Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.01.2013, 13:12   #1
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Kann mir jemand bei "Browse to Save" helfen? Hatte hier schon ein paar Beiträge dazu gelesen und mache jetzt auch (wie man es wohl machen soll) ein eigenes Thema auf :-/.

Ist das irgendwie gefährlich und irgendwer kennt jetzt meine Passwörter, oder nur nervig durch die Werbebanner?

danke im vorraus Günni

Alt 19.01.2013, 14:57   #2
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Hi
Browse to safe ist nicht ungefährlich, aber um eine abschließene Wertung abzugeben, müssen wir erst mal schauen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 23.01.2013, 09:15   #3
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Hallo,

die Otl.Txt habe ich auf dem Desktop, wo finde ich die Extra.Txt?

Otl.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.01.2013 19:37:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MG2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 49,65% Memory free
11,96 Gb Paging File | 8,32 Gb Available in Paging File | 69,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1842,23 Gb Total Space | 1532,07 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive D: | 20,69 Gb Total Space | 2,60 Gb Free Space | 12,59% Space Free | Partition Type: NTFS
Drive G: | 2,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 29,15 Gb Total Space | 25,77 Gb Free Space | 88,43% Space Free | Partition Type: FAT32
 
Computer Name: 2 | User Name: MG2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.19 17:41:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MG2\Desktop\OTL.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\MG2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.11.21 17:55:30 | 000,010,848 | ---- | M] (DATEV eG) -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
PRC - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.11.19 19:15:30 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.11.12 03:45:22 | 001,104,824 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.11.12 03:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.11.12 03:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.11.01 05:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.10.13 01:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.10.03 15:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.09.13 10:51:43 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\MG2\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.08.30 16:27:12 | 002,635,872 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
PRC - [2012.08.07 11:13:48 | 000,535,136 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
PRC - [2012.07.03 03:00:00 | 000,157,792 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
PRC - [2012.07.02 13:43:44 | 000,188,000 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
PRC - [2012.06.28 18:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney Business 5.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2012.06.14 02:20:00 | 000,087,040 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.15 21:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
PRC - [2011.09.15 21:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2011.09.06 21:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011.08.18 01:17:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.08.16 22:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011.08.16 22:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011.07.13 07:58:00 | 002,185,832 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
PRC - [2011.07.13 07:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011.05.19 08:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011.04.20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011.04.20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011.03.03 09:47:48 | 000,192,512 | ---- | M] (KOBIL Systems GmbH) -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
PRC - [2011.02.24 08:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.04.23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.03.08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010.01.25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009.08.25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009.05.05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008.11.20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 10:27:30 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c91632cef78dc1e1ab7dce314c64f7a0\System.IdentityModel.ni.dll
MOD - [2013.01.10 10:27:29 | 018,123,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3485907c71cb4575a8ae6a9609bfe16c\System.ServiceModel.ni.dll
MOD - [2013.01.10 10:26:21 | 002,910,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ce183c37fac3a879e1976bf59b8da76b\ReachFramework.ni.dll
MOD - [2013.01.10 10:26:15 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.10 10:26:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 10:25:58 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\4373d5deea0fd001dfac01a83f6f2bca\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.01.10 10:25:57 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll
MOD - [2013.01.10 10:25:56 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8834e734c13d53e65982db2a00563ce7\System.Runtime.Serialization.ni.dll
MOD - [2013.01.10 10:21:25 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 18:09:43 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 18:09:33 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 18:09:26 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:09:22 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 18:09:22 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 18:09:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 18:09:17 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.09 18:09:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 18:09:15 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 18:09:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.10.13 01:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.10.13 01:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012.10.13 01:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.10.13 01:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.10.13 01:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.10.13 01:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.10.13 01:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.10.13 01:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.10.13 01:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.10.13 01:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.10.13 01:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.10.13 01:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.10.13 01:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.10.13 01:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.10.13 01:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012.10.13 01:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012.10.13 01:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012.10.13 01:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012.10.13 01:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.10.13 01:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.10.13 01:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.10.13 01:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011.02.15 19:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2011.12.16 23:16:56 | 000,229,376 | ---- | M] (Mirics Semiconductor) [Auto | Running] -- c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe -- (msi2500scan)
SRV:64bit: - [2011.12.16 23:16:54 | 002,715,648 | ---- | M] (Mirics Ltd.) [Auto | Running] -- c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe -- (MSiDVBT)
SRV:64bit: - [2011.11.24 08:23:54 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.26 06:25:00 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2010.12.13 13:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010.10.11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.03.03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013.01.16 17:02:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.30 16:27:12 | 002,635,872 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 03:00:00 | 000,157,792 | ---- | M] (DATEV eG) [On_Demand | Running] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2012.07.02 13:43:44 | 000,188,000 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst)
SRV - [2012.06.28 18:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney Business 5.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney Business 5.0 OnlineUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012.06.14 02:20:00 | 000,087,040 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.15 21:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC)
SRV - [2011.09.06 21:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011.08.16 22:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011.07.13 07:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011.03.08 00:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.03 09:47:48 | 000,192,512 | ---- | M] (KOBIL Systems GmbH) [Auto | Running] -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI)
SRV - [2011.02.25 05:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011.02.24 08:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.01.25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.15 14:31:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.01.15 14:22:30 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.11.15 21:06:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.13 13:24:12 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.07.03 14:45:06 | 000,084,728 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\d3_kafm.sys -- (SC_SERV3D)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.06.11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.06.11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.05.18 04:40:20 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012.05.18 04:05:13 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.05.18 04:05:13 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 23:16:47 | 000,228,352 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerMsiBDA.sys -- (MSi2500BDA)
DRV:64bit: - [2011.11.24 11:45:52 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.24 07:44:58 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.30 04:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.26 23:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.09.26 06:25:00 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.09.09 02:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.08.24 06:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.11 19:19:50 | 001,582,144 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.06.23 22:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)
DRV:64bit: - [2011.06.23 22:48:18 | 000,016,152 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011.06.23 22:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)
DRV:64bit: - [2011.06.17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011.06.07 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.05.05 01:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.13 13:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.28 17:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.07.13 13:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009.11.03 04:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009.11.03 04:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.19 11:45:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130121.019\ex64.sys -- (NAVEX15)
DRV - [2013.01.19 11:45:11 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.19 11:45:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130121.019\eng64.sys -- (NAVENG)
DRV - [2012.12.27 10:54:52 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.12.26 17:17:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.11.30 00:48:34 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7389732563504143&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F417B7A9-BD9E-492A-8B45-EC83A00FF112}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7389732563504143&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{F417B7A9-BD9E-492A-8B45-EC83A00FF112}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7389732563504143&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{F417B7A9-BD9E-492A-8B45-EC83A00FF112}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2012.05.18 04:20:24 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2012.05.18 04:20:24 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MG2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MG2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.01.03 16:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.21 11:50:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.01.22 19:25:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.06.21 11:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.01.03 16:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.09 17:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.11 09:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 14:23:26 | 000,000,000 | ---D | M]
 
