:23:54.0828 4664  TabletInputService - ok
20:23:54.0878 4664  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:23:54.0958 4664  TapiSrv - ok
20:23:54.0968 4664  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:23:54.0998 4664  TBS - ok
20:23:55.0098 4664  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:23:55.0168 4664  Tcpip - ok
20:23:55.0218 4664  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:23:55.0248 4664  TCPIP6 - ok
20:23:55.0278 4664  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:23:55.0328 4664  tcpipreg - ok
20:23:55.0368 4664  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:23:55.0428 4664  TDPIPE - ok
20:23:55.0458 4664  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:23:55.0498 4664  TDTCP - ok
20:23:55.0548 4664  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:23:55.0618 4664  tdx - ok
20:23:55.0668 4664  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:23:55.0678 4664  TermDD - ok
20:23:55.0728 4664  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:23:55.0808 4664  TermService - ok
20:23:55.0818 4664  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:23:55.0828 4664  Themes - ok
20:23:55.0848 4664  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:23:55.0878 4664  THREADORDER - ok
20:23:55.0898 4664  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:23:55.0948 4664  TrkWks - ok
20:23:56.0008 4664  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:23:56.0058 4664  TrustedInstaller - ok
20:23:56.0098 4664  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:56.0168 4664  tssecsrv - ok
20:23:56.0198 4664  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:23:56.0248 4664  TsUsbFlt - ok
20:23:56.0298 4664  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:23:56.0358 4664  tunnel - ok
20:23:56.0408 4664  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:23:56.0438 4664  TurboB - ok
20:23:56.0488 4664  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:23:56.0508 4664  TurboBoost - ok
20:23:56.0518 4664  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:23:56.0528 4664  uagp35 - ok
20:23:56.0548 4664  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:23:56.0558 4664  UBHelper - ok
20:23:56.0598 4664  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:23:56.0628 4664  udfs - ok
20:23:56.0648 4664  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:23:56.0658 4664  UI0Detect - ok
20:23:56.0678 4664  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:23:56.0688 4664  uliagpkx - ok
20:23:56.0738 4664  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:23:56.0788 4664  umbus - ok
20:23:56.0818 4664  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:23:56.0858 4664  UmPass - ok
20:23:56.0998 4664  [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:23:57.0048 4664  UNS - ok
20:23:57.0128 4664  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:23:57.0148 4664  Updater Service - ok
20:23:57.0168 4664  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:23:57.0248 4664  upnphost - ok
20:23:57.0318 4664  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:57.0358 4664  usbccgp - ok
20:23:57.0388 4664  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:23:57.0428 4664  usbcir - ok
20:23:57.0448 4664  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:23:57.0468 4664  usbehci - ok
20:23:57.0508 4664  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:23:57.0558 4664  usbhub - ok
20:23:57.0578 4664  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:23:57.0618 4664  usbohci - ok
20:23:57.0658 4664  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:23:57.0688 4664  usbprint - ok
20:23:57.0728 4664  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:57.0788 4664  USBSTOR - ok
20:23:57.0828 4664  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:23:57.0878 4664  usbuhci - ok
20:23:57.0928 4664  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:23:58.0008 4664  usbvideo - ok
20:23:58.0028 4664  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
20:23:58.0088 4664  usb_rndisx - ok
20:23:58.0098 4664  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:23:58.0138 4664  UxSms - ok
20:23:58.0168 4664  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:23:58.0178 4664  VaultSvc - ok
20:23:58.0218 4664  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:23:58.0248 4664  vdrvroot - ok
20:23:58.0298 4664  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:23:58.0348 4664  vds - ok
20:23:58.0378 4664  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:58.0408 4664  vga - ok
20:23:58.0418 4664  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:23:58.0448 4664  VgaSave - ok
20:23:58.0478 4664  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:23:58.0488 4664  vhdmp - ok
20:23:58.0508 4664  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:23:58.0518 4664  viaide - ok
20:23:58.0548 4664  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:23:58.0558 4664  volmgr - ok
20:23:58.0588 4664  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:23:58.0608 4664  volmgrx - ok
20:23:58.0628 4664  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:23:58.0648 4664  volsnap - ok
20:23:58.0678 4664  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:58.0688 4664  vsmraid - ok
20:23:58.0918 4664  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:23:59.0018 4664  VSS - ok
20:23:59.0028 4664  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:23:59.0058 4664  vwifibus - ok
20:23:59.0088 4664  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:23:59.0118 4664  vwififlt - ok
20:23:59.0148 4664  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:23:59.0178 4664  W32Time - ok
