Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Add by Browse to save Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.01.2013, 10:38   #1
Giere84
 
Add by Browse to save Malware - Beitrag

Add by Browse to save Malware



Hallo,

ich habe ein Problem. Ich hatte vor einiger Zeit schon mal das Problem, dass bei mir vereinzelte Wörter auf verschiedenen Websiten immer unterstrichen und als Hyperlink versehen waren. Immer wenn man mit der Maus drüber gefahren ist, stand da Coupons by CouponDropdown -> by browse to save.

Daraufhin hatte ich ein bisschen im Internet "gegooglet" und meinen Rechner komplett platt gemacht (haben einige Seiten geraten). Danach ging es 3 Wochen gut und jetzt habe ich diesen Mist wieder auf meinem Rechner, aber nur auf meinen Stand PC und net aufm meinem Netbook.

Ich benutze GData Internet Security 2013 mit der höchsten Firewalleinstellung aber trotzdem. Ich verstehe das ganze nicht, wo kommt sowas her? Auch eine Virenprüfung hat nichts ergeben.

Könnt Ihr mir helfen?

MfG

Alt 17.01.2013, 14:51   #2
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 17.01.2013, 15:43   #3
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hallo,

habe OTL runter geladen und durchgeführt. Das hat er raus gebracht:

Logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.01.2013 15:23:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,44% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 119,76 Gb Free Space | 61,35% Space Free | Partition Type: NTFS
Drive D: | 400,86 Gb Total Space | 344,64 Gb Free Space | 85,98% Space Free | Partition Type: NTFS
Drive J: | 983,70 Mb Total Space | 1,38 Mb Free Space | 0,14% Space Free | Partition Type: FAT
 
Computer Name: GAMESTATION | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.17 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2013.01.11 13:33:50 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.25 22:21:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.12.14 16:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.12.14 16:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 13:33:51 | 002,242,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.01.11 13:33:50 | 000,158,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.01.11 13:33:50 | 000,022,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
MOD - [2012.02.07 04:20:13 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll
MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
MOD - [2011.08.10 06:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
MOD - [2011.04.12 08:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
MOD - [2011.03.21 12:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011.01.09 13:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
MOD - [2010.12.02 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.11.01 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
MOD - [2010.09.20 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
MOD - [2010.09.20 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.11 13:33:51 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.25 22:21:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.12.14 16:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.05.28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.14 11:46:15 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.14 11:45:53 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.09 09:46:03 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.01.08 16:50:16 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.08 16:48:08 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.08 16:48:08 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 38 A7 95 CA DE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.23 16:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.10 16:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.11 13:33:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.23 16:03:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.11 13:33:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.20 17:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Drive = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SaveByclick = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0\
CHR - Extension: AdBlock = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: Google Mail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614DE756-C15D-4485-AEC5-55391C5F95ED}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 09:24:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2013.01.15 09:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.15 09:24:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.15 09:24:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.11 13:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.11 09:16:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tools
[2013.01.10 16:51:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PDF Architect
[2013.01.10 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013.01.10 16:49:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\APP_NAME_NON_STRING
[2013.01.10 16:49:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\PDF Architect Files
[2013.01.10 16:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.01.10 16:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.01.10 16:49:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pdfforge
[2013.01.10 16:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.01.10 16:49:29 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.01.10 16:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.01.10 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Programs
[2013.01.09 09:46:08 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.09 09:46:03 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.08 17:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2013.01.07 12:36:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Nikon
[2013.01.07 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Nikon
[2013.01.07 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.07 10:39:53 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.01.07 10:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
[2013.01.07 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013.01.07 10:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2013.01.07 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ArcSoft
[2013.01.07 10:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.07 10:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2013.01.07 10:32:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.07 10:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2013.01.07 10:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Home
[2013.01.07 10:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2013.01.07 10:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2013.01.07 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2013.01.07 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2013.01.07 10:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hybrid Synthesizers
[2013.01.07 10:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitars
[2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintsService
[2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2013.01.07 10:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[2013.01.03 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Eigene Scans
[2013.01.02 18:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.02 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.02 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.01.02 11:34:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple Computer
[2013.01.02 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Apple Computer
[2013.01.02 11:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.02 11:34:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.01.02 11:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.02 11:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.02 11:32:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple
[2013.01.02 11:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.02 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.02 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.02 11:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.02 11:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.31 10:45:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Diagnostics
[2012.12.27 11:41:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\My Games
[2012.12.27 11:31:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2012.12.27 10:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.12.26 09:00:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\My Games
[2012.12.25 22:22:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Ubisoft Game Launcher
[2012.12.25 22:21:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.12.25 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.12.25 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2012.12.24 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.12.23 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.12.23 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HP
[2012.12.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\HP
[2012.12.23 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HpUpdate
[2012.12.23 16:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.12.23 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.12.23 16:02:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.12.23 16:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.12.23 16:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012.12.23 16:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.12.23 16:00:19 | 000,235,008 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpzc35oe.dll
[2012.12.23 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.12.23 15:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.12.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Adobe
[2012.12.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Adobe
[2012.12.23 15:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.23 15:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.23 15:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.23 15:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.12.23 13:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.23 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.23 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.12.23 11:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.12.23 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.12.23 11:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.12.23 11:43:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.12.23 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ElevatedDiagnostics
[2012.12.22 17:00:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.22 16:25:11 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.12.22 16:24:55 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.12.21 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PunkBuster
[2012.12.21 18:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.12.21 18:05:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Battlefield 3
[2012.12.21 18:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.12.21 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ESN
[2012.12.21 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.12.21 15:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.12.21 15:01:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.12.21 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.12.21 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Origin
[2012.12.21 10:19:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Origin
[2012.12.21 10:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.12.21 10:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.12.21 10:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.12.20 18:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.12.20 18:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012.12.20 18:21:46 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.12.20 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013
[2012.12.20 18:07:03 | 000,062,368 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.12.20 18:06:55 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.12.20 18:06:55 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.12.20 18:06:54 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.12.20 18:06:53 | 000,065,008 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.12.20 18:05:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Downloaded Installations
[2012.12.20 17:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics
[2012.12.20 17:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Plantronics
[2012.12.20 17:45:25 | 001,327,104 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\PLTGC.sys
[2012.12.20 17:45:24 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltrPLTGC.dll
[2012.12.20 17:40:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.12.20 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software
[2012.12.20 17:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOUSE Editor
[2012.12.20 17:04:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2012.12.20 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2012.12.20 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Thunderbird
[2012.12.20 17:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.20 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.20 16:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.20 16:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.20 16:58:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google
[2012.12.20 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Deployment
[2012.12.20 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apps
[2012.12.20 16:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.12.20 16:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.12.20 16:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.12.20 16:51:04 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.20 16:51:04 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.12.20 16:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.12.20 16:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.12.20 16:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.12.20 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.12.20 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.12.20 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.12.20 16:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.12.20 16:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.12.20 16:48:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help
[2012.12.20 16:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.12.20 16:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.12.20 16:47:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.12.20 16:47:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\Searches
[2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.20 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Identities
[2012.12.20 16:43:36 | 000,000,000 | R--D | C] -- C:\Users\Michael\Contacts
[2012.12.20 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\VirtualStore
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Vorlagen
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Verlauf
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Temporary Internet Files
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Startmenü
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\SendTo
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Recent
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Netzwerkumgebung
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Lokale Einstellungen
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Videos
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Musik
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Eigene Dateien
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Bilder
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Druckumgebung
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Cookies
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Anwendungsdaten
[2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Anwendungsdaten
[2012.12.20 16:43:28 | 000,000,000 | --SD | C] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Videos
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Saved Games
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Pictures
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Music
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Links
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Favorites
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Downloads
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Desktop
[2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.20 16:43:28 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData
[2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Temp
[2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft
[2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.12.20 16:26:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.12.20 16:24:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.12.20 16:22:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.12.20 16:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.12.20 16:19:56 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.12.20 10:40:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Bachelorarbeit
[2012.12.20 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Games
[2012.12.20 10:38:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Studium
[2012.12.20 10:35:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Musik
[2012.12.20 10:05:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Michael Desktop
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 15:14:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.17 15:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.17 13:18:04 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.17 13:18:04 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.17 13:11:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\HP_192.168.2.102_CN89Q960JB052X
[2013.01.17 13:10:49 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.17 13:10:36 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 13:05:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.17 13:05:52 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.17 13:05:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.17 13:05:52 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.17 13:05:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.17 10:09:35 | 000,949,845 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.17 10:09:35 | 000,051,137 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.16 22:08:08 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.16 22:08:08 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.16 22:07:45 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.14 11:46:15 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.14 11:45:53 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.13 10:38:10 | 000,002,255 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2013.01.11 09:11:28 | 000,311,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 09:46:08 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.09 09:46:03 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.08 16:50:16 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.08 16:48:08 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.08 16:48:08 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.07 12:36:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.01.07 10:32:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Application
[2013.01.07 10:32:22 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Swirl
[2013.01.07 10:32:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Application Support
[2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Applause and Laugher
[2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Sync
[2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Pad
[2013.01.07 10:31:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013.01.07 10:31:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
[2013.01.07 10:31:24 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Basics
[2013.01.07 10:31:24 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Automator
[2013.01.02 11:38:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.27 10:55:52 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.12.25 22:21:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.25 22:21:36 | 000,001,201 | ---- | M] () -- C:\Users\Michael\Desktop\Uplay.lnk
[2012.12.23 16:06:12 | 000,272,452 | ---- | M] () -- C:\Windows\hpwins20.dat
[2012.12.23 16:02:06 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.12.22 16:33:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.22 16:33:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.21 15:01:51 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.20 17:45:27 | 000,000,402 | ---- | M] () -- C:\Windows\PLTGC.ini.cfl
[2012.12.20 17:45:27 | 000,000,132 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012.12.20 17:45:26 | 000,000,534 | ---- | M] () -- C:\Windows\PLTGC.ini.imi
[2012.12.20 17:45:22 | 000,000,432 | ---- | M] () -- C:\Windows\System\PLTGC.ini
[2012.12.20 17:03:46 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.12.20 16:27:47 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.12.20 16:27:47 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.12.20 16:25:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.20 16:19:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
 