[2013.01.03 16:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MG2\AppData\Roaming\mozilla\Extensions
[2013.01.20 17:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MG2\AppData\Roaming\mozilla\Firefox\Profiles\5dz7qo7a.default\extensions
[2013.01.20 17:56:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\MG2\AppData\Roaming\mozilla\firefox\profiles\5dz7qo7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.14 09:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MG2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MG2\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MG2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Internetradio Deutschland = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\
CHR - Extension: SaveByclick = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbjobakjibgcglcdjinogannhhknbgk\1_0\
CHR - Extension: Gmail offline = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Evernote Web = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Norton Identity Protection = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\MG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DtvIePwdSafeBHO64 Class) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Morgengold Günni\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe (DATEV eG)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SiPaHost] C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] C:\Program Files (x86)\StarMoney Business 5.0 Commerzbank-Edition\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\MG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MG2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MG2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MG2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38DA833E-E5CA-4E1F-BCAA-9E17AAD79CCE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1C84D-BA16-4274-9370-D505FEA18AD7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.31 14:51:20 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell - "" = AutoRun
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\AutoRun\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\configure\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\install\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 08:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.19 17:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MG2\Desktop\OTL.exe
[2013.01.19 15:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013.01.19 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\hpqLog
[2013.01.19 11:43:22 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.01.19 11:43:21 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.01.19 11:43:21 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.01.19 11:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.01.19 11:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.01.19 11:40:28 | 001,122,304 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013.01.19 11:40:28 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.01.19 11:40:28 | 000,274,432 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013.01.19 11:40:28 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.01.19 11:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse To Save Removal Tool
[2013.01.19 11:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Browse To Save Removal Tool
[2013.01.16 12:25:35 | 000,000,000 | ---D | C] -- C:\DASSDVS
[2013.01.15 14:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.01.15 14:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.01.15 14:31:02 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.15 14:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.01.15 14:22:30 | 000,868,848 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.01.15 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\PDF Architect
[2013.01.15 13:56:57 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\Zeon
[2013.01.15 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\MG2\Documents\Eigene PaperPort-Dokumente
[2013.01.15 11:03:48 | 000,000,000 | ---D | C] -- C:\DDS
[2013.01.15 11:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software FX Shared
[2013.01.14 09:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2013.01.13 12:05:13 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\APP_NAME_NON_STRING
[2013.01.11 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\MG2\Desktop\en680
[2013.01.11 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\TuneUp Software
[2013.01.11 09:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.11 09:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.11 09:40:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.11 09:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.11 09:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.10 12:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.01.10 12:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.01.10 12:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2013.01.09 17:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013.01.09 17:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.01.09 17:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.01.09 17:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.01.09 17:12:58 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.01.09 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.01.08 17:08:59 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\Apple Computer
[2013.01.08 17:08:59 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\Apple Computer
[2013.01.08 17:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.08 17:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.08 17:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.08 17:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.08 17:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.08 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\Apple
[2013.01.08 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.08 17:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.08 17:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.08 17:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.08 17:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.08 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.01.08 12:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.01.07 15:54:00 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\webkit
[2013.01.07 15:51:34 | 000,000,000 | ---D | C] -- C:\Users\MG2\.thumbnails
[2013.01.07 15:49:05 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\fontconfig
[2013.01.07 15:49:03 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\gegl-0.2
[2013.01.07 15:49:03 | 000,000,000 | ---D | C] -- C:\Users\MG2\.gimp-2.8
[2013.01.07 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.01.05 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\MG2\Documents\Youcam
[2013.01.03 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\Mozilla
[2013.01.03 16:52:59 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\Mozilla
[2013.01.03 16:52:47 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\CheckPoint
[2013.01.03 16:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.01.03 16:20:43 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.01.03 16:20:43 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.01.03 16:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.01.03 16:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.01.03 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.01.03 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013.01.03 09:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.01.03 09:58:05 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Local\iLivid
[2012.12.30 16:18:36 | 000,000,000 | ---D | C] -- C:\Users\MG2\Desktop\100 Foto Abzüge
[2012.12.29 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\MG2\AppData\Roaming\klickTel
[2012.12.28 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.12.28 11:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney Business 5.0
[2012.12.28 11:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney Business 5.0 Commerzbank-Edition
[2012.12.28 11:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney Business 5.0 Commerzbank-Edition
[2012.12.28 11:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\StarFinanz
[2012.12.27 16:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012.12.27 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 19:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 19:31:10 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 19:31:10 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 19:22:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 19:22:16 | 521,396,223 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 16:56:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000UA.job
[2013.01.22 16:53:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1003UA.job
[2013.01.22 11:56:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000Core.job
[2013.01.21 13:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1003Core.job
[2013.01.20 17:55:46 | 000,010,649 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013.01.20 12:55:10 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMG2.job
[2013.01.19 17:41:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MG2\Desktop\OTL.exe
[2013.01.19 11:43:20 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.01.18 22:23:13 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMorgengold Günni.job
[2013.01.18 21:25:10 | 000,356,352 | ---- | M] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.01.18 21:25:10 | 000,081,920 | ---- | M] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.01.18 21:24:04 | 000,274,432 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013.01.18 21:22:44 | 001,122,304 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013.01.17 14:04:08 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.16 08:52:09 | 000,305,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.15 14:41:21 | 001,801,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.15 14:41:21 | 000,763,244 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.15 14:41:21 | 000,718,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.15 14:41:21 | 000,173,692 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.15 14:41:21 | 000,146,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.15 14:31:46 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.01.15 14:31:02 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.01.15 14:22:30 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.01.15 13:58:48 | 000,148,254 | ---- | M] () -- C:\Users\MG2\Desktop\Mietvertrag und Stromkosten.pdf
[2013.01.15 13:54:36 | 000,002,355 | ---- | M] () -- C:\Users\MG2\Desktop\Google Chrome.lnk
[2013.01.15 11:14:08 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2013.01.15 11:01:12 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.3.1.lnk
[2013.01.11 09:40:03 | 000,001,404 | ---- | M] () -- C:\Users\MG2\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.10 12:04:01 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.09 18:10:38 | 001,778,376 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.08 17:08:51 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.07 16:59:08 | 000,002,715 | ---- | M] () -- C:\Users\MG2\AppData\Local\recently-used.xbel
[2013.01.03 16:23:25 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.01.03 16:20:37 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2012.12.29 17:24:00 | 000,001,044 | ---- | M] () -- C:\Users\MG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 17:23:52 | 000,001,008 | ---- | M] () -- C:\Users\MG2\Desktop\Dropbox.lnk
[2012.12.28 11:18:53 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney Business 5.0 Commerzbank-Edition.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.22 11:30:09 | 002,532,604 | ---- | C] () -- C:\Users\MG2\Desktop\CIMG1689.JPG
[2013.01.19 15:28:49 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMG2.job
[2013.01.19 11:43:20 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.01.19 11:43:17 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.16 13:36:01 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.15 14:31:46 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.01.15 13:58:47 | 000,148,254 | ---- | C] () -- C:\Users\MG2\Desktop\Mietvertrag und Stromkosten.pdf
[2013.01.15 11:01:27 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\DATEV Arbeitsplatz pro V.3.1.lnk
[2013.01.11 09:40:03 | 000,001,404 | ---- | C] () -- C:\Users\MG2\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.10 12:04:01 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.08 17:08:51 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.08 17:07:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.01.07 16:59:08 | 000,002,715 | ---- | C] () -- C:\Users\MG2\AppData\Local\recently-used.xbel
[2013.01.07 15:48:47 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.01.07 09:08:20 | 000,010,649 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013.01.03 16:21:11 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.01.03 16:20:37 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.01.03 10:00:42 | 000,001,037 | ---- | C] () -- C:\Users\MG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012.12.28 11:18:53 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney Business 5.0 Commerzbank-Edition.lnk
[2012.12.17 12:28:59 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.12.17 12:04:53 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.12.17 11:52:53 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.12.17 11:46:43 | 000,000,109 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.12.17 11:43:04 | 000,000,110 | ---- | C] () -- C:\Windows\Startup.INI
[2012.12.11 15:17:27 | 000,000,254 | ---- | C] () -- C:\Windows\ktel.ini
[2012.10.21 12:54:44 | 000,005,120 | ---- | C] () -- C:\Users\MG2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.21 12:50:14 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.10.21 12:50:14 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.10.21 12:49:03 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.10.21 12:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.10.21 12:40:13 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.15 10:55:14 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.09.15 10:55:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.06.21 11:49:16 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.05.18 04:25:18 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.05.18 04:09:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.18 04:05:36 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.24 07:42:14 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.12 23:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011.02.11 18:15:43 | 001,778,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.13 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\APP_NAME_NON_STRING
[2013.01.03 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\CheckPoint
[2012.12.09 22:03:03 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\ControlCenter4
[2012.09.26 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\DAEMON Tools Lite
[2012.09.20 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\DesktopIconForAmazon
[2013.01.22 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\Dropbox
[2013.01.11 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\DVDVideoSoft
[2013.01.11 09:40:12 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.26 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\Garmin
[2012.09.19 10:02:06 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\IDT
[2012.12.29 18:04:21 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\klickTel
[2013.01.15 13:56:53 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\Nuance
[2013.01.11 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\OpenCandy
[2012.11.29 16:16:41 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\PC Suite
[2013.01.15 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\PDF Architect
[2012.12.02 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\Samsung
[2013.01.13 12:39:19 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\SoftGrid Client
[2012.09.13 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\TP
[2013.01.11 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\TuneUp Software
[2012.10.15 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\WebApp
[2012.09.13 11:01:53 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\WildTangent
[2013.01.15 13:56:57 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\Zeon
[2012.09.13 10:59:41 | 000,000,000 | ---D | M] -- C:\Users\MG2\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.16 14:28:34 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.10.21 12:49:06 | 000,000,000 | ---D | M] -- C:\Brother
[2013.01.21 09:14:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2013.01.16 12:25:35 | 000,000,000 | ---D | M] -- C:\DASSDVS
[2012.12.17 11:47:54 | 000,000,000 | ---D | M] -- C:\DATEV
[2013.01.15 11:03:48 | 000,000,000 | ---D | M] -- C:\DDS
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.05.18 04:40:48 | 000,000,000 | RHSD | M] -- C:\hp
[2012.09.13 20:57:54 | 000,000,000 | ---D | M] -- C:\Mein Ordner
[2012.09.14 15:23:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.19 11:40:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.19 11:42:45 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.21 08:48:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.11 20:24:35 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.19 14:48:15 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2013.01.22 19:40:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.21 11:52:12 | 000,000,000 | RH-D | M] -- C:\SYSTEM.SAV
[2012.10.21 12:53:16 | 000,000,000 | ---D | M] -- C:\Temp
[2012.09.16 14:28:01 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.19 11:42:41 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.13 10:51:43 | 000,001,060 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000Core.job
[2012.09.13 10:51:43 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000UA.job
[2012.09.16 15:10:30 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1003Core.job
[2012.09.16 15:10:30 | 000,001,164 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1003UA.job
[2012.09.20 15:43:06 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.23 19:24:41 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMorgengold Günni.job
[2013.01.19 15:28:49 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMG2.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.05.18 03:59:46 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.05.18 03:59:46 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.05.18 03:59:46 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.05.18 03:59:46 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.05.18 03:59:46 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.05.18 03:59:46 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.09.30 04:07:08 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\SWSETUP\DRV\Storage\Intel\RST\10.6\x64\iaStor.sys
[2011.09.30 04:07:08 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.09.30 04:07:08 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_21873ca4b12e2c20\iaStor.sys
[2011.09.30 04:07:08 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_a588b6a04f137eb8\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012.05.18 04:05:13 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012.05.18 04:05:13 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.05.18 04:05:13 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012.05.18 04:05:13 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.05.18 04:05:13 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012.05.18 04:05:13 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.05.18 04:05:13 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.05.18 04:05:13 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.05.18 03:58:47 | 001,137,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
[2009.07.14 02:15:50 | 000,406,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcp60.dll
[2005.12.09 06:30:32 | 000,626,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcr80.dll
 