20:23:59.0198 4664  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:23:59.0228 4664  WacomPen - ok
20:23:59.0258 4664  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:23:59.0308 4664  WANARP - ok
20:23:59.0328 4664  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:23:59.0358 4664  Wanarpv6 - ok
20:23:59.0428 4664  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:23:59.0478 4664  wbengine - ok
20:23:59.0498 4664  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:23:59.0528 4664  WbioSrvc - ok
20:23:59.0568 4664  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:23:59.0598 4664  wcncsvc - ok
20:23:59.0608 4664  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:23:59.0668 4664  WcsPlugInService - ok
20:23:59.0688 4664  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:23:59.0698 4664  Wd - ok
20:23:59.0748 4664  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:23:59.0828 4664  Wdf01000 - ok
20:23:59.0838 4664  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:23:59.0948 4664  WdiServiceHost - ok
20:23:59.0948 4664  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:23:59.0968 4664  WdiSystemHost - ok
20:24:00.0008 4664  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:24:00.0048 4664  WebClient - ok
20:24:00.0058 4664  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:24:00.0108 4664  Wecsvc - ok
20:24:00.0138 4664  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:24:00.0178 4664  wercplsupport - ok
20:24:00.0208 4664  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:24:00.0258 4664  WerSvc - ok
20:24:00.0278 4664  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:00.0308 4664  WfpLwf - ok
20:24:00.0318 4664  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:24:00.0328 4664  WIMMount - ok
20:24:00.0348 4664  WinDefend - ok
20:24:00.0358 4664  WinHttpAutoProxySvc - ok
20:24:00.0438 4664  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:24:00.0488 4664  Winmgmt - ok
20:24:00.0568 4664  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:24:00.0668 4664  WinRM - ok
20:24:00.0758 4664  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:00.0818 4664  WinUsb - ok
20:24:00.0858 4664  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:24:00.0898 4664  Wlansvc - ok
20:24:00.0948 4664  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:24:00.0958 4664  wlcrasvc - ok
20:24:01.0068 4664  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:01.0148 4664  wlidsvc - ok
20:24:01.0178 4664  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:24:01.0188 4664  WmiAcpi - ok
20:24:01.0198 4664  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:24:01.0228 4664  wmiApSrv - ok
20:24:01.0248 4664  WMPNetworkSvc - ok
20:24:01.0248 4664  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:24:01.0268 4664  WPCSvc - ok
20:24:01.0308 4664  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:24:01.0318 4664  WPDBusEnum - ok
20:24:01.0338 4664  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:24:01.0358 4664  ws2ifsl - ok
20:24:01.0378 4664  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:24:01.0398 4664  wscsvc - ok
20:24:01.0398 4664  WSearch - ok
20:24:01.0498 4664  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:24:01.0548 4664  wuauserv - ok
20:24:01.0588 4664  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:24:01.0648 4664  WudfPf - ok
20:24:01.0688 4664  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:01.0738 4664  WUDFRd - ok
20:24:01.0768 4664  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:24:01.0808 4664  wudfsvc - ok
20:24:01.0848 4664  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:24:01.0878 4664  WwanSvc - ok
20:24:01.0908 4664  ================ Scan global ===============================
20:24:01.0938 4664  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:01.0988 4664  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:24:02.0008 4664  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:24:02.0038 4664  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:02.0078 4664  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:02.0088 4664  [Global] - ok
20:24:02.0088 4664  ================ Scan MBR ==================================
20:24:02.0108 4664  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:24:02.0548 4664  \Device\Harddisk0\DR0 - ok
20:24:02.0548 4664  ================ Scan VBR ==================================
20:24:02.0548 4664  [ 8668CF4F1E4AF378C300644CD62B5EFA ] \Device\Harddisk0\DR0\Partition1
20:24:02.0558 4664  \Device\Harddisk0\DR0\Partition1 - ok
20:24:02.0578 4664  [ 78A9BC4CE94810CC74C6AA176425761F ] \Device\Harddisk0\DR0\Partition2
20:24:02.0588 4664  \Device\Harddisk0\DR0\Partition2 - ok
20:24:02.0618 4664  [ 347F776495248614910A85D72E76CBE1 ] \Device\Harddisk0\DR0\Partition3
20:24:02.0618 4664  \Device\Harddisk0\DR0\Partition3 - ok
20:24:02.0618 4664  ============================================================
20:24:02.0628 4664  Scan finished
20:24:02.0628 4664  ============================================================
20:24:02.0638 8084  Detected object count: 2
20:24:02.0638 8084  Actual detected object count: 2
20:24:26.0478 8084  DATEV ViwasClientService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:26.0478 8084  DATEV ViwasClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:24:26.0478 8084  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:26.0478 8084  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 03.01.2013, 19:08   #4
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 20:15   #5
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Einmal Combofix. Kommt sofort! ;-)