========== Files Created - No Company Name ==========
 
[2013.01.17 13:11:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\HP_192.168.2.102_CN89Q960JB052X
[2013.01.07 10:32:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application
[2013.01.07 10:32:22 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Swirl
[2013.01.07 10:32:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support
[2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Sync
[2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Pad
[2013.01.07 10:31:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013.01.07 10:31:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013.01.07 10:31:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basics
[2013.01.07 10:31:24 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Automator
[2013.01.07 10:31:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013.01.02 11:38:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.02 11:32:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.27 10:55:52 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.12.25 22:21:36 | 000,001,201 | ---- | C] () -- C:\Users\Michael\Desktop\Uplay.lnk
[2012.12.23 16:03:13 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.12.23 16:02:41 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.12.23 16:02:06 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.12.23 15:58:50 | 000,272,452 | ---- | C] () -- C:\Windows\hpwins20.dat
[2012.12.23 15:58:50 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2012.12.23 15:49:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.22 16:33:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.22 16:33:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.22 16:25:47 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.12.22 16:24:43 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.12.22 16:24:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.12.22 16:24:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.12.22 16:24:24 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.12.21 19:05:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.21 18:51:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.21 18:06:15 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.21 15:01:51 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.21 15:01:17 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.21 15:01:17 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.21 15:01:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.21 10:07:43 | 000,949,845 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.12.21 10:07:43 | 000,051,137 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.12.20 17:45:27 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.12.20 17:45:26 | 000,813,288 | ---- | C] () -- C:\Windows\SysNative\PLTGC.exe
[2012.12.20 17:45:26 | 000,000,132 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012.12.20 17:45:22 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012.12.20 17:45:22 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.12.20 17:45:22 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.12.20 17:03:46 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.12.20 17:03:46 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.12.20 16:58:55 | 000,002,255 | ---- | C] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012.12.20 16:58:14 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.20 16:58:13 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 16:43:51 | 000,001,405 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.12.20 16:43:48 | 000,001,439 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.20 16:27:39 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.12.20 16:27:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.12.20 16:25:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.20 16:24:07 | 3220,525,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.20 16:19:58 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.12.20 16:19:57 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.10 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.25 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2013.01.07 12:36:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nikon
[2012.12.21 11:57:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Origin
[2013.01.10 16:51:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PDF Architect
[2013.01.10 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pdfforge
[2012.12.20 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2013.01.03 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2013.01.15 09:24:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: txt Extras.Txt (54,7 KB, 123x aufgerufen)

Alt 17.01.2013, 17:07   #4
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
CHR - Extension: SaveByclick = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0\
[2013.01.10 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 18:22   #5
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



so upload hat geklappt.

Anbei der Inhalt der Textdatei:

All processes killed
========== OTL ==========
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0 folder moved successfully.
C:\ProgramData\SaveByclick folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Michael

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 1919194962 bytes
->Temporary Internet Files folder emptied: 120145303 bytes
->Google Chrome cache emptied: 383807249 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 226921936 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64161 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33988 bytes
RecycleBin emptied: 187016019 bytes

Total Files Cleaned = 2.706,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_173731

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 17.01.2013, 18:28   #6
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hi,
leider nicht geklappt
www.file-upload.net
da hochladen, link als private Nachicht an mich
__________________
--> Add by Browse to save Malware

Alt 17.01.2013, 18:55   #7
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



passt
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 18:56   #8
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



super,

hier der log vom tdsskiller:

18:52:20.0998 2608 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:52:21.0310 2608 ============================================================
18:52:21.0310 2608 Current date / time: 2013/01/17 18:52:21.0310
18:52:21.0310 2608 SystemInfo:
18:52:21.0310 2608
18:52:21.0310 2608 OS Version: 6.1.7601 ServicePack: 1.0
18:52:21.0310 2608 Product type: Workstation
18:52:21.0310 2608 ComputerName: GAMESTATION
18:52:21.0310 2608 UserName: Michael
18:52:21.0310 2608 Windows directory: C:\Windows
18:52:21.0310 2608 System windows directory: C:\Windows
18:52:21.0310 2608 Running under WOW64
18:52:21.0310 2608 Processor architecture: Intel x64
18:52:21.0310 2608 Number of processors: 3
18:52:21.0310 2608 Page size: 0x1000
18:52:21.0310 2608 Boot type: Normal boot
18:52:21.0310 2608 ============================================================
18:52:22.0383 2608 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:22.0411 2608 Drive \Device\Harddisk5\DR5 - Size: 0x3D7FFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:52:22.0412 2608 ============================================================
18:52:22.0413 2608 \Device\Harddisk0\DR0:
18:52:22.0413 2608 MBR partitions:
18:52:22.0413 2608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866E000
18:52:22.0413 2608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x321B7000
18:52:22.0413 2608 \Device\Harddisk5\DR5:
18:52:22.0413 2608 MBR partitions:
18:52:22.0413 2608 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBFC0
18:52:22.0413 2608 ============================================================
18:52:22.0466 2608 C: <-> \Device\Harddisk0\DR0\Partition1
18:52:22.0505 2608 D: <-> \Device\Harddisk0\DR0\Partition2
18:52:22.0506 2608 ============================================================
18:52:22.0506 2608 Initialize success
18:52:22.0506 2608 ============================================================
18:52:54.0680 6844 ============================================================
18:52:54.0681 6844 Scan started
18:52:54.0681 6844 Mode: Manual; SigCheck; TDLFS;
18:52:54.0681 6844 ============================================================
18:52:55.0474 6844 ================ Scan system memory ========================
18:52:55.0474 6844 System memory - ok
18:52:55.0475 6844 ================ Scan services =============================
18:52:55.0582 6844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:52:55.0691 6844 1394ohci - ok
18:52:55.0719 6844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:52:55.0736 6844 ACPI - ok
18:52:55.0748 6844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:52:55.0794 6844 AcpiPmi - ok
18:52:55.0852 6844 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:52:55.0884 6844 AdobeARMservice - ok
18:52:55.0935 6844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:52:55.0969 6844 adp94xx - ok
18:52:55.0982 6844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:52:56.0000 6844 adpahci - ok
18:52:56.0006 6844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:52:56.0020 6844 adpu320 - ok
18:52:56.0041 6844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:52:56.0177 6844 AeLookupSvc - ok
18:52:56.0220 6844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:52:56.0287 6844 AFD - ok
18:52:56.0323 6844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:52:56.0343 6844 agp440 - ok
18:52:56.0356 6844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:52:56.0383 6844 ALG - ok
18:52:56.0407 6844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:52:56.0418 6844 aliide - ok
18:52:56.0430 6844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:52:56.0443 6844 amdide - ok
18:52:56.0482 6844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:52:56.0539 6844 AmdK8 - ok
18:52:56.0556 6844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:52:56.0585 6844 AmdPPM - ok
18:52:56.0603 6844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:52:56.0624 6844 amdsata - ok
18:52:56.0631 6844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:52:56.0646 6844 amdsbs - ok
18:52:56.0661 6844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:52:56.0672 6844 amdxata - ok
18:52:56.0700 6844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:52:56.0791 6844 AppID - ok
18:52:56.0815 6844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:52:56.0865 6844 AppIDSvc - ok
18:52:56.0899 6844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:52:56.0976 6844 Appinfo - ok
18:52:57.0107 6844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:52:57.0139 6844 Apple Mobile Device - ok
18:52:57.0157 6844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:52:57.0173 6844 arc - ok
18:52:57.0179 6844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:52:57.0196 6844 arcsas - ok
18:52:57.0214 6844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:57.0281 6844 AsyncMac - ok
18:52:57.0302 6844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:52:57.0312 6844 atapi - ok
18:52:57.0354 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:52:57.0438 6844 AudioEndpointBuilder - ok
18:52:57.0448 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:52:57.0483 6844 AudioSrv - ok
18:52:57.0562 6844 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
18:52:57.0625 6844 AVKProxy - ok
18:52:57.0660 6844 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
18:52:57.0676 6844 AVKService - ok
18:52:57.0710 6844 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
18:52:57.0767 6844 AVKWCtl - ok
18:52:57.0797 6844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:52:57.0892 6844 AxInstSV - ok
18:52:57.0935 6844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:52:57.0996 6844 b06bdrv - ok
18:52:58.0036 6844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:52:58.0100 6844 b57nd60a - ok
18:52:58.0124 6844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:52:58.0180 6844 BDESVC - ok
18:52:58.0194 6844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:52:58.0253 6844 Beep - ok
18:52:58.0302 6844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:52:58.0370 6844 BFE - ok
18:52:58.0418 6844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:52:58.0495 6844 BITS - ok
18:52:58.0538 6844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:52:58.0600 6844 blbdrive - ok
18:52:58.0666 6844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:52:58.0708 6844 Bonjour Service - ok
18:52:58.0731 6844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:52:58.0778 6844 bowser - ok
18:52:58.0791 6844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:52:58.0857 6844 BrFiltLo - ok
18:52:58.0862 6844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:52:58.0893 6844 BrFiltUp - ok
18:52:58.0920 6844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:52:58.0951 6844 Browser - ok
18:52:58.0974 6844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:52:59.0024 6844 Brserid - ok
18:52:59.0030 6844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:52:59.0064 6844 BrSerWdm - ok
18:52:59.0068 6844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:52:59.0110 6844 BrUsbMdm - ok
18:52:59.0115 6844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:52:59.0147 6844 BrUsbSer - ok
18:52:59.0163 6844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:52:59.0187 6844 BTHMODEM - ok
18:52:59.0224 6844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:52:59.0280 6844 bthserv - ok
18:52:59.0308 6844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:52:59.0340 6844 cdfs - ok
18:52:59.0381 6844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:52:59.0420 6844 cdrom - ok
18:52:59.0468 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:52:59.0514 6844 CertPropSvc - ok
18:52:59.0518 6844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:52:59.0557 6844 circlass - ok
18:52:59.0582 6844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:52:59.0601 6844 CLFS - ok
18:52:59.0646 6844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:59.0683 6844 clr_optimization_v2.0.50727_32 - ok
18:52:59.0731 6844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:52:59.0769 6844 clr_optimization_v2.0.50727_64 - ok
18:52:59.0897 6844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:59.0952 6844 clr_optimization_v4.0.30319_32 - ok
18:52:59.0996 6844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:53:00.0026 6844 clr_optimization_v4.0.30319_64 - ok
18:53:00.0060 6844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:00.0107 6844 CmBatt - ok
18:53:00.0132 6844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:53:00.0151 6844 cmdide - ok
18:53:00.0183 6844 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:53:00.0226 6844 CNG - ok
18:53:00.0244 6844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:53:00.0255 6844 Compbatt - ok
18:53:00.0273 6844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:53:00.0299 6844 CompositeBus - ok
18:53:00.0314 6844 COMSysApp - ok
18:53:00.0327 6844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:53:00.0339 6844 crcdisk - ok
18:53:00.0378 6844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:53:00.0416 6844 CryptSvc - ok
18:53:00.0453 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:53:00.0499 6844 DcomLaunch - ok
18:53:00.0541 6844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:53:00.0595 6844 defragsvc - ok
18:53:00.0624 6844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:53:00.0664 6844 DfsC - ok
18:53:00.0687 6844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:53:00.0722 6844 Dhcp - ok
18:53:00.0738 6844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:53:00.0776 6844 discache - ok
18:53:00.0793 6844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:53:00.0806 6844 Disk - ok
18:53:00.0833 6844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:53:00.0891 6844 Dnscache - ok
18:53:00.0923 6844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:53:00.0984 6844 dot3svc - ok
18:53:01.0014 6844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:53:01.0098 6844 DPS - ok
18:53:01.0123 6844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:53:01.0137 6844 drmkaud - ok
18:53:01.0177 6844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:53:01.0207 6844 DXGKrnl - ok
18:53:01.0245 6844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:53:01.0313 6844 EapHost - ok
18:53:01.0368 6844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:53:01.0436 6844 ebdrv - ok
18:53:01.0457 6844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:53:01.0481 6844 EFS - ok
18:53:01.0522 6844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:53:01.0599 6844 ehRecvr - ok
18:53:01.0627 6844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:53:01.0664 6844 ehSched - ok
18:53:01.0694 6844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:53:01.0728 6844 elxstor - ok
18:53:01.0747 6844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:53:01.0787 6844 ErrDev - ok
18:53:01.0833 6844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:53:01.0892 6844 EventSystem - ok
18:53:01.0914 6844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:53:01.0952 6844 exfat - ok
18:53:01.0963 6844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:53:02.0007 6844 fastfat - ok
18:53:02.0042 6844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:53:02.0061 6844 Fax - ok
18:53:02.0065 6844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:53:02.0091 6844 fdc - ok
18:53:02.0106 6844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:53:02.0144 6844 fdPHost - ok