< %USERPROFILE%\*.* >
[2013.01.22 19:59:10 | 003,145,728 | -HS- | M] () -- C:\Users\MG2\NTUSER.DAT
[2013.01.22 19:59:10 | 000,262,144 | -HS- | M] () -- C:\Users\MG2\ntuser.dat.LOG1
[2012.06.21 11:49:03 | 000,000,000 | -HS- | M] () -- C:\Users\MG2\ntuser.dat.LOG2
[2012.06.21 17:50:02 | 000,065,536 | -HS- | M] () -- C:\Users\MG2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.21 17:50:02 | 000,524,288 | -HS- | M] () -- C:\Users\MG2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.21 17:50:02 | 000,524,288 | -HS- | M] () -- C:\Users\MG2\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.21 11:49:03 | 000,000,020 | -HS- | M] () -- C:\Users\MG2\ntuser.ini
[2012.10.31 14:11:22 | 000,000,000 | ---- | M] () -- C:\Users\MG2\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
__________________

Alt 23.01.2013, 10:55   #4
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\AutoRun\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M] (Microsoft
Corporation)
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\configure\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M]
(Microsoft Corporation)
O33 - MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\Shell\install\command - "" = G:\setup.exe -- [2006.10.31 14:51:21 | 000,463,152 | R--- | M] (Microsoft
Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O4 - HKLM..\Run: []  File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 13:26   #5
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Hallo,
das hier ist der Inhalt des Textdokumentes nach Neustart:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c9c9a76-07eb-11e2-8d9f-e840f28cbaae}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 58264 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MG2
->Flash cache emptied: 60395 bytes

User: Morgengold Günni
->Flash cache emptied: 60868 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MG2
->Temp folder emptied: 335867809 bytes
->Temporary Internet Files folder emptied: 444877738 bytes
->FireFox cache emptied: 11671393 bytes
->Google Chrome cache emptied: 555925488 bytes
->Flash cache emptied: 0 bytes

User: Morgengold Günni
->Temp folder emptied: 4694595 bytes
->Temporary Internet Files folder emptied: 46210254 bytes
->FireFox cache emptied: 223428249 bytes
->Google Chrome cache emptied: 425843847 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 812231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2532604 bytes

Total Files Cleaned = 1.957,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01232013_141244

Files\Folders moved on Reboot...
File\Folder G:\setup.exe not found!
C:\Users\MG2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MG2\AppData\Local\Temp\~DF328B2E633F0AFC02.TMP moved successfully.
C:\Users\Morgengold Günni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Morgengold Günni\AppData\Local\Temp\JET6306.tmp not found!
C:\Users\Morgengold Günni\AppData\Local\Temp\~DF490401D043ED652C.TMP moved successfully.
C:\Windows\temp\ZLT02098.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 23.01.2013, 14:32   #6
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!