Code:
ATTFilter
ComboFix 13-01-03.05 - Flo 03.01.2013  20:05:37.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6135 [GMT 1:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 19:10 . 2013-01-03 19:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-02 22:47 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FF85BE4-854C-43A9-ABFF-90621346A6EC}\mpengine.dll
2013-01-02 15:12 . 2013-01-02 15:12	--------	d-----w-	c:\users\Flo\AppData\Roaming\Malwarebytes
2013-01-02 15:12 . 2013-01-02 15:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-02 15:12 . 2013-01-02 15:12	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-02 15:12 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-02 15:11 . 2013-01-02 15:11	--------	d-----w-	c:\users\Flo\AppData\Local\Programs
2012-12-22 19:30 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 19:30 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 19:30 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 19:30 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-22 19:19 . 2012-12-22 19:19	--------	d-----w-	c:\users\Flo\AppData\Local\EgisTec
2012-12-22 19:16 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-22 19:16 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-22 19:16 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-22 19:16 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-22 19:16 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-09 18:41 . 2012-12-09 18:41	--------	d-----w-	c:\users\Flo\AppData\Local\Secunia PSI
2012-12-09 18:38 . 2012-12-09 18:38	--------	d-----w-	c:\program files (x86)\Secunia
2012-12-07 05:21 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-07 05:21 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-07 05:21 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-07 05:21 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-07 05:14 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-07 05:14 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-07 05:14 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-07 05:14 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-07 05:14 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-07 05:14 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-07 05:14 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 19:32 . 2012-09-22 01:56	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-10 23:05 . 2012-11-10 23:05	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-10 23:05 . 2012-11-10 23:05	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-10 23:05 . 2012-11-10 23:05	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-11-10 23:05 . 2012-11-10 23:05	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-11-10 23:05 . 2012-11-10 23:05	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-11-10 23:05 . 2012-11-10 23:05	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-11-10 23:05 . 2012-11-10 23:05	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-11-10 23:05 . 2012-11-10 23:05	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-11-10 23:05 . 2012-11-10 23:05	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-11-10 23:05 . 2012-11-10 23:05	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-11-10 23:05 . 2012-11-10 23:05	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-11-10 23:05 . 2012-11-10 23:05	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-11-10 23:05 . 2012-11-10 23:05	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-11-10 23:05 . 2012-11-10 23:05	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-11-10 23:05 . 2012-11-10 23:05	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-11-10 23:05 . 2012-11-10 23:05	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-11-10 23:05 . 2012-11-10 23:05	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-11-10 23:05 . 2012-11-10 23:05	222208	----a-w-	c:\windows\system32\msls31.dll
2012-11-10 23:05 . 2012-11-10 23:05	197120	----a-w-	c:\windows\system32\msrating.dll
2012-11-10 23:05 . 2012-11-10 23:05	149504	----a-w-	c:\windows\system32\occache.dll
2012-11-10 23:05 . 2012-11-10 23:05	12288	----a-w-	c:\windows\system32\mshta.exe
2012-11-10 23:05 . 2012-11-10 23:05	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-11-10 23:05 . 2012-11-10 23:05	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-11-10 23:05 . 2012-11-10 23:05	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-11-10 23:05 . 2012-11-10 23:05	82432	----a-w-	c:\windows\system32\icardie.dll
2012-11-10 23:05 . 2012-11-10 23:05	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-11-10 23:05 . 2012-11-10 23:05	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-11-10 23:05 . 2012-11-10 23:05	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-11-10 23:05 . 2012-11-10 23:05	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-11-10 23:05 . 2012-11-10 23:05	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-11-10 23:05 . 2012-11-10 23:05	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-11-10 23:05 . 2012-11-10 23:05	448512	----a-w-	c:\windows\system32\html.iec
2012-11-10 23:05 . 2012-11-10 23:05	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-11-10 23:05 . 2012-11-10 23:05	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-11-10 23:05 . 2012-11-10 23:05	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-11-10 23:05 . 2012-11-10 23:05	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-11-10 23:05 . 2012-11-10 23:05	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-11-10 23:05 . 2012-11-10 23:05	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-11-10 23:05 . 2012-11-10 23:05	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-11-10 23:05 . 2012-11-10 23:05	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-11-10 23:05 . 2012-11-10 23:05	114176	----a-w-	c:\windows\system32\admparse.dll
2012-11-10 23:05 . 2012-11-10 23:05	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-10 23:05 . 2012-11-10 23:05	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-11-10 23:05 . 2012-11-10 23:05	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-11-10 23:05 . 2012-11-10 23:05	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-10 23:05 . 2012-11-10 23:05	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-11-10 23:05 . 2012-11-10 23:05	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-11-10 23:05 . 2012-11-10 23:05	160256	----a-w-	c:\windows\system32\wextract.exe
2012-11-10 23:05 . 2012-11-10 23:05	103936	----a-w-	c:\windows\system32\inseng.dll
2012-11-06 20:27 . 2012-09-22 08:32	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-06 20:27 . 2011-10-15 12:36	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-12-07 05:08	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-07 05:08	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-07 05:08	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"AUTOSTARTEXECUTE"="c:\datev\PROGRAMM\Install\DvInesAutostartHelper.exe" [2011-07-26 234592]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VIWAS - USB Scanner.url [2011-7-5 146]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-10-7 45056]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypem~1.dll c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2011-07-25 172640]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-25 78768]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-10 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-10 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-10 62584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 DATEV ViwasClientService;DATEV ViwasClientService;c:\datev\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [2011-09-06 63488]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 eType Manager;eType Manager;c:\programdata\eType Manager\2.4.897.176\{52de144c-c70b-4e0a-9b16-29a2e18c255e}\etypemngr.exe [2012-11-02 2400792]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-25 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-25 77968]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 98614625
*Deregistered* - 98614625
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 23:30]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 23:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-26 11619432]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-26 2185832]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: starstable.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} - hxxp://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d0230100-3044-43b1-a44e-70dc12fd418c} - c:\program files (x86)\etype\file2linktemplateX.dll
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03  20:12:10
ComboFix-quarantined-files.txt  2013-01-03 19:12
.
Vor Suchlauf: 11 Verzeichnis(se), 162.273.796.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 163.787.235.328 Bytes frei
.
- - End Of File - - 507935F3C2B0B7F0F37DE7DFACA519C6
         