18:53:02.0159 6844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:53:02.0194 6844 FDResPub - ok
18:53:02.0206 6844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:53:02.0218 6844 FileInfo - ok
18:53:02.0222 6844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:53:02.0253 6844 Filetrace - ok
18:53:02.0268 6844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:02.0280 6844 flpydisk - ok
18:53:02.0302 6844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:53:02.0317 6844 FltMgr - ok
18:53:02.0357 6844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:53:02.0394 6844 FontCache - ok
18:53:02.0426 6844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:53:02.0437 6844 FontCache3.0.0.0 - ok
18:53:02.0441 6844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:53:02.0454 6844 FsDepends - ok
18:53:02.0479 6844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:53:02.0512 6844 Fs_Rec - ok
18:53:02.0557 6844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:53:02.0605 6844 fvevol - ok
18:53:02.0622 6844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:53:02.0637 6844 gagp30kx - ok
18:53:02.0678 6844 [ 330A3B41D6FFC434561CBDD73FF6715B ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
18:53:02.0692 6844 GDBehave - ok
18:53:02.0775 6844 [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
18:53:02.0842 6844 GDFwSvc - ok
18:53:02.0863 6844 [ BAF8516F1D119C56EA5E8A4CEBEFD669 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
18:53:02.0874 6844 GDMnIcpt - ok
18:53:02.0902 6844 [ 4392B0D685141724526FB48CF162DDD1 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
18:53:02.0933 6844 GDPkIcpt - ok
18:53:02.0977 6844 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
18:53:03.0003 6844 GDScan - ok
18:53:03.0023 6844 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
18:53:03.0042 6844 gdwfpcd - ok
18:53:03.0069 6844 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:53:03.0078 6844 GEARAspiWDM - ok
18:53:03.0120 6844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:53:03.0184 6844 gpsvc - ok
18:53:03.0232 6844 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys
18:53:03.0264 6844 GRD - ok
18:53:03.0303 6844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:53:03.0328 6844 gupdate - ok
18:53:03.0332 6844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:53:03.0348 6844 gupdatem - ok
18:53:03.0368 6844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:53:03.0419 6844 hcw85cir - ok
18:53:03.0463 6844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:03.0531 6844 HdAudAddService - ok
18:53:03.0547 6844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:53:03.0592 6844 HDAudBus - ok
18:53:03.0599 6844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:53:03.0629 6844 HidBatt - ok
18:53:03.0646 6844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:53:03.0666 6844 HidBth - ok
18:53:03.0670 6844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:53:03.0695 6844 HidIr - ok
18:53:03.0714 6844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:53:03.0761 6844 hidserv - ok
18:53:03.0801 6844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:53:03.0833 6844 HidUsb - ok
18:53:03.0855 6844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:53:03.0912 6844 hkmsvc - ok
18:53:03.0944 6844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:53:03.0969 6844 HomeGroupListener - ok
18:53:03.0999 6844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:53:04.0022 6844 HomeGroupProvider - ok
18:53:04.0036 6844 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
18:53:04.0046 6844 HookCentre - ok
18:53:04.0215 6844 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:53:04.0251 6844 hpqcxs08 - ok
18:53:04.0268 6844 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:53:04.0280 6844 hpqddsvc - ok
18:53:04.0302 6844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:53:04.0318 6844 HpSAMD - ok
18:53:04.0345 6844 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:53:04.0372 6844 HPSLPSVC - ok
18:53:04.0425 6844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:53:04.0520 6844 HTTP - ok
18:53:04.0549 6844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:53:04.0581 6844 hwpolicy - ok
18:53:04.0615 6844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:53:04.0631 6844 i8042prt - ok
18:53:04.0661 6844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:53:04.0686 6844 iaStorV - ok
18:53:04.0737 6844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:53:04.0781 6844 idsvc - ok
18:53:04.0807 6844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:53:04.0819 6844 iirsp - ok
18:53:04.0846 6844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:53:04.0896 6844 IKEEXT - ok
18:53:04.0914 6844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:53:04.0926 6844 intelide - ok
18:53:04.0955 6844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:53:04.0994 6844 intelppm - ok
18:53:05.0019 6844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:53:05.0066 6844 IPBusEnum - ok
18:53:05.0093 6844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:05.0130 6844 IpFilterDriver - ok
18:53:05.0162 6844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:53:05.0200 6844 iphlpsvc - ok
18:53:05.0226 6844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:53:05.0239 6844 IPMIDRV - ok
18:53:05.0243 6844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:53:05.0285 6844 IPNAT - ok
18:53:05.0323 6844 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:53:05.0341 6844 iPod Service - ok
18:53:05.0363 6844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:53:05.0424 6844 IRENUM - ok
18:53:05.0447 6844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:53:05.0462 6844 isapnp - ok
18:53:05.0482 6844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:53:05.0503 6844 iScsiPrt - ok
18:53:05.0519 6844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:05.0531 6844 kbdclass - ok
18:53:05.0554 6844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:05.0566 6844 kbdhid - ok
18:53:05.0579 6844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:53:05.0590 6844 KeyIso - ok
18:53:05.0614 6844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:53:05.0627 6844 KSecDD - ok
18:53:05.0651 6844 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:53:05.0665 6844 KSecPkg - ok
18:53:05.0679 6844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:53:05.0716 6844 ksthunk - ok
18:53:05.0738 6844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:53:05.0780 6844 KtmRm - ok
18:53:05.0823 6844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:53:05.0896 6844 LanmanServer - ok
18:53:05.0918 6844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:05.0962 6844 LanmanWorkstation - ok
18:53:05.0983 6844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:53:06.0026 6844 lltdio - ok
18:53:06.0040 6844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:53:06.0093 6844 lltdsvc - ok
18:53:06.0112 6844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:53:06.0142 6844 lmhosts - ok
18:53:06.0158 6844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:53:06.0172 6844 LSI_FC - ok
18:53:06.0184 6844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:53:06.0197 6844 LSI_SAS - ok
18:53:06.0201 6844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:53:06.0213 6844 LSI_SAS2 - ok
18:53:06.0217 6844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:53:06.0231 6844 LSI_SCSI - ok
18:53:06.0240 6844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:53:06.0284 6844 luafv - ok
18:53:06.0321 6844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:53:06.0377 6844 Mcx2Svc - ok
18:53:06.0389 6844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:53:06.0408 6844 megasas - ok
18:53:06.0423 6844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:53:06.0442 6844 MegaSR - ok
18:53:06.0462 6844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:53:06.0511 6844 MMCSS - ok
18:53:06.0528 6844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:53:06.0558 6844 Modem - ok
18:53:06.0571 6844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:53:06.0594 6844 monitor - ok
18:53:06.0614 6844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:53:06.0626 6844 mouclass - ok
18:53:06.0630 6844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:53:06.0654 6844 mouhid - ok
18:53:06.0696 6844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:53:06.0709 6844 mountmgr - ok
18:53:06.0745 6844 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:53:06.0758 6844 MozillaMaintenance - ok
18:53:06.0776 6844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:53:06.0790 6844 mpio - ok
18:53:06.0795 6844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:53:06.0826 6844 mpsdrv - ok
18:53:06.0864 6844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:53:06.0941 6844 MpsSvc - ok
18:53:06.0967 6844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:53:07.0001 6844 MRxDAV - ok
18:53:07.0020 6844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:07.0058 6844 mrxsmb - ok
18:53:07.0064 6844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:07.0093 6844 mrxsmb10 - ok
18:53:07.0120 6844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:07.0133 6844 mrxsmb20 - ok
18:53:07.0162 6844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:53:07.0174 6844 msahci - ok
18:53:07.0194 6844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:53:07.0208 6844 msdsm - ok
18:53:07.0219 6844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:53:07.0243 6844 MSDTC - ok
18:53:07.0256 6844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:53:07.0286 6844 Msfs - ok
18:53:07.0293 6844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:53:07.0336 6844 mshidkmdf - ok
18:53:07.0349 6844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:53:07.0360 6844 msisadrv - ok
18:53:07.0392 6844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:53:07.0434 6844 MSiSCSI - ok
18:53:07.0437 6844 msiserver - ok
18:53:07.0462 6844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:53:07.0503 6844 MSKSSRV - ok
18:53:07.0507 6844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:07.0553 6844 MSPCLOCK - ok
18:53:07.0556 6844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:53:07.0596 6844 MSPQM - ok
18:53:07.0626 6844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:53:07.0645 6844 MsRPC - ok
18:53:07.0650 6844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:53:07.0661 6844 mssmbios - ok
18:53:07.0677 6844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:53:07.0718 6844 MSTEE - ok
18:53:07.0721 6844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:53:07.0737 6844 MTConfig - ok
18:53:07.0770 6844 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:53:07.0808 6844 MTsensor - ok
18:53:07.0830 6844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:53:07.0869 6844 Mup - ok
18:53:07.0907 6844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:53:07.0986 6844 napagent - ok
18:53:08.0010 6844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:53:08.0046 6844 NativeWifiP - ok
18:53:08.0087 6844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:53:08.0115 6844 NDIS - ok
18:53:08.0133 6844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:53:08.0164 6844 NdisCap - ok
18:53:08.0175 6844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:08.0215 6844 NdisTapi - ok
18:53:08.0235 6844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:08.0282 6844 Ndisuio - ok
18:53:08.0309 6844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:08.0350 6844 NdisWan - ok