Alt 23.01.2013, 16:25   #7
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



17:22:10.0618 5592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:22:11.0444 5592 ============================================================
17:22:11.0445 5592 Current date / time: 2013/01/23 17:22:11.0444
17:22:11.0445 5592 SystemInfo:
17:22:11.0445 5592
17:22:11.0445 5592 OS Version: 6.1.7601 ServicePack: 1.0
17:22:11.0445 5592 Product type: Workstation
17:22:11.0445 5592 ComputerName: 2
17:22:11.0445 5592 UserName: Morgengold Günni
17:22:11.0445 5592 Windows directory: C:\Windows
17:22:11.0445 5592 System windows directory: C:\Windows
17:22:11.0445 5592 Running under WOW64
17:22:11.0445 5592 Processor architecture: Intel x64
17:22:11.0445 5592 Number of processors: 4
17:22:11.0445 5592 Page size: 0x1000
17:22:11.0445 5592 Boot type: Normal boot
17:22:11.0445 5592 ============================================================
17:22:12.0583 5592 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:12.0633 5592 Drive \Device\Harddisk1\DR1 - Size: 0x74A780000 (29.16 Gb), SectorSize: 0x200, Cylinders: 0xEDF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:13.0318 5592 ============================================================
17:22:13.0318 5592 \Device\Harddisk0\DR0:
17:22:13.0318 5592 MBR partitions:
17:22:13.0318 5592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:22:13.0318 5592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE6474000
17:22:13.0318 5592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE64A6800, BlocksNum 0x2961800
17:22:13.0318 5592 \Device\Harddisk1\DR1:
17:22:13.0319 5592 MBR partitions:
17:22:13.0319 5592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x3A51C80
17:22:13.0319 5592 ============================================================
17:22:13.0329 5592 C: <-> \Device\Harddisk0\DR0\Partition2
17:22:13.0368 5592 D: <-> \Device\Harddisk0\DR0\Partition3
17:22:13.0368 5592 ============================================================
17:22:13.0368 5592 Initialize success
17:22:13.0368 5592 ============================================================
17:22:43.0115 3172 ============================================================
17:22:43.0115 3172 Scan started
17:22:43.0115 3172 Mode: Manual; SigCheck; TDLFS;
17:22:43.0115 3172 ============================================================
17:22:43.0894 3172 ================ Scan system memory ========================
17:22:43.0894 3172 System memory - ok
17:22:43.0894 3172 ================ Scan services =============================
17:22:44.0036 3172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:22:44.0154 3172 1394ohci - ok
17:22:44.0203 3172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:22:44.0239 3172 ACPI - ok
17:22:44.0343 3172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:22:44.0479 3172 AcpiPmi - ok
17:22:44.0643 3172 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:22:44.0668 3172 AdobeFlashPlayerUpdateSvc - ok
17:22:44.0693 3172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:22:44.0750 3172 adp94xx - ok
17:22:44.0770 3172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:22:44.0793 3172 adpahci - ok
17:22:44.0810 3172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:22:44.0827 3172 adpu320 - ok
17:22:44.0845 3172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:22:44.0956 3172 AeLookupSvc - ok
17:22:45.0023 3172 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:22:45.0080 3172 AESTFilters - ok
17:22:45.0108 3172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:22:45.0165 3172 AFD - ok
17:22:45.0190 3172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:22:45.0206 3172 agp440 - ok
17:22:45.0217 3172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:22:45.0248 3172 ALG - ok
17:22:45.0273 3172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:22:45.0289 3172 aliide - ok
17:22:45.0307 3172 [ 42484192F823ABD331A8AACDD7BBC774 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:22:45.0359 3172 AMD External Events Utility - ok
17:22:45.0377 3172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:22:45.0396 3172 amdide - ok
17:22:45.0414 3172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:22:45.0450 3172 AmdK8 - ok
17:22:45.0591 3172 [ DC37022055F58D49A6510C5D4D9BB1B0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:22:45.0770 3172 amdkmdag - ok
17:22:45.0809 3172 [ 8ADDC1EE0AA04E1227A237B471442F90 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:22:45.0831 3172 amdkmdap - ok
17:22:45.0844 3172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:22:45.0867 3172 AmdPPM - ok
17:22:45.0892 3172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:22:45.0909 3172 amdsata - ok
17:22:45.0932 3172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:22:45.0961 3172 amdsbs - ok
17:22:45.0974 3172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:22:45.0991 3172 amdxata - ok
17:22:46.0019 3172 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
17:22:46.0072 3172 androidusb - ok
17:22:46.0098 3172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:22:46.0144 3172 AppID - ok
17:22:46.0168 3172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:22:46.0211 3172 AppIDSvc - ok
17:22:46.0221 3172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:22:46.0254 3172 Appinfo - ok
17:22:46.0343 3172 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:46.0371 3172 Apple Mobile Device - ok
17:22:46.0390 3172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:22:46.0406 3172 arc - ok
17:22:46.0430 3172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:22:46.0446 3172 arcsas - ok
17:22:46.0518 3172 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:22:46.0559 3172 aspnet_state - ok
17:22:46.0580 3172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:46.0645 3172 AsyncMac - ok
17:22:46.0668 3172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:22:46.0684 3172 atapi - ok
17:22:46.0710 3172 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:22:46.0730 3172 AtiHDAudioService - ok
17:22:46.0767 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:22:46.0822 3172 AudioEndpointBuilder - ok
17:22:46.0830 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:22:46.0862 3172 AudioSrv - ok
17:22:46.0887 3172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:22:46.0943 3172 AxInstSV - ok
17:22:46.0974 3172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:22:47.0012 3172 b06bdrv - ok
17:22:47.0032 3172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:22:47.0065 3172 b57nd60a - ok
17:22:47.0136 3172 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
17:22:47.0162 3172 BBSvc - ok
17:22:47.0173 3172 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
17:22:47.0193 3172 BBUpdate - ok
17:22:47.0204 3172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:22:47.0266 3172 BDESVC - ok
17:22:47.0280 3172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:22:47.0336 3172 Beep - ok
17:22:47.0371 3172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:22:47.0413 3172 BFE - ok
17:22:47.0513 3172 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
17:22:47.0550 3172 BHDrvx64 - ok
17:22:47.0604 3172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:22:47.0671 3172 BITS - ok
17:22:47.0690 3172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:22:47.0721 3172 blbdrive - ok
17:22:47.0772 3172 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:22:47.0806 3172 Bonjour Service - ok
17:22:47.0831 3172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:22:47.0888 3172 bowser - ok
17:22:47.0906 3172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:22:47.0932 3172 BrFiltLo - ok
17:22:47.0939 3172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:22:47.0957 3172 BrFiltUp - ok
17:22:47.0987 3172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:22:48.0008 3172 Browser - ok
17:22:48.0046 3172 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
17:22:48.0097 3172 BrSerIb - ok
17:22:48.0115 3172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:22:48.0151 3172 Brserid - ok
17:22:48.0166 3172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:48.0185 3172 BrSerWdm - ok
17:22:48.0195 3172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:48.0238 3172 BrUsbMdm - ok
17:22:48.0260 3172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:48.0310 3172 BrUsbSer - ok
17:22:48.0331 3172 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
17:22:48.0366 3172 BrUsbSIb - ok
17:22:48.0402 3172 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
17:22:48.0424 3172 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
17:22:48.0424 3172 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
17:22:48.0451 3172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:22:48.0496 3172 BTHMODEM - ok
17:22:48.0521 3172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:22:48.0591 3172 bthserv - ok
17:22:48.0645 3172 [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
17:22:48.0663 3172 CalendarSynchService ( UnsignedFile.Multi.Generic ) - warning
17:22:48.0663 3172 CalendarSynchService - detected UnsignedFile.Multi.Generic (1)
17:22:48.0703 3172 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