Alt 03.01.2013, 20:25   #6
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> PUP.BundleInstaller.ib und PUB.InstallBrain

Alt 03.01.2013, 21:40   #7
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hi :-)

Hier kommt der Bericht:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: NALANI [Administrator]

03.01.2013 20:51:58
mbam-log-2013-01-03 (20-51-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390546
Laufzeit: 46 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 05.01.2013, 16:28   #8
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 22:04   #9
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Hallo :-)

Code:
ATTFilter
Acer Backup Manager	NTI Corporation	10.12.2010	335MB	3.0.0.69 notwendig
Acer Crystal Eye Webcam	CyberLink Corp.	22.03.2011	33,0MB	1.0.1216 notwendig
Acer ePower Management	Acer Incorporated	10.12.2010		6.00.3000 notwendig
Acer eRecovery Management	Acer Incorporated	10.12.2010		5.00.3002 notwendig
Acer Registration	Acer Incorporated	22.03.2011		1.03.3003 notwendig
Acer ScreenSaver	Acer Incorporated	22.03.2011		1.1.1206.2010 notwendig
Acer Updater	Acer Incorporated	10.12.2010		1.02.3001 notwendig
Acrobat.com	Adobe Systems Incorporated	10.12.2010	1,60MB	1.6.65 notwendig
Adobe AIR	Adobe Systems Incorporated	09.12.2012		2.7.1.19610 notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	06.11.2012	6,00MB	11.5.502.110 notwendig
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	17.09.2012	122MB	10.1.4 notwendig
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	09.12.2012		11.6.8.638 notwendig
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	04.12.2012		1.0.17 notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	10.12.2010		1.0.0.36notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	22.03.2011	22,4MB	3.0.795.0notwendig
Canon IJ Network Scan Utility		21.07.2011	notwendig	
Canon IJ Network Tool		21.07.2011		notwendig
Canon MG6100 series Benutzerregistrierung		21.07.2011	notwendig	
Canon MG6100 series MP Drivers		21.07.2011	notwendig	
Canon My Printer		21.07.2011		notwendig
CCleaner	Piriform	19.12.2012		3.26notwendig 
clear.fi	CyberLink Corp.	22.03.2011	141MB	1.0.1223.00 unbekannt
clear.fi Client	Acer Incorporated	22.03.2011		1.00.3008 unbekannt
DATEV Installation V.2.91		21.08.2012	notwendig	
eSobi v2	esobi Inc.	10.12.2010	20,4MB	2.0.4.000274 unbekannt
Free YouTube to MP3 Converter version 3.11.32.918	DVDVideoSoft Ltd.	01.10.2012	60,8MB	3.11.32.918 notwendig
Google Toolbar for Internet Explorer	Google Inc.	11.11.2012		7.4.3230.2052 notwendig
HTC Driver Installer	HTC Corporation	26.07.2011	1,87MB	3.0.0.007notwendig
Identity Card	Acer Incorporated	22.03.2011		1.00.3003notwendig
Intel(R) Management Engine Components	Intel Corporation	23.03.2011		7.0.0.1144notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	23.03.2011		10.0.0.1046notwendig
Java 7 Update 9	Oracle	02.10.2012	128MB	7.0.90notwendig
Launch Manager	Acer Inc.	22.03.2011		5.0.3notwendig
MAESTIA Version 201101	RocWorks	11.06.2011		201101notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	02.01.2013	18,4MB	1.70.0.1100notwendig
McAfee Agent	McAfee, Inc.	21.08.2012	16,8MB	4.0.0.1496notwendig