18:53:08.0381 6844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:53:08.0449 6844 NDProxy - ok
18:53:08.0483 6844 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:53:08.0489 6844 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:53:08.0489 6844 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:53:08.0504 6844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:53:08.0535 6844 NetBIOS - ok
18:53:08.0562 6844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:53:08.0594 6844 NetBT - ok
18:53:08.0606 6844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:53:08.0617 6844 Netlogon - ok
18:53:08.0648 6844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:53:08.0696 6844 Netman - ok
18:53:08.0713 6844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:53:08.0760 6844 netprofm - ok
18:53:08.0806 6844 [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
18:53:08.0854 6844 netr7364 - ok
18:53:08.0878 6844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:53:08.0893 6844 NetTcpPortSharing - ok
18:53:08.0911 6844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:53:08.0927 6844 nfrd960 - ok
18:53:08.0964 6844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:53:09.0007 6844 NlaSvc - ok
18:53:09.0012 6844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:53:09.0045 6844 Npfs - ok
18:53:09.0068 6844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:53:09.0140 6844 nsi - ok
18:53:09.0144 6844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:53:09.0191 6844 nsiproxy - ok
18:53:09.0259 6844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:53:09.0312 6844 Ntfs - ok
18:53:09.0325 6844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:53:09.0355 6844 Null - ok
18:53:09.0604 6844 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:53:09.0875 6844 nvlddmkm - ok
18:53:09.0898 6844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:53:09.0912 6844 nvraid - ok
18:53:09.0926 6844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:53:09.0941 6844 nvstor - ok
18:53:09.0979 6844 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:53:10.0028 6844 nvsvc - ok
18:53:10.0090 6844 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:53:10.0135 6844 nvUpdatusService - ok
18:53:10.0156 6844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:53:10.0170 6844 nv_agp - ok
18:53:10.0241 6844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:53:10.0285 6844 odserv - ok
18:53:10.0298 6844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:53:10.0313 6844 ohci1394 - ok
18:53:10.0345 6844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:10.0376 6844 ose - ok
18:53:10.0404 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:53:10.0441 6844 p2pimsvc - ok
18:53:10.0461 6844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:53:10.0478 6844 p2psvc - ok
18:53:10.0515 6844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:53:10.0549 6844 Parport - ok
18:53:10.0569 6844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:53:10.0585 6844 partmgr - ok
18:53:10.0600 6844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:53:10.0631 6844 PcaSvc - ok
18:53:10.0650 6844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:53:10.0669 6844 pci - ok
18:53:10.0680 6844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:53:10.0694 6844 pciide - ok
18:53:10.0710 6844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:53:10.0730 6844 pcmcia - ok
18:53:10.0734 6844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:53:10.0750 6844 pcw - ok
18:53:10.0844 6844 [ B1078DE6104E20BC4CA9591D17CDD5C3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
18:53:10.0909 6844 PDF Architect Helper Service - ok
18:53:10.0937 6844 [ 256D740E98DB5B86CB248EACADC5DBEC ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
18:53:10.0963 6844 PDF Architect Service - ok
18:53:10.0979 6844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:53:11.0033 6844 PEAUTH - ok
18:53:11.0096 6844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:53:11.0148 6844 PerfHost - ok
18:53:11.0199 6844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:53:11.0283 6844 pla - ok
18:53:11.0354 6844 [ AB168D5CF1CD69F9FA6F09C828FEA660 ] PlantronicsGC C:\Windows\system32\drivers\PLTGC.sys
18:53:11.0424 6844 PlantronicsGC - ok
18:53:11.0464 6844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:53:11.0490 6844 PlugPlay - ok
18:53:11.0528 6844 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:53:11.0544 6844 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:53:11.0544 6844 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:53:11.0564 6844 PnkBstrA - ok
18:53:11.0589 6844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:53:11.0644 6844 PNRPAutoReg - ok
18:53:11.0673 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:53:11.0697 6844 PNRPsvc - ok
18:53:11.0730 6844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:53:11.0805 6844 PolicyAgent - ok
18:53:11.0836 6844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:53:11.0877 6844 Power - ok
18:53:11.0905 6844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:53:11.0976 6844 PptpMiniport - ok
18:53:11.0993 6844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:53:12.0020 6844 Processor - ok
18:53:12.0049 6844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:53:12.0076 6844 ProfSvc - ok
18:53:12.0089 6844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:53:12.0103 6844 ProtectedStorage - ok
18:53:12.0146 6844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:53:12.0230 6844 Psched - ok
18:53:12.0263 6844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:53:12.0304 6844 ql2300 - ok
18:53:12.0312 6844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:53:12.0326 6844 ql40xx - ok
18:53:12.0378 6844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:53:12.0398 6844 QWAVE - ok
18:53:12.0402 6844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:53:12.0433 6844 QWAVEdrv - ok
18:53:12.0453 6844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:53:12.0494 6844 RasAcd - ok
18:53:12.0529 6844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:53:12.0586 6844 RasAgileVpn - ok
18:53:12.0597 6844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:53:12.0635 6844 RasAuto - ok
18:53:12.0657 6844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:12.0736 6844 Rasl2tp - ok
18:53:12.0762 6844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:53:12.0819 6844 RasMan - ok
18:53:12.0835 6844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:12.0881 6844 RasPppoe - ok
18:53:12.0892 6844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:53:12.0937 6844 RasSstp - ok
18:53:12.0964 6844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:53:13.0000 6844 rdbss - ok
18:53:13.0012 6844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:53:13.0037 6844 rdpbus - ok
18:53:13.0050 6844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:13.0081 6844 RDPCDD - ok
18:53:13.0099 6844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:53:13.0142 6844 RDPENCDD - ok
18:53:13.0156 6844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:53:13.0186 6844 RDPREFMP - ok
18:53:13.0258 6844 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:53:13.0327 6844 RdpVideoMiniport - ok
18:53:13.0353 6844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:53:13.0402 6844 RDPWD - ok
18:53:13.0440 6844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:53:13.0466 6844 rdyboost - ok
18:53:13.0491 6844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:53:13.0537 6844 RemoteAccess - ok
18:53:13.0563 6844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:53:13.0603 6844 RemoteRegistry - ok
18:53:13.0612 6844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:53:13.0660 6844 RpcEptMapper - ok
18:53:13.0686 6844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:53:13.0729 6844 RpcLocator - ok
18:53:13.0757 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:53:13.0798 6844 RpcSs - ok
18:53:13.0824 6844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:53:13.0857 6844 rspndr - ok
18:53:13.0935 6844 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:53:13.0961 6844 RTL8167 - ok
18:53:13.0980 6844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:53:13.0995 6844 SamSs - ok
18:53:14.0022 6844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:53:14.0036 6844 sbp2port - ok
18:53:14.0073 6844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:53:14.0183 6844 SCardSvr - ok
18:53:14.0212 6844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:53:14.0255 6844 scfilter - ok
18:53:14.0333 6844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:53:14.0402 6844 Schedule - ok
18:53:14.0429 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:53:14.0461 6844 SCPolicySvc - ok
18:53:14.0528 6844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:53:14.0585 6844 SDRSVC - ok
18:53:14.0620 6844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:53:14.0682 6844 secdrv - ok
18:53:14.0697 6844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:53:14.0733 6844 seclogon - ok
18:53:14.0757 6844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:53:14.0797 6844 SENS - ok
18:53:14.0811 6844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:53:14.0861 6844 SensrSvc - ok
18:53:14.0895 6844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:53:14.0932 6844 Serenum - ok
18:53:14.0945 6844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:53:14.0958 6844 Serial - ok
18:53:14.0969 6844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:53:14.0993 6844 sermouse - ok
18:53:15.0023 6844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:53:15.0064 6844 SessionEnv - ok
18:53:15.0085 6844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:53:15.0114 6844 sffdisk - ok
18:53:15.0118 6844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:53:15.0149 6844 sffp_mmc - ok
18:53:15.0152 6844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:53:15.0180 6844 sffp_sd - ok
18:53:15.0194 6844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:53:15.0206 6844 sfloppy - ok
18:53:15.0234 6844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:53:15.0270 6844 SharedAccess - ok
18:53:15.0297 6844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:53:15.0331 6844 ShellHWDetection - ok
18:53:15.0352 6844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:53:15.0364 6844 SiSRaid2 - ok
18:53:15.0368 6844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:53:15.0380 6844 SiSRaid4 - ok
18:53:15.0389 6844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:53:15.0436 6844 Smb - ok
18:53:15.0479 6844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:53:15.0493 6844 SNMPTRAP - ok
18:53:15.0507 6844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:53:15.0519 6844 spldr - ok
18:53:15.0549 6844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:53:15.0567 6844 Spooler - ok
18:53:15.0661 6844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:53:15.0734 6844 sppsvc - ok
18:53:15.0756 6844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:53:15.0822 6844 sppuinotify - ok
18:53:15.0845 6844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:53:15.0883 6844 srv - ok
18:53:15.0898 6844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:53:15.0916 6844 srv2 - ok
18:53:15.0940 6844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:53:15.0969 6844 srvnet - ok
18:53:15.0995 6844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:53:16.0034 6844 SSDPSRV - ok