17:22:48.0734 3172 ccSet_NIS - ok
17:22:48.0744 3172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:22:48.0791 3172 cdfs - ok
17:22:48.0808 3172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:22:48.0838 3172 cdrom - ok
17:22:48.0863 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:22:48.0909 3172 CertPropSvc - ok
17:22:48.0927 3172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:22:48.0972 3172 circlass - ok
17:22:48.0988 3172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:22:49.0010 3172 CLFS - ok
17:22:49.0047 3172 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
17:22:49.0101 3172 CLKMSVC10_38F51D56 - ok
17:22:49.0128 3172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:49.0159 3172 clr_optimization_v2.0.50727_32 - ok
17:22:49.0191 3172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:22:49.0208 3172 clr_optimization_v2.0.50727_64 - ok
17:22:49.0272 3172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:22:49.0345 3172 clr_optimization_v4.0.30319_32 - ok
17:22:49.0360 3172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:22:49.0395 3172 clr_optimization_v4.0.30319_64 - ok
17:22:49.0425 3172 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
17:22:49.0445 3172 clwvd - ok
17:22:49.0466 3172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:22:49.0513 3172 CmBatt - ok
17:22:49.0530 3172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:22:49.0551 3172 cmdide - ok
17:22:49.0587 3172 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:22:49.0625 3172 CNG - ok
17:22:49.0640 3172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:22:49.0661 3172 Compbatt - ok
17:22:49.0683 3172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:22:49.0733 3172 CompositeBus - ok
17:22:49.0737 3172 COMSysApp - ok
17:22:49.0746 3172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:22:49.0764 3172 crcdisk - ok
17:22:49.0799 3172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:22:49.0828 3172 CryptSvc - ok
17:22:49.0896 3172 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:22:49.0938 3172 cvhsvc - ok
17:22:49.0999 3172 [ F886378CC9FFA09FE9A9D7CB4CF32934 ] DATEV Update-Service C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
17:22:50.0028 3172 DATEV Update-Service - ok
17:22:50.0055 3172 Datev.Database.Conserve - ok
17:22:50.0057 3172 Datev.Framework.RemoteServiceModel.EnablerService - ok
17:22:50.0061 3172 Datev.Framework.RemoteServices - ok
17:22:50.0069 3172 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn - ok
17:22:50.0096 3172 [ 7D7D3E30813284B4F996286B90C8257D ] DatevPrintService C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
17:22:50.0119 3172 DatevPrintService ( UnsignedFile.Multi.Generic ) - warning
17:22:50.0119 3172 DatevPrintService - detected UnsignedFile.Multi.Generic (1)
17:22:50.0154 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:22:50.0201 3172 DcomLaunch - ok
17:22:50.0218 3172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:22:50.0282 3172 defragsvc - ok
17:22:50.0300 3172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:22:50.0349 3172 DfsC - ok
17:22:50.0376 3172 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:22:50.0413 3172 dg_ssudbus - ok
17:22:50.0437 3172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:22:50.0479 3172 Dhcp - ok
17:22:50.0496 3172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:22:50.0547 3172 discache - ok
17:22:50.0580 3172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:22:50.0597 3172 Disk - ok
17:22:50.0621 3172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:22:50.0643 3172 Dnscache - ok
17:22:50.0668 3172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:22:50.0703 3172 dot3svc - ok
17:22:50.0711 3172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:22:50.0751 3172 DPS - ok
17:22:50.0769 3172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:22:50.0797 3172 drmkaud - ok
17:22:50.0828 3172 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:22:50.0847 3172 dtsoftbus01 - ok
17:22:50.0870 3172 [ A9B549DAC52C5429849DDB3645CE9EF5 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
17:22:50.0888 3172 DTSRVC - ok
17:22:50.0955 3172 [ 00B0FAA44957D887CE540D297AA405A1 ] DVckService C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
17:22:51.0008 3172 DVckService - ok
17:22:51.0029 3172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:22:51.0076 3172 DXGKrnl - ok
17:22:51.0101 3172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:22:51.0144 3172 EapHost - ok
17:22:51.0197 3172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:22:51.0251 3172 ebdrv - ok
17:22:51.0294 3172 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:22:51.0322 3172 eeCtrl - ok
17:22:51.0339 3172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:22:51.0374 3172 EFS - ok
17:22:51.0420 3172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:22:51.0481 3172 ehRecvr - ok
17:22:51.0494 3172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:22:51.0535 3172 ehSched - ok
17:22:51.0586 3172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:22:51.0621 3172 elxstor - ok
17:22:51.0648 3172 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:22:51.0665 3172 EraserUtilRebootDrv - ok
17:22:51.0690 3172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:22:51.0716 3172 ErrDev - ok
17:22:51.0744 3172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:22:51.0789 3172 EventSystem - ok
17:22:51.0810 3172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:22:51.0846 3172 exfat - ok
17:22:51.0854 3172 ezSharedSvc - ok
17:22:51.0867 3172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:22:51.0928 3172 fastfat - ok
17:22:51.0948 3172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:22:51.0982 3172 Fax - ok
17:22:51.0990 3172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:22:52.0033 3172 fdc - ok
17:22:52.0052 3172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:22:52.0101 3172 fdPHost - ok
17:22:52.0116 3172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:22:52.0163 3172 FDResPub - ok
17:22:52.0180 3172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:22:52.0197 3172 FileInfo - ok
17:22:52.0205 3172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:22:52.0238 3172 Filetrace - ok
17:22:52.0255 3172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:22:52.0273 3172 flpydisk - ok
17:22:52.0288 3172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:22:52.0319 3172 FltMgr - ok
17:22:52.0352 3172 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:22:52.0391 3172 FontCache - ok
17:22:52.0422 3172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:22:52.0448 3172 FontCache3.0.0.0 - ok
17:22:52.0457 3172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:22:52.0474 3172 FsDepends - ok
17:22:52.0492 3172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:22:52.0508 3172 Fs_Rec - ok
17:22:52.0527 3172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:22:52.0559 3172 fvevol - ok
17:22:52.0598 3172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:22:52.0616 3172 gagp30kx - ok
17:22:52.0639 3172 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:22:52.0657 3172 GamesAppService - ok
17:22:52.0685 3172 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:22:52.0700 3172 GEARAspiWDM - ok
17:22:52.0730 3172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:22:52.0772 3172 gpsvc - ok
17:22:52.0792 3172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:22:52.0817 3172 hcw85cir - ok
17:22:52.0850 3172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:22:52.0897 3172 HdAudAddService - ok
17:22:52.0918 3172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:22:52.0947 3172 HDAudBus - ok
17:22:52.0969 3172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:22:52.0988 3172 HidBatt - ok
17:22:52.0996 3172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:22:53.0076 3172 HidBth - ok
17:22:53.0108 3172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:22:53.0132 3172 HidIr - ok
17:22:53.0165 3172 [ 7A327F2FC6CDBC499A39D615CDC190F2 ] hidkmdf C:\Windows\system32\drivers\hidkmdf.sys
17:22:53.0192 3172 hidkmdf - ok
17:22:53.0206 3172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:22:53.0238 3172 hidserv - ok
17:22:53.0263 3172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:22:53.0281 3172 HidUsb - ok
17:22:53.0300 3172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:22:53.0340 3172 hkmsvc - ok
17:22:53.0355 3172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:22:53.0389 3172 HomeGroupListener - ok
17:22:53.0415 3172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:22:53.0434 3172 HomeGroupProvider - ok
17:22:53.0472 3172 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:22:53.0500 3172 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
17:22:53.0500 3172 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
17:22:53.0581 3172 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:22:53.0614 3172 HPClientSvc - ok
17:22:53.0654 3172 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:22:53.0702 3172 hpqwmiex - ok
17:22:53.0737 3172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:22:53.0767 3172 HpSAMD - ok