McAfee AntiSpyware Enterprise Module	McAfee, Inc.	21.08.2012		8.7.0.129notwendig
McAfee VirusScan Enterprise	McAfee, Inc.	21.08.2012	28,9MB	8.7.00004notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	07.12.2012	38,8MB	4.0.30319notwendig
Microsoft Office 2010	Microsoft Corporation	22.03.2011	6,31MB	14.0.4763.1000notwendig
Microsoft Office Standard 2010	Microsoft Corporation	22.09.2012		14.0.6029.1000notwendig
Microsoft Picture It! Foto Premium 9	Microsoft Corporation	04.08.2011		9.0.0.0000notwendig
Microsoft Silverlight	Microsoft Corporation	22.09.2012	60,3MB	4.1.10329.0notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	22.03.2011	1,69MB	3.1.0000notwendig
Microsoft SQL Server Native Client	Microsoft Corporation	21.08.2012	5,50MB	9.00.5000.00notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.08.2011	300KB	8.0.61001notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	03.07.2011	620KB	8.0.61000notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	21.08.2012	254KB	9.0.30729.5570notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	21.08.2012	246KB	9.0.30729.5570notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	03.07.2011	784KB	9.0.30729.4148notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	13.08.2011	788KB	9.0.30729.6161notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.12.2010	596KB	9.0.30729notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.07.2011	592KB	9.0.30729.4148notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	13.08.2011	600KB	9.0.30729.6161notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	22.09.2012	13,8MB	10.0.40219notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	22.09.2012	15,0MB	10.0.40219notwendig
MSXML 4.0 SP3 Parser	Microsoft Corporation	03.07.2011	1,47MB	4.30.2100.0notwendig
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	22.09.2012	1,53MB	4.30.2114.0notwendig
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	13.08.2011	1,53MB	4.30.2107.0notwendig
MyWinLocker Suite	Egis Technology Inc.	10.12.2010	2,59MB	4.0.14.11notwendig
Nero 9	Nero AG	04.08.2011	notwendig	
NTI Media Maker 9	NTI Corporation	22.03.2011	1,60GB	9.0.2.8939 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	22.03.2011notwendig		6.0.1.6254notwendig
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	10.12.2010		6.1.7600.30123notwendig
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	22.03.2011	1,00MB	2.0.26.0notwendig
Secunia PSI (3.0.0.4001)	Secunia	09.12.2012	5,81MB	3.0.0.4001 unnötig
SQLXML4	Microsoft Corporation	21.08.2012	2,23MB	9.00.5000.00notwendig
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe	Synaptics Inc.	07.10.2011	14,0MB	1.6.5.17120 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	07.10.2011	46,4MB	15.2.20.0notwendig
WEB.DE MultiMessenger	WEB.DE GmbH	03.07.2011		3.70.2816 notwendig
WEB.DE Softwareaktualisierung	1&1 Mail & Media GmbH	03.08.2011		2.0.1.9notwendig
Welcome Center	Acer Incorporated	22.03.2011		1.02.3007notwendig
Windows Live Essentials	Microsoft Corporation	22.03.2011		15.4.3502.0922notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	22.03.2011	5,57MB	15.4.5722.2notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0	Intel	22.03.2011	27,5MB	2.0.82.0notwendig
         