18:53:16.0044 6844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:53:16.0076 6844 SstpSvc - ok
18:53:16.0138 6844 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:53:16.0175 6844 Stereo Service - ok
18:53:16.0189 6844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:53:16.0201 6844 stexstor - ok
18:53:16.0236 6844 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:53:16.0281 6844 StillCam - ok
18:53:16.0321 6844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:53:16.0363 6844 stisvc - ok
18:53:16.0380 6844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:53:16.0395 6844 swenum - ok
18:53:16.0426 6844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:53:16.0491 6844 swprv - ok
18:53:16.0540 6844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:53:16.0588 6844 SysMain - ok
18:53:16.0608 6844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:53:16.0626 6844 TabletInputService - ok
18:53:16.0637 6844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:53:16.0777 6844 TapiSrv - ok
18:53:16.0803 6844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:53:16.0869 6844 TBS - ok
18:53:16.0933 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:53:16.0989 6844 Tcpip - ok
18:53:17.0021 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:53:17.0056 6844 TCPIP6 - ok
18:53:17.0074 6844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:53:17.0086 6844 tcpipreg - ok
18:53:17.0117 6844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:53:17.0173 6844 TDPIPE - ok
18:53:17.0200 6844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:53:17.0309 6844 TDTCP - ok
18:53:17.0400 6844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:53:17.0468 6844 tdx - ok
18:53:17.0495 6844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:53:17.0507 6844 TermDD - ok
18:53:17.0548 6844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:53:17.0632 6844 TermService - ok
18:53:17.0653 6844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:53:17.0676 6844 Themes - ok
18:53:17.0691 6844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:53:17.0721 6844 THREADORDER - ok
18:53:17.0737 6844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:53:17.0782 6844 TrkWks - ok
18:53:17.0840 6844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:53:17.0915 6844 TrustedInstaller - ok
18:53:17.0948 6844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:17.0987 6844 tssecsrv - ok
18:53:18.0033 6844 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:53:18.0093 6844 TsUsbFlt - ok
18:53:18.0142 6844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:53:18.0240 6844 tunnel - ok
18:53:18.0260 6844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:53:18.0275 6844 uagp35 - ok
18:53:18.0303 6844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:53:18.0374 6844 udfs - ok
18:53:18.0402 6844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:53:18.0416 6844 UI0Detect - ok
18:53:18.0431 6844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:53:18.0446 6844 uliagpkx - ok
18:53:18.0480 6844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:53:18.0504 6844 umbus - ok
18:53:18.0516 6844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:53:18.0528 6844 UmPass - ok
18:53:18.0541 6844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:53:18.0583 6844 upnphost - ok
18:53:18.0613 6844 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:53:18.0661 6844 USBAAPL64 - ok
18:53:18.0687 6844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:53:18.0734 6844 usbaudio - ok
18:53:18.0754 6844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:18.0793 6844 usbccgp - ok
18:53:18.0824 6844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:53:18.0862 6844 usbcir - ok
18:53:18.0873 6844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:53:18.0888 6844 usbehci - ok
18:53:18.0907 6844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:53:18.0939 6844 usbhub - ok
18:53:18.0944 6844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:53:18.0974 6844 usbohci - ok
18:53:18.0990 6844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:53:19.0012 6844 usbprint - ok
18:53:19.0033 6844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:19.0072 6844 USBSTOR - ok
18:53:19.0088 6844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:53:19.0111 6844 usbuhci - ok
18:53:19.0130 6844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:53:19.0167 6844 UxSms - ok
18:53:19.0181 6844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:53:19.0192 6844 VaultSvc - ok
18:53:19.0221 6844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:53:19.0233 6844 vdrvroot - ok
18:53:19.0280 6844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:53:19.0344 6844 vds - ok
18:53:19.0360 6844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:19.0374 6844 vga - ok
18:53:19.0385 6844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:53:19.0427 6844 VgaSave - ok
18:53:19.0450 6844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:53:19.0468 6844 vhdmp - ok
18:53:19.0478 6844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:53:19.0490 6844 viaide - ok
18:53:19.0508 6844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:53:19.0521 6844 volmgr - ok
18:53:19.0556 6844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:53:19.0592 6844 volmgrx - ok
18:53:19.0607 6844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:53:19.0628 6844 volsnap - ok
18:53:19.0652 6844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:53:19.0667 6844 vsmraid - ok
18:53:19.0723 6844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:53:19.0804 6844 VSS - ok
18:53:19.0808 6844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:53:19.0829 6844 vwifibus - ok
18:53:19.0845 6844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:53:19.0860 6844 vwififlt - ok
18:53:19.0884 6844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:53:19.0921 6844 W32Time - ok
18:53:19.0938 6844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:53:19.0962 6844 WacomPen - ok
18:53:19.0998 6844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:53:20.0078 6844 WANARP - ok
18:53:20.0082 6844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:53:20.0113 6844 Wanarpv6 - ok
18:53:20.0165 6844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:53:20.0244 6844 wbengine - ok
18:53:20.0263 6844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:53:20.0283 6844 WbioSrvc - ok
18:53:20.0312 6844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:53:20.0355 6844 wcncsvc - ok
18:53:20.0366 6844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:53:20.0390 6844 WcsPlugInService - ok
18:53:20.0402 6844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:53:20.0414 6844 Wd - ok
18:53:20.0444 6844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:53:20.0498 6844 Wdf01000 - ok
18:53:20.0520 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:53:20.0614 6844 WdiServiceHost - ok
18:53:20.0619 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:53:20.0639 6844 WdiSystemHost - ok
18:53:20.0673 6844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:53:20.0705 6844 WebClient - ok
18:53:20.0722 6844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:53:20.0772 6844 Wecsvc - ok
18:53:20.0787 6844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:53:20.0862 6844 wercplsupport - ok
18:53:20.0883 6844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:53:20.0915 6844 WerSvc - ok
18:53:20.0930 6844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:53:20.0961 6844 WfpLwf - ok
18:53:20.0976 6844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:53:20.0987 6844 WIMMount - ok
18:53:20.0998 6844 WinDefend - ok
18:53:21.0001 6844 WinHttpAutoProxySvc - ok
18:53:21.0034 6844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:53:21.0066 6844 Winmgmt - ok
18:53:21.0138 6844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:53:21.0206 6844 WinRM - ok
18:53:21.0243 6844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:53:21.0265 6844 WinUsb - ok
18:53:21.0298 6844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:53:21.0337 6844 Wlansvc - ok
18:53:21.0426 6844 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:53:21.0494 6844 wlidsvc - ok
18:53:21.0519 6844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:53:21.0530 6844 WmiAcpi - ok
18:53:21.0551 6844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:53:21.0567 6844 wmiApSrv - ok
18:53:21.0584 6844 WMPNetworkSvc - ok
18:53:21.0592 6844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:53:21.0615 6844 WPCSvc - ok
18:53:21.0645 6844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:53:21.0681 6844 WPDBusEnum - ok
18:53:21.0713 6844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:53:21.0763 6844 ws2ifsl - ok
18:53:21.0777 6844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:53:21.0803 6844 wscsvc - ok
18:53:21.0833 6844 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:53:21.0887 6844 WSDPrintDevice - ok
18:53:21.0891 6844 WSearch - ok
18:53:21.0952 6844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:53:22.0007 6844 wuauserv - ok
18:53:22.0029 6844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:53:22.0064 6844 WudfPf - ok
18:53:22.0105 6844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:22.0159 6844 WUDFRd - ok
18:53:22.0187 6844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:53:22.0221 6844 wudfsvc - ok
18:53:22.0246 6844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:53:22.0277 6844 WwanSvc - ok
18:53:22.0290 6844 ================ Scan global ===============================
18:53:22.0314 6844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:53:22.0343 6844 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:53:22.0362 6844 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:53:22.0398 6844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:53:22.0455 6844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:53:22.0465 6844 [Global] - ok
18:53:22.0466 6844 ================ Scan MBR ==================================
18:53:22.0503 6844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:53:22.0795 6844 \Device\Harddisk0\DR0 - ok
18:53:22.0800 6844 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5
18:53:26.0002 6844 \Device\Harddisk5\DR5 - ok
18:53:26.0003 6844 ================ Scan VBR ==================================
18:53:26.0008 6844 [ E6C256FB632E4C9978F5649552AC6BB1 ] \Device\Harddisk0\DR0\Partition1
18:53:26.0011 6844 \Device\Harddisk0\DR0\Partition1 - ok
18:53:26.0033 6844 [ 6897E5D43DEB8C4D37ACBE7933A945A3 ] \Device\Harddisk0\DR0\Partition2
18:53:26.0034 6844 \Device\Harddisk0\DR0\Partition2 - ok
18:53:26.0038 6844 [ C699F26418F3772DFD006F1DB121A60C ] \Device\Harddisk5\DR5\Partition1
18:53:26.0040 6844 \Device\Harddisk5\DR5\Partition1 - ok
18:53:26.0040 6844 ============================================================
18:53:26.0040 6844 Scan finished
18:53:26.0040 6844 ============================================================
18:53:26.0053 6444 Detected object count: 2
18:53:26.0053 6444 Actual detected object count: 2
18:55:26.0372 6444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:26.0372 6444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:26.0375 6444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:26.0376 6444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 17.01.2013, 22:02   #9
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 08:48   #10
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Guten Morgen,

habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören).

Was soll ich tun? CombiFix nochmal starten?

Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe.

MfG und danke im Voraus

Combofix hat sich doch net aufgehangen, ist jetzt bei Stufe 23.
Wie lange kann das dauern?

[QUOTE=Giere84;993336]Guten Morgen,

habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören).

Was soll ich tun? CombiFix nochmal starten?

Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe.

MfG und danke im Voraus

Guten Morgen,

habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören).

Was soll ich tun? CombiFix nochmal starten?

Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe.

MfG und danke im Voraus

Sorry ich wollte den Beitrag nur ändern, da kam das hier bei raus

ComboFix ist jetzt bei Stufe 27. Wie lange kann das dauern?

Alt 18.01.2013, 15:05   #11
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hallo,

also ich habe Combofix durchgeführt und hier ist die logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-17.04 - Michael 18.01.2013  11:18:42.2.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2392 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-18 bis 2013-01-18  ))))))))))))))))))))))))))))))
.
.
2013-01-18 13:58 . 2013-01-18 13:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-18 07:08 . 2013-01-18 07:08	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\offreg.dll
2013-01-17 16:37 . 2013-01-17 17:18	--------	d-----w-	C:\_OTL
2013-01-15 08:24 . 2013-01-15 08:24	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-15 08:24 . 2013-01-15 08:24	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 08:24 . 2013-01-15 08:24	--------	d--h--w-	c:\programdata\Common Files
2013-01-15 07:59 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\mpengine.dll
2013-01-11 12:33 . 2013-01-12 11:27	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-10 15:49 . 2013-01-10 15:49	--------	d-----w-	c:\program files (x86)\PDF Architect
2013-01-10 15:49 . 2012-10-28 17:32	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2013-01-10 15:49 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-10 15:49 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-01-10 15:49 . 2013-01-10 15:50	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-01-10 15:49 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-01-10 15:49 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2013-01-10 15:49 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-01-10 15:49 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-01-10 13:20 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-10 13:20 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 08:46 . 2013-01-09 08:46	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2013-01-09 08:46 . 2013-01-09 08:46	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2013-01-08 16:20 . 2013-01-08 16:20	--------	d-----w-	c:\programdata\Nikon
2013-01-07 09:42 . 2013-01-07 09:42	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-01-07 09:39 . 2013-01-07 09:39	--------	d-----w-	C:\NVIDIA
2013-01-07 09:34 . 2013-01-07 09:34	--------	d-----w-	c:\program files (x86)\ArcSoft
2013-01-07 09:34 . 2013-01-07 09:34	--------	d-----w-	c:\program files (x86)\Common Files\ArcSoft
2013-01-07 09:33 . 2013-01-07 09:33	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\windows\Downloaded Installations
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\program files (x86)\Common Files\Nikon
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\Home
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\program files\Common Files\Nikon
2013-01-07 09:31 . 2013-01-07 09:33	--------	d-----w-	c:\program files (x86)\Nikon
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\program files\Nikon
2013-01-07 09:31 . 2013-01-07 09:31	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\Hybrid Synthesizers
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\Guitars
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\Ultima_T15
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\EnterNHelp
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\PrintsService
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-02 17:10 . 2013-01-02 17:10	--------	d-----w-	c:\program files (x86)\QuickTime
2013-01-02 10:34 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-02 10:34 . 2013-01-02 10:34	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-01-02 10:33 . 2013-01-02 10:33	--------	d-----w-	c:\program files\iPod
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\program files\iTunes
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\program files (x86)\iTunes
2013-01-02 10:33 . 2013-01-02 10:33	--------	d-----w-	c:\programdata\Apple Computer
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-01-02 10:32 . 2013-01-02 10:40	--------	d-----w-	c:\program files\Common Files\Apple
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files\Bonjour
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files (x86)\Bonjour
2013-01-02 10:31 . 2013-01-02 10:40	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-01-02 10:31 . 2013-01-02 10:32	--------	d-----w-	c:\programdata\Apple
2012-12-29 01:54 . 2012-12-29 01:54	550328	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-12-25 21:21 . 2012-12-25 21:21	--------	d-----w-	c:\program files (x86)\Ubisoft
2012-12-24 10:54 . 2012-12-24 10:54	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-12-23 15:06 . 2012-12-23 15:06	--------	d-----w-	c:\programdata\WEBREG
2012-12-23 15:02 . 2012-12-23 15:02	--------	d-----w-	c:\programdata\HP Product Assistant
2012-12-23 15:02 . 2012-12-23 15:02	--------	d-----w-	c:\windows\SysWow64\spool
2012-12-23 15:01 . 2012-12-23 15:01	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-12-23 15:00 . 2012-12-23 15:00	--------	d-----w-	c:\program files (x86)\Common Files\HP
2012-12-23 15:00 . 2012-12-23 15:00	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2012-12-23 15:00 . 2008-12-01 09:02	226816	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpzpp5oe.dll
2012-12-23 15:00 . 2008-12-01 09:06	131072	----a-w-	c:\windows\system32\hpz3l5oe.dll
2012-12-23 15:00 . 2008-12-01 09:05	235008	----a-w-	c:\windows\SysWow64\hpzc35oe.dll
2012-12-23 15:00 . 2006-11-30 10:14	671816	----a-w-	c:\windows\system32\hpcdmc32.dll
2012-12-23 15:00 . 2012-12-23 15:02	--------	d-----w-	c:\program files (x86)\HP
2012-12-23 14:58 . 2012-12-23 15:06	--------	d-----w-	c:\programdata\HP
2012-12-23 14:58 . 2010-05-31 04:36	358744	----a-w-	c:\windows\system32\hpzids40.dll
2012-12-23 14:58 . 2010-02-01 06:54	944128	----a-w-	c:\windows\system32\hpwwiax4.dll
2012-12-23 14:58 . 2010-02-01 06:54	740864	----a-w-	c:\windows\system32\hpwtscl3.dll
2012-12-23 14:58 . 2010-02-01 06:54	540672	----a-w-	c:\windows\system32\hppldcoi.dll
2012-12-23 14:58 . 2010-02-01 06:54	488960	----a-w-	c:\windows\system32\hpovst11.dll
2012-12-23 14:49 . 2012-12-23 14:49	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-12-23 14:42 . 2012-12-23 14:42	--------	d-----w-	c:\programdata\Hewlett-Packard
2012-12-23 14:42 . 2009-07-14 01:41	230400	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-12-23 12:43 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-12-23 12:43 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-12-23 12:43 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-23 12:43 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-23 12:43 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-23 12:43 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-23 12:43 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-23 12:43 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-23 12:43 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-23 12:10 . 2012-12-23 12:10	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-23 12:10 . 2012-12-23 12:10	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-12-23 11:36 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-12-23 11:36 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-12-23 11:36 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-12-23 10:52 . 2013-01-14 12:03	--------	d-----w-	c:\program files (x86)\Microsoft
2012-12-23 10:44 . 2012-12-23 10:44	--------	d-----w-	c:\windows\system32\SPReview
2012-12-23 10:43 . 2012-12-23 10:43	--------	d-----w-	c:\windows\system32\EventProviders
2012-12-23 07:49 . 2012-12-23 07:49	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-12-23 07:49 . 2012-12-23 07:49	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-12-22 15:41 . 2013-01-10 18:03	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-22 15:26 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2012-12-22 15:26 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-12-22 15:26 . 2010-11-05 01:58	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2012-12-22 15:26 . 2010-11-20 13:27	14967808	----a-w-	c:\program files\DVD Maker\OmdBase.dll
2012-12-22 15:26 . 2010-11-20 13:26	1838080	----a-w-	c:\windows\system32\d3d10warp.dll
2012-12-22 15:26 . 2010-11-20 13:27	1743360	----a-w-	c:\windows\system32\sysmain.dll
2012-12-22 15:26 . 2010-11-20 12:19	954752	----a-w-	c:\windows\SysWow64\mfc40.dll
2012-12-22 15:26 . 2010-11-20 12:19	954288	----a-w-	c:\windows\SysWow64\mfc40u.dll
2012-12-22 15:26 . 2010-11-20 12:18	1171456	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-12-22 15:24 . 2010-11-20 13:33	155008	----a-w-	c:\windows\system32\drivers\mpio.sys
2012-12-22 15:23 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-12-22 15:23 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-12-22 15:23 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-12-21 18:05 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-21 18:05 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-21 18:05 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-21 18:05 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-21 17:57 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-12-21 17:52 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 17:52 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 10:34 . 2012-10-10 20:23	18054312	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2012-10-10 20:23	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-10 20:23	2824656	----a-w-	c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:22	2504248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-10 20:22	15129064	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2009-07-13 21:59	15052368	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-12-23 11:16 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-12-23 11:16 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-10 13:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-12-14 15:26	92384	----a-w-	c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-12-14 732384]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-08 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-08 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-14 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2013-01-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-14 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-08 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 15:05	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-18  15:02:00
ComboFix-quarantined-files.txt  2013-01-18 14:01
ComboFix2.txt  2013-01-18 10:13
.
Vor Suchlauf: 13 Verzeichnis(se), 130.643.849.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 130.348.716.032 Bytes frei
.
- - End Of File - - F8B19E5EFFE569094B563D53B6738E97
         
--- --- ---
Angehängte Dateien
Dateityp: txt ComboFix.txt (23,0 KB, 115x aufgerufen)

Alt 18.01.2013, 15:13   #12
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



ich hatte erst ausversehen, Combofix von dem Downloadordner ausgeführt. Hatte diesen eigentlich unübersehbaren Hinweis, dass die Datei nur auf dem Desktop ausgeführt werden darf, irgendwie übersehen. Darauf hin habe ich Combofix nochmal auf dem Desktop durch laufen lassen (siehe Antwort darüber). Ich hoffe es stellt keine Probleme für meinen Rechner dar. Bis jetzt läuft auch alles normal.