17:22:53.0821 3172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:22:53.0891 3172 HTTP - ok
17:22:53.0902 3172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:22:53.0918 3172 hwpolicy - ok
17:22:53.0946 3172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:22:53.0963 3172 i8042prt - ok
17:22:53.0980 3172 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
17:22:53.0995 3172 iaStor - ok
17:22:54.0012 3172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:22:54.0032 3172 iaStorV - ok
17:22:54.0077 3172 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
17:22:54.0118 3172 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
17:22:54.0118 3172 IconMan_R - detected UnsignedFile.Multi.Generic (1)
17:22:54.0160 3172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:54.0206 3172 idsvc - ok
17:22:54.0316 3172 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130122.001\IDSvia64.sys
17:22:54.0344 3172 IDSVia64 - ok
17:22:54.0449 3172 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:22:54.0601 3172 igfx - ok
17:22:54.0626 3172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:22:54.0644 3172 iirsp - ok
17:22:54.0671 3172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:22:54.0733 3172 IKEEXT - ok
17:22:54.0758 3172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:22:54.0774 3172 intelide - ok
17:22:54.0787 3172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:22:54.0815 3172 intelppm - ok
17:22:54.0830 3172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:22:54.0875 3172 IPBusEnum - ok
17:22:54.0878 3172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:54.0921 3172 IpFilterDriver - ok
17:22:54.0952 3172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:22:54.0983 3172 iphlpsvc - ok
17:22:55.0003 3172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:22:55.0032 3172 IPMIDRV - ok
17:22:55.0049 3172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:22:55.0083 3172 IPNAT - ok
17:22:55.0121 3172 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:22:55.0157 3172 iPod Service - ok
17:22:55.0176 3172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:22:55.0198 3172 IRENUM - ok
17:22:55.0211 3172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:22:55.0228 3172 isapnp - ok
17:22:55.0238 3172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:22:55.0258 3172 iScsiPrt - ok
17:22:55.0282 3172 [ AD1A85CA5535CC0EE40E0BADFB8DFB27 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:22:55.0305 3172 ISWKL - ok
17:22:55.0330 3172 [ 9DFAE38F2E13C003EEB62AEAEAE61259 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:22:55.0353 3172 IswSvc - ok
17:22:55.0374 3172 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
17:22:55.0389 3172 itecir - ok
17:22:55.0431 3172 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
17:22:55.0464 3172 jhi_service - ok
17:22:55.0491 3172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:55.0517 3172 kbdclass - ok
17:22:55.0532 3172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:55.0586 3172 kbdhid - ok
17:22:55.0598 3172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:22:55.0615 3172 KeyIso - ok
17:22:55.0643 3172 [ BDCDA87DD466867A8A7C405D52DD9260 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:22:55.0667 3172 KLIF - ok
17:22:55.0697 3172 [ 34508E0E3A7DB08CDC4B969DB90163BD ] KOBIL_MSDI C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
17:22:55.0714 3172 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - warning
17:22:55.0714 3172 KOBIL_MSDI - detected UnsignedFile.Multi.Generic (1)
17:22:55.0737 3172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:22:55.0767 3172 KSecDD - ok
17:22:55.0782 3172 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:22:55.0801 3172 KSecPkg - ok
17:22:55.0810 3172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:22:55.0843 3172 ksthunk - ok
17:22:55.0860 3172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:22:55.0902 3172 KtmRm - ok
17:22:55.0925 3172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:22:55.0973 3172 LanmanServer - ok
17:22:55.0994 3172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:22:56.0038 3172 LanmanWorkstation - ok
17:22:56.0056 3172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:22:56.0099 3172 lltdio - ok
17:22:56.0110 3172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:22:56.0146 3172 lltdsvc - ok
17:22:56.0161 3172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:22:56.0204 3172 lmhosts - ok
17:22:56.0234 3172 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:22:56.0253 3172 LMS - ok
17:22:56.0278 3172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:22:56.0295 3172 LSI_FC - ok
17:22:56.0307 3172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:22:56.0324 3172 LSI_SAS - ok
17:22:56.0347 3172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:22:56.0364 3172 LSI_SAS2 - ok
17:22:56.0377 3172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:22:56.0394 3172 LSI_SCSI - ok
17:22:56.0418 3172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:22:56.0452 3172 luafv - ok
17:22:56.0481 3172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:22:56.0517 3172 Mcx2Svc - ok
17:22:56.0531 3172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:22:56.0547 3172 megasas - ok
17:22:56.0575 3172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:22:56.0594 3172 MegaSR - ok
17:22:56.0612 3172 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
17:22:56.0649 3172 MEIx64 - ok
17:22:56.0670 3172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:22:56.0701 3172 MMCSS - ok
17:22:56.0712 3172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:22:56.0748 3172 Modem - ok
17:22:56.0764 3172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:22:56.0792 3172 monitor - ok
17:22:56.0810 3172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:22:56.0826 3172 mouclass - ok
17:22:56.0832 3172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:22:56.0855 3172 mouhid - ok
17:22:56.0865 3172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:22:56.0898 3172 mountmgr - ok
17:22:56.0943 3172 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:22:56.0961 3172 MozillaMaintenance - ok
17:22:56.0985 3172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:22:57.0003 3172 mpio - ok
17:22:57.0023 3172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:22:57.0057 3172 mpsdrv - ok
17:22:57.0072 3172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:22:57.0114 3172 MpsSvc - ok
17:22:57.0124 3172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:22:57.0157 3172 MRxDAV - ok
17:22:57.0175 3172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:57.0237 3172 mrxsmb - ok
17:22:57.0255 3172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:57.0304 3172 mrxsmb10 - ok
17:22:57.0323 3172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:57.0357 3172 mrxsmb20 - ok
17:22:57.0372 3172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:22:57.0402 3172 msahci - ok
17:22:57.0437 3172 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:22:57.0451 3172 MSCamSvc - ok
17:22:57.0470 3172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:22:57.0489 3172 msdsm - ok
17:22:57.0515 3172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:22:57.0543 3172 MSDTC - ok
17:22:57.0584 3172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:22:57.0631 3172 Msfs - ok
17:22:57.0641 3172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:22:57.0681 3172 mshidkmdf - ok
17:22:57.0709 3172 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
17:22:57.0725 3172 MSHUSBVideo - ok
17:22:57.0759 3172 [ C95EF03654C60D22CF5D69504303A644 ] MSi2500BDA C:\Windows\system32\DRIVERS\AVerMsiBDA.sys
17:22:57.0796 3172 MSi2500BDA - ok
17:22:57.0815 3172 [ EB37CB38E541CF20E7AB92BB670180BA ] msi2500scan c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe
17:22:57.0844 3172 msi2500scan - ok
17:22:57.0887 3172 [ CA4EFB1657D593C2F097DF6571AE85E2 ] MSiDVBT c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe
17:22:57.0931 3172 MSiDVBT - ok
17:22:57.0945 3172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:22:57.0960 3172 msisadrv - ok
17:22:57.0985 3172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:22:58.0039 3172 MSiSCSI - ok
17:22:58.0042 3172 msiserver - ok
17:22:58.0056 3172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:22:58.0090 3172 MSKSSRV - ok
17:22:58.0111 3172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:58.0154 3172 MSPCLOCK - ok
17:22:58.0156 3172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:22:58.0199 3172 MSPQM - ok
17:22:58.0210 3172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:22:58.0231 3172 MsRPC - ok
17:22:58.0239 3172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:22:58.0255 3172 mssmbios - ok
17:22:58.0308 3172 MSSQL$DATEV_DBENGINE - ok
17:22:58.0333 3172 [ AA511EB28672011A1D832F73E302F0A0 ] MSSQLFDLauncher$DATEV_DBENGINE C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
17:22:58.0361 3172 MSSQLFDLauncher$DATEV_DBENGINE - ok
17:22:58.0428 3172 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:22:58.0466 3172 MSSQLServerADHelper100 - ok
17:22:58.0470 3172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:22:58.0527 3172 MSTEE - ok