Alt 06.01.2013, 18:10   #10
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
clear.fi : beide
eSobi
Google Toolbar : finger weg von Toolbars, zusätzliches Risiko, und verlangsamen den browser :-)

Deinstaliere:
Secunia

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 21:24   #11
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Zitat:
Zitat von markusg Beitrag anzeigen
deinstaliere:
Adobe Flash Player alle
Was meinst du mit "Alle" ?

Meinst du Flash Player, Adobe Air, Adobe Reader und shockwave player? Oder tatsächlich nur den Flash Player?

Zitat:
Zitat von markusg Beitrag anzeigen
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
Nächstes Problem:

1. Ich habe mich dafür entschieden, den bisherigen Reader zunächst zu deinstallieren. Anschließend wollte ich die neue Version installieren. Beim Download der neuen Version unterbricht der Download bei 38%, springt dann schlagartig auf 64% und gibt die Meldung

"Zuverlässige Quelle kann nicht kontaktiert werden"

Nach dem Klick auf "Fertig stellen" bringt Adobe die Meldung "Der Adobe Reader wurde nicht erfolgreich installiert".

Vier Versuche und Rechnerneustart ohne Erfolg.

2. An welcher Stelle soll ich den Haken bei mcafee security scan raus nehmen?

Gruß,
chr.bernhard

Zitat:
Google Toolbar : finger weg von Toolbars, zusätzliches Risiko, und verlangsamen den browser :-)

Deinstaliere:
Secunia
Tja... auf diese Toolbar besteht meine Freundin. Wenn ich die deinstalliere bekomme ich Ärger ;-)

Secunia... da habe ich mich vertan. Die Software möchte ich behalten. Immerhin wurde die von euch empfohlen. :-)

Alt 07.01.2013, 00:59   #12
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



1. alle mit adobe flash gekennzeichneten weg.
2. download später ausprobieren.
3. haken ist direkt auf der website.

Toolbars sollten weg vom PC, die Funktionen kann sie auch über google aufrufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 21:59   #13
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Danke für deine Antwort.

Der Adobe Reader lies sich endlich downloaden...

Einen Haken bei mcafee security scan gab es keinen.

Bis auf die Deinstallation der Google-Toolbar wurden alle Schritte befolgt.

Hier kommt das AdWCleaner logfile:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 08/01/2013 um 21:58:16 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Flo - NALANI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Flo\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\eType Manager
Ordner Gefunden : C:\Users\Flo\AppData\Roaming\eType
Ordner Gefunden : C:\Users\Flo\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypem~1.dll
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypemngr.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DSNR Labs
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gefunden : HKCU\Software\f0d9dcb239e544
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\f0d9dcb239e544
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gefunden : HKU\S-1-5-21-1924257789-4082483734-1933396769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0230100-3044-43B1-A44E-70DC12FD418C}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [3278 octets] - [08/01/2013 21:53:24]
AdwCleaner[R2].txt - [3213 octets] - [08/01/2013 21:58:16]

########## EOF - C:\AdwCleaner[R2].txt - [3273 octets] ##########
         

Alt 14.01.2013, 19:50   #14
markusg
/// Malware-holic
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



sorry, hab deine Antwort übersehen!