Die erste logfile ist hier:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-17.04 - Michael 18.01.2013   8:07.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2319 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Application
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-18 bis 2013-01-18  ))))))))))))))))))))))))))))))
.
.
2013-01-18 10:10 . 2013-01-18 10:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-18 07:08 . 2013-01-18 07:08	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\offreg.dll
2013-01-17 16:37 . 2013-01-17 17:18	--------	d-----w-	C:\_OTL
2013-01-15 08:24 . 2013-01-15 08:24	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-15 08:24 . 2013-01-15 08:24	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 08:24 . 2013-01-15 08:24	--------	d--h--w-	c:\programdata\Common Files
2013-01-15 07:59 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\mpengine.dll
2013-01-11 12:33 . 2013-01-12 11:27	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-10 15:49 . 2013-01-10 15:49	--------	d-----w-	c:\program files (x86)\PDF Architect
2013-01-10 15:49 . 2012-10-28 17:32	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2013-01-10 15:49 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-10 15:49 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-01-10 15:49 . 2013-01-10 15:50	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-01-10 15:49 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-01-10 15:49 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2013-01-10 15:49 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-01-10 15:49 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-01-10 13:20 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-10 13:20 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 08:46 . 2013-01-09 08:46	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2013-01-09 08:46 . 2013-01-09 08:46	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2013-01-08 16:20 . 2013-01-08 16:20	--------	d-----w-	c:\programdata\Nikon
2013-01-07 09:42 . 2013-01-07 09:42	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-01-07 09:39 . 2013-01-07 09:39	--------	d-----w-	C:\NVIDIA
2013-01-07 09:34 . 2013-01-07 09:34	--------	d-----w-	c:\program files (x86)\ArcSoft
2013-01-07 09:34 . 2013-01-07 09:34	--------	d-----w-	c:\program files (x86)\Common Files\ArcSoft
2013-01-07 09:33 . 2013-01-07 09:33	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\windows\Downloaded Installations
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\program files (x86)\Common Files\Nikon
2013-01-07 09:32 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\Home
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\program files\Common Files\Nikon
2013-01-07 09:31 . 2013-01-07 09:33	--------	d-----w-	c:\program files (x86)\Nikon
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\program files\Nikon
2013-01-07 09:31 . 2013-01-07 09:31	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\Hybrid Synthesizers
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\Guitars
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\Ultima_T15
2013-01-07 09:31 . 2013-01-07 09:32	--------	d-----w-	c:\programdata\EnterNHelp
2013-01-07 09:31 . 2013-01-07 09:31	--------	d-----w-	c:\programdata\PrintsService
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-02 17:10 . 2013-01-02 17:10	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-02 17:10 . 2013-01-02 17:10	--------	d-----w-	c:\program files (x86)\QuickTime
2013-01-02 10:34 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-02 10:34 . 2013-01-02 10:34	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-01-02 10:33 . 2013-01-02 10:33	--------	d-----w-	c:\program files\iPod
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\program files\iTunes
2013-01-02 10:33 . 2013-01-02 10:34	--------	d-----w-	c:\program files (x86)\iTunes
2013-01-02 10:33 . 2013-01-02 10:33	--------	d-----w-	c:\programdata\Apple Computer
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-01-02 10:32 . 2013-01-02 10:40	--------	d-----w-	c:\program files\Common Files\Apple
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files\Bonjour
2013-01-02 10:32 . 2013-01-02 10:32	--------	d-----w-	c:\program files (x86)\Bonjour
2013-01-02 10:31 . 2013-01-02 10:40	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-01-02 10:31 . 2013-01-02 10:32	--------	d-----w-	c:\programdata\Apple
2012-12-29 01:54 . 2012-12-29 01:54	550328	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-12-25 21:21 . 2012-12-25 21:21	--------	d-----w-	c:\program files (x86)\Ubisoft
2012-12-24 10:54 . 2012-12-24 10:54	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-12-23 15:06 . 2012-12-23 15:06	--------	d-----w-	c:\programdata\WEBREG
2012-12-23 15:02 . 2012-12-23 15:02	--------	d-----w-	c:\programdata\HP Product Assistant
2012-12-23 15:02 . 2012-12-23 15:02	--------	d-----w-	c:\windows\SysWow64\spool
2012-12-23 15:01 . 2012-12-23 15:01	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-12-23 15:00 . 2012-12-23 15:00	--------	d-----w-	c:\program files (x86)\Common Files\HP
2012-12-23 15:00 . 2012-12-23 15:00	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2012-12-23 15:00 . 2008-12-01 09:02	226816	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpzpp5oe.dll
2012-12-23 15:00 . 2008-12-01 09:06	131072	----a-w-	c:\windows\system32\hpz3l5oe.dll
2012-12-23 15:00 . 2008-12-01 09:05	235008	----a-w-	c:\windows\SysWow64\hpzc35oe.dll
2012-12-23 15:00 . 2006-11-30 10:14	671816	----a-w-	c:\windows\system32\hpcdmc32.dll
2012-12-23 15:00 . 2012-12-23 15:02	--------	d-----w-	c:\program files (x86)\HP
2012-12-23 14:58 . 2012-12-23 15:06	--------	d-----w-	c:\programdata\HP
2012-12-23 14:58 . 2010-05-31 04:36	358744	----a-w-	c:\windows\system32\hpzids40.dll
2012-12-23 14:58 . 2010-02-01 06:54	944128	----a-w-	c:\windows\system32\hpwwiax4.dll
2012-12-23 14:58 . 2010-02-01 06:54	740864	----a-w-	c:\windows\system32\hpwtscl3.dll
2012-12-23 14:58 . 2010-02-01 06:54	540672	----a-w-	c:\windows\system32\hppldcoi.dll
2012-12-23 14:58 . 2010-02-01 06:54	488960	----a-w-	c:\windows\system32\hpovst11.dll
2012-12-23 14:49 . 2012-12-23 14:49	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-12-23 14:42 . 2012-12-23 14:42	--------	d-----w-	c:\programdata\Hewlett-Packard
2012-12-23 14:42 . 2009-07-14 01:41	230400	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-12-23 12:43 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-12-23 12:43 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-12-23 12:43 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-23 12:43 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-23 12:43 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-23 12:43 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-23 12:43 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-23 12:43 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-23 12:43 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-23 12:10 . 2012-12-23 12:10	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-23 12:10 . 2012-12-23 12:10	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-12-23 11:36 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-12-23 11:36 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-12-23 11:36 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-12-23 10:52 . 2013-01-14 12:03	--------	d-----w-	c:\program files (x86)\Microsoft
2012-12-23 10:44 . 2012-12-23 10:44	--------	d-----w-	c:\windows\system32\SPReview
2012-12-23 10:43 . 2012-12-23 10:43	--------	d-----w-	c:\windows\system32\EventProviders
2012-12-23 07:49 . 2012-12-23 07:49	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-12-23 07:49 . 2012-12-23 07:49	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-12-22 15:41 . 2013-01-10 18:03	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-22 15:26 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2012-12-22 15:26 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-12-22 15:26 . 2010-11-05 01:58	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2012-12-22 15:26 . 2010-11-20 13:27	14967808	----a-w-	c:\program files\DVD Maker\OmdBase.dll
2012-12-22 15:26 . 2010-11-20 13:26	1838080	----a-w-	c:\windows\system32\d3d10warp.dll
2012-12-22 15:26 . 2010-11-20 13:27	1743360	----a-w-	c:\windows\system32\sysmain.dll
2012-12-22 15:26 . 2010-11-20 12:19	954752	----a-w-	c:\windows\SysWow64\mfc40.dll
2012-12-22 15:26 . 2010-11-20 12:19	954288	----a-w-	c:\windows\SysWow64\mfc40u.dll
2012-12-22 15:26 . 2010-11-20 12:18	1171456	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-12-22 15:24 . 2010-11-20 13:33	155008	----a-w-	c:\windows\system32\drivers\mpio.sys
2012-12-22 15:23 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-12-22 15:23 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-12-22 15:23 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-12-21 18:05 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-21 18:05 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-21 18:05 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-21 18:05 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-21 17:57 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-12-21 17:52 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 17:52 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 10:34 . 2012-10-10 20:23	18054312	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2012-10-10 20:23	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-10 20:23	2824656	----a-w-	c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:22	2504248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-10 20:22	15129064	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2009-07-13 21:59	15052368	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-12-23 11:16 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-12-23 11:16 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-10 13:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-12-14 15:26	92384	----a-w-	c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-12-14 732384]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-08 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-08 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-14 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2013-01-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-14 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-08 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 15:05	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-18  11:13:46
ComboFix-quarantined-files.txt  2013-01-18 10:13
.
Vor Suchlauf: 8 Verzeichnis(se), 131.093.782.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 130.582.302.720 Bytes frei
.
- - End Of File - - 6F7400CC3064085B39F729BA6D7C9358
         
--- --- ---

Alt 18.01.2013, 17:41   #13
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 17:20   #14
Giere84
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



Hallo,

es wurden keine Funde festgestellt.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: GAMESTATION [Administrator]

19.01.2013 10:42:49
mbam-log-2013-01-19 (10-42-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365827
Laufzeit: 48 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 19.01.2013, 18:56   #15
markusg
/// Malware-holic
 
Add by Browse to save Malware - Standard

Add by Browse to save Malware



hi


lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner bereits instaliert ist, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Add by Browse to save Malware
add by browse to save, browse to save, crazy, einiger, gdata, gefahren, inter, interne, internet, internet security 2013, komplett, malware, maus, nichts, platt, prüfung, rechner, security, seite, seiten, stand, unterstrichen, verschiedene, verschiedenen, virenprüfung, website, websiten, woche, wochen, wörter



Ähnliche Themen: Add by Browse to save Malware


  1. Werbung mit der Unterschrift Ads by Browse to Save
    Log-Analyse und Auswertung - 18.07.2013 (39)
  2. ads by browse to save was nun?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (11)
  3. Browse to Save - Virus
    Log-Analyse und Auswertung - 24.04.2013 (7)
  4. Browse to save
    Log-Analyse und Auswertung - 17.04.2013 (15)
  5. Click to Continue > by Browse to to Save und http://searchiu.com/?affil=141 Startseite - Malware
    Log-Analyse und Auswertung - 11.04.2013 (11)
  6. add by browse to save auf mac book pro version 10.8.3
    Log-Analyse und Auswertung - 09.04.2013 (9)
  7. 2x | Click to Continue by browse to save - maleware
    Mülltonne - 08.04.2013 (1)
  8. Browse to save...
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (20)
  9. Ads by Browse to Save Virus
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (27)
  10. Virus - ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (33)
  11. Ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (11)
  12. Ads by browse to save
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (13)
  13. Ads by Browse to Save
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (21)
  14. browse to save virus
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (31)
  15. Ads by Browse to Save - Virus? Wie Entfernen?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (13)
  16. Werbebanner by Browse to Save - Virus
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (13)
  17. Ads by Browse to Save - Virus
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (15)

Zum Thema Add by Browse to save Malware - Hallo, ich habe ein Problem. Ich hatte vor einiger Zeit schon mal das Problem, dass bei mir vereinzelte Wörter auf verschiedenen Websiten immer unterstrichen und als Hyperlink versehen waren. Immer - Add by Browse to save Malware...
Archiv
Du betrachtest: Add by Browse to save Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.