17:22:58.0565 3172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:22:58.0584 3172 MTConfig - ok
17:22:58.0590 3172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:22:58.0610 3172 Mup - ok
17:22:58.0632 3172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:22:58.0688 3172 napagent - ok
17:22:58.0714 3172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:22:58.0745 3172 NativeWifiP - ok
17:22:58.0792 3172 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130122.024\ENG64.SYS
17:22:58.0812 3172 NAVENG - ok
17:22:58.0856 3172 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130122.024\EX64.SYS
17:22:58.0904 3172 NAVEX15 - ok
17:22:58.0947 3172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:22:58.0966 3172 NDIS - ok
17:22:58.0977 3172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:59.0011 3172 NdisCap - ok
17:22:59.0039 3172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:59.0073 3172 NdisTapi - ok
17:22:59.0085 3172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:59.0118 3172 Ndisuio - ok
17:22:59.0128 3172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:59.0183 3172 NdisWan - ok
17:22:59.0195 3172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:22:59.0234 3172 NDProxy - ok
17:22:59.0250 3172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:22:59.0285 3172 NetBIOS - ok
17:22:59.0297 3172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:22:59.0332 3172 NetBT - ok
17:22:59.0339 3172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:22:59.0352 3172 Netlogon - ok
17:22:59.0377 3172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:22:59.0415 3172 Netman - ok
17:22:59.0456 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:59.0497 3172 NetMsmqActivator - ok
17:22:59.0502 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:59.0516 3172 NetPipeActivator - ok
17:22:59.0538 3172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:22:59.0601 3172 netprofm - ok
17:22:59.0646 3172 [ 570813483F26B5C8D984BCA5BB70B50D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
17:22:59.0696 3172 netr28x - ok
17:22:59.0700 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:59.0711 3172 NetTcpActivator - ok
17:22:59.0714 3172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:59.0724 3172 NetTcpPortSharing - ok
17:22:59.0760 3172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:22:59.0775 3172 nfrd960 - ok
17:22:59.0816 3172 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
17:22:59.0826 3172 NIS - ok
17:22:59.0834 3172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:22:59.0862 3172 NlaSvc - ok
17:22:59.0890 3172 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
17:22:59.0940 3172 nmwcd - ok
17:22:59.0969 3172 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
17:23:00.0002 3172 nmwcdc - ok
17:23:00.0062 3172 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:23:00.0115 3172 NOBU - ok
17:23:00.0127 3172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:23:00.0177 3172 Npfs - ok
17:23:00.0200 3172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:23:00.0234 3172 nsi - ok
17:23:00.0236 3172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:23:00.0285 3172 nsiproxy - ok
17:23:00.0327 3172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:23:00.0368 3172 Ntfs - ok
17:23:00.0381 3172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:23:00.0414 3172 Null - ok
17:23:00.0436 3172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:23:00.0454 3172 nvraid - ok
17:23:00.0463 3172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:23:00.0482 3172 nvstor - ok
17:23:00.0515 3172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:23:00.0532 3172 nv_agp - ok
17:23:00.0557 3172 [ 1E65CFD59DDFA8166D2174DC3E6D4AAE ] NWVoltron C:\Windows\system32\drivers\NWVoltron.sys
17:23:00.0571 3172 NWVoltron - ok
17:23:00.0586 3172 [ 29B7F4F503EF7652024C28A3DD0E3586 ] NWWakeFilterV C:\Windows\system32\drivers\NWWakeFilterV.sys
17:23:00.0600 3172 NWWakeFilterV - ok
17:23:00.0645 3172 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:23:00.0699 3172 odserv - ok
17:23:00.0718 3172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:23:00.0765 3172 ohci1394 - ok
17:23:00.0823 3172 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:23:00.0862 3172 ose - ok
17:23:00.0962 3172 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:23:01.0050 3172 osppsvc - ok
17:23:01.0074 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:23:01.0105 3172 p2pimsvc - ok
17:23:01.0134 3172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:23:01.0157 3172 p2psvc - ok
17:23:01.0185 3172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:23:01.0205 3172 Parport - ok
17:23:01.0219 3172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:23:01.0246 3172 partmgr - ok
17:23:01.0265 3172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:23:01.0295 3172 PcaSvc - ok
17:23:01.0323 3172 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:23:01.0348 3172 pccsmcfd - ok
17:23:01.0359 3172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:23:01.0377 3172 pci - ok
17:23:01.0395 3172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:23:01.0411 3172 pciide - ok
17:23:01.0431 3172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:23:01.0451 3172 pcmcia - ok
17:23:01.0459 3172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:23:01.0475 3172 pcw - ok
17:23:01.0546 3172 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
17:23:01.0577 3172 PDF Architect Helper Service - ok
17:23:01.0625 3172 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
17:23:01.0649 3172 PDF Architect Service - ok
17:23:01.0755 3172 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
17:23:01.0776 3172 PDFProFiltSrvPP - ok
17:23:01.0807 3172 [ E5521EAC956162AB72A5468837FBFCEA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:23:01.0827 3172 PdiService - ok
17:23:01.0846 3172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:23:01.0896 3172 PEAUTH - ok
17:23:01.0947 3172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:23:01.0984 3172 PerfHost - ok
17:23:02.0028 3172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:23:02.0091 3172 pla - ok
17:23:02.0122 3172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:23:02.0156 3172 PlugPlay - ok
17:23:02.0182 3172 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
17:23:02.0211 3172 pmxdrv - ok
17:23:02.0230 3172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:23:02.0247 3172 PNRPAutoReg - ok
17:23:02.0257 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:23:02.0272 3172 PNRPsvc - ok
17:23:02.0295 3172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:23:02.0350 3172 PolicyAgent - ok
17:23:02.0377 3172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:23:02.0413 3172 Power - ok
17:23:02.0442 3172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:23:02.0483 3172 PptpMiniport - ok
17:23:02.0508 3172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:23:02.0536 3172 Processor - ok
17:23:02.0573 3172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:23:02.0596 3172 ProfSvc - ok
17:23:02.0614 3172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:23:02.0626 3172 ProtectedStorage - ok
17:23:02.0644 3172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:23:02.0673 3172 Psched - ok
17:23:02.0701 3172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:23:02.0738 3172 ql2300 - ok
17:23:02.0752 3172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:23:02.0770 3172 ql40xx - ok
17:23:02.0786 3172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:23:02.0823 3172 QWAVE - ok
17:23:02.0841 3172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:23:02.0875 3172 QWAVEdrv - ok
17:23:02.0888 3172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:23:02.0929 3172 RasAcd - ok
17:23:02.0948 3172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:23:02.0991 3172 RasAgileVpn - ok
17:23:03.0011 3172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:23:03.0045 3172 RasAuto - ok
17:23:03.0065 3172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:03.0108 3172 Rasl2tp - ok
17:23:03.0126 3172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:23:03.0165 3172 RasMan - ok
17:23:03.0176 3172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:03.0217 3172 RasPppoe - ok
17:23:03.0236 3172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:23:03.0270 3172 RasSstp - ok
17:23:03.0282 3172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:23:03.0317 3172 rdbss - ok
17:23:03.0335 3172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:23:03.0356 3172 rdpbus - ok
17:23:03.0367 3172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:03.0401 3172 RDPCDD - ok
17:23:03.0412 3172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:23:03.0454 3172 RDPENCDD - ok
17:23:03.0467 3172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:23:03.0500 3172 RDPREFMP - ok
17:23:03.0525 3172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:23:03.0547 3172 RDPWD - ok
17:23:03.0564 3172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:23:03.0596 3172 rdyboost - ok
17:23:03.0617 3172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:23:03.0651 3172 RemoteAccess - ok