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, testen, wie pc + programme laufen, auch browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 21:46   #15
chr.bernhard
 
PUP.BundleInstaller.ib und PUB.InstallBrain - Standard

PUP.BundleInstaller.ib und PUB.InstallBrain



Kein Problem, ich hab mir das schon gedacht.

Der PC scheint normal zu laufen.

Hier kommt das Logfile:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 14/01/2013 um 21:36:17 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Flo - NALANI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Flo\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\eType Manager
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Flo\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Flo\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypem~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\etypem~1\24897~1.176\{52de1~1\etypemngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gelöscht : HKCU\Software\f0d9dcb239e544
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\f0d9dcb239e544
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0230100-3044-43B1-A44E-70DC12FD418C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0230100-3044-43B1-A44E-70DC12FD418C}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [3278 octets] - [08/01/2013 21:53:24]
AdwCleaner[R2].txt - [3338 octets] - [08/01/2013 21:58:16]
AdwCleaner[S1].txt - [2999 octets] - [14/01/2013 21:36:17]

########## EOF - C:\AdwCleaner[S1].txt - [3059 octets] ##########
         

Antwort

Themen zu PUP.BundleInstaller.ib und PUB.InstallBrain
autorun, bho, converter, error, firefox, flash player, format, google, home, iexplore.exe, install.exe, installation, launch, problem, programm, realtek, registry, rundll, scan, secunia psi, security, senden, software, svchost.exe, udp, ungültiges, virus, warnung, wscript.exe



Ähnliche Themen: PUP.BundleInstaller.ib und PUB.InstallBrain


  1. Adware installbrain.asa?
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (17)
  2. PUP.Optional.BundleInstaller.A auf dem PC gefunden.
    Log-Analyse und Auswertung - 24.03.2014 (7)
  3. PUP.Optional.OpenCandy PricePeep Wajam BundleInstaller.A SimplyTechA Funde
    Log-Analyse und Auswertung - 15.02.2014 (11)
  4. Befall von PUP.InstallBrain und ADWARE/BHO.Z
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (9)
  5. PUP.BundleInstaller.SOL 30_03_2013
    Log-Analyse und Auswertung - 06.04.2013 (3)
  6. pup.installbrain
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (12)
  7. PUP.InstallBrain gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (28)
  8. PUP.Bundleinstaller, Adware Shopper und Trojan.Downloader...am Ende meines IT-Lateins
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (33)
  9. Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL?
    Log-Analyse und Auswertung - 24.03.2013 (18)
  10. Malware PUP.InstallBrain
    Log-Analyse und Auswertung - 03.01.2013 (13)
  11. Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?
    Log-Analyse und Auswertung - 19.12.2012 (3)
  12. PC plötzlich langsam - MB-Fund: PUP.BundleInstaller.BI - Zusammenhang?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (7)
  13. PUP.BundleInstaller.VG
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (48)
  14. PUP.Adbundle PUP.BundleInstaller.VG PUP.InstallBrain mit MalwareBytes gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  15. .exe (Trojan.Agent) und (PUP.BundleInstaller.BI)
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (35)
  16. Potentielle Malware im MCPatcher (PUP.BundleInstaller.Bl)
    Log-Analyse und Auswertung - 15.10.2012 (3)
  17. ADWARE/InstallBrain.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (3)

Zum Thema PUP.BundleInstaller.ib und PUB.InstallBrain - Hallo zusammen, malewarebytes hat den o.g. Virus auf dem Laptop meiner Freundin entdeckt. Da ihr mir bereits einmal so nett mit meinem eigenen Laptop geholfen habt, wende ich mich erneut - PUP.BundleInstaller.ib und PUB.InstallBrain...
Archiv
Du betrachtest: PUP.BundleInstaller.ib und PUB.InstallBrain auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.