17:23:03.0661 3172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:23:03.0705 3172 RemoteRegistry - ok
17:23:03.0719 3172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:23:03.0759 3172 RpcEptMapper - ok
17:23:03.0792 3172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:23:03.0837 3172 RpcLocator - ok
17:23:03.0862 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:23:03.0922 3172 RpcSs - ok
17:23:03.0957 3172 [ C606C5F712A3761896CEFFA4AF6B1268 ] RsFx0151 C:\Windows\system32\DRIVERS\RsFx0151.sys
17:23:03.0983 3172 RsFx0151 - ok
17:23:04.0014 3172 [ F8FEA7764348C59262B340916CBFEB40 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
17:23:04.0038 3172 RSPCIESTOR - ok
17:23:04.0057 3172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:23:04.0098 3172 rspndr - ok
17:23:04.0121 3172 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:23:04.0145 3172 RTL8167 - ok
17:23:04.0155 3172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:23:04.0168 3172 SamSs - ok
17:23:04.0183 3172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:23:04.0200 3172 sbp2port - ok
17:23:04.0216 3172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:23:04.0251 3172 SCardSvr - ok
17:23:04.0261 3172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:23:04.0304 3172 scfilter - ok
17:23:04.0330 3172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:23:04.0388 3172 Schedule - ok
17:23:04.0403 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:23:04.0431 3172 SCPolicySvc - ok
17:23:04.0454 3172 [ F15D43EABE907048F5FECC068792A0AE ] SC_SERV3D C:\Windows\system32\drivers\d3_kafm.sys
17:23:04.0484 3172 SC_SERV3D - ok
17:23:04.0506 3172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:23:04.0528 3172 SDRSVC - ok
17:23:04.0574 3172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:23:04.0620 3172 secdrv - ok
17:23:04.0630 3172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:23:04.0663 3172 seclogon - ok
17:23:04.0674 3172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:23:04.0718 3172 SENS - ok
17:23:04.0728 3172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:23:04.0750 3172 SensrSvc - ok
17:23:04.0772 3172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:23:04.0807 3172 Serenum - ok
17:23:04.0817 3172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:23:04.0836 3172 Serial - ok
17:23:04.0853 3172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:23:04.0887 3172 sermouse - ok
17:23:04.0926 3172 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:23:04.0949 3172 ServiceLayer - ok
17:23:04.0969 3172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:23:05.0014 3172 SessionEnv - ok
17:23:05.0036 3172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:23:05.0056 3172 sffdisk - ok
17:23:05.0068 3172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:23:05.0087 3172 sffp_mmc - ok
17:23:05.0093 3172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:23:05.0123 3172 sffp_sd - ok
17:23:05.0142 3172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:23:05.0167 3172 sfloppy - ok
17:23:05.0199 3172 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:23:05.0241 3172 Sftfs - ok
17:23:05.0284 3172 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:23:05.0306 3172 sftlist - ok
17:23:05.0316 3172 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:23:05.0333 3172 Sftplay - ok
17:23:05.0348 3172 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:23:05.0362 3172 Sftredir - ok
17:23:05.0368 3172 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:23:05.0382 3172 Sftvol - ok
17:23:05.0402 3172 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:23:05.0420 3172 sftvsa - ok
17:23:05.0448 3172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:23:05.0491 3172 SharedAccess - ok
17:23:05.0513 3172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:23:05.0556 3172 ShellHWDetection - ok
17:23:05.0592 3172 Sicherheitspaket-Dienst - ok
17:23:05.0626 3172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:23:05.0653 3172 SiSRaid2 - ok
17:23:05.0673 3172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:23:05.0689 3172 SiSRaid4 - ok
17:23:05.0731 3172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:23:05.0782 3172 SkypeUpdate - ok
17:23:05.0810 3172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:23:05.0845 3172 Smb - ok
17:23:05.0861 3172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:23:05.0902 3172 SNMPTRAP - ok
17:23:05.0912 3172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:23:05.0928 3172 spldr - ok
17:23:05.0946 3172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:23:05.0971 3172 Spooler - ok
17:23:06.0019 3172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:23:06.0090 3172 sppsvc - ok
17:23:06.0106 3172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:23:06.0140 3172 sppuinotify - ok
17:23:06.0205 3172 [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd C:\Windows\system32\Drivers\sptd.sys
17:23:06.0249 3172 sptd - ok
17:23:06.0325 3172 [ 3420E0482AD95120B471B7328A8D7D08 ] SQLAgent$DATEV_DBENGINE C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE
17:23:06.0368 3172 SQLAgent$DATEV_DBENGINE - ok
17:23:06.0416 3172 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:23:06.0449 3172 SQLBrowser - ok
17:23:06.0465 3172 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:23:06.0493 3172 SQLWriter - ok
17:23:06.0555 3172 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
17:23:06.0594 3172 SRTSP - ok
17:23:06.0606 3172 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
17:23:06.0621 3172 SRTSPX - ok
17:23:06.0645 3172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:23:06.0669 3172 srv - ok
17:23:06.0684 3172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:23:06.0730 3172 srv2 - ok
17:23:06.0741 3172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:23:06.0760 3172 srvnet - ok
17:23:06.0793 3172 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
17:23:06.0833 3172 ssadbus - ok
17:23:06.0852 3172 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:23:06.0883 3172 ssadmdfl - ok
17:23:06.0901 3172 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
17:23:06.0933 3172 ssadmdm - ok
17:23:06.0954 3172 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
17:23:06.0981 3172 ssadserd - ok
17:23:07.0002 3172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:23:07.0072 3172 SSDPSRV - ok
17:23:07.0086 3172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:23:07.0119 3172 SstpSvc - ok
17:23:07.0144 3172 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:23:07.0177 3172 ssudmdm - ok
17:23:07.0224 3172 [ D343109DF7DAFEC3C75AC65446F5A1A9 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
17:23:07.0259 3172 STacSV - ok
17:23:07.0324 3172 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney Business 5.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 5.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
17:23:07.0365 3172 StarMoney Business 5.0 OnlineUpdate - ok
17:23:07.0386 3172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:23:07.0401 3172 stexstor - ok
17:23:07.0419 3172 [ 8C490A03D0E44165D8BB48CEA4787F47 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:23:07.0472 3172 STHDA - ok
17:23:07.0503 3172 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:23:07.0558 3172 StillCam - ok
17:23:07.0599 3172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:23:07.0637 3172 stisvc - ok
17:23:07.0649 3172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:23:07.0665 3172 swenum - ok
17:23:07.0687 3172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:23:07.0738 3172 swprv - ok
17:23:07.0775 3172 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
17:23:07.0799 3172 SymDS - ok
17:23:07.0854 3172 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
17:23:07.0905 3172 SymEFA - ok
17:23:07.0940 3172 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:23:07.0966 3172 SymEvent - ok
17:23:07.0980 3172 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
17:23:08.0003 3172 SymIRON - ok
17:23:08.0017 3172 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
17:23:08.0047 3172 SymNetS - ok
17:23:08.0086 3172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:23:08.0159 3172 SysMain - ok
17:23:08.0172 3172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:23:08.0208 3172 TabletInputService - ok
17:23:08.0223 3172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:23:08.0258 3172 TapiSrv - ok
17:23:08.0264 3172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:23:08.0292 3172 TBS - ok
17:23:08.0341 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:23:08.0391 3172 Tcpip - ok
17:23:08.0415 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:23:08.0445 3172 TCPIP6 - ok
17:23:08.0453 3172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:23:08.0471 3172 tcpipreg - ok
17:23:08.0489 3172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:23:08.0544 3172 TDPIPE - ok
17:23:08.0566 3172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:23:08.0584 3172 TDTCP - ok
17:23:08.0605 3172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:23:08.0648 3172 tdx - ok
17:23:08.0673 3172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:23:08.0710 3172 TermDD - ok
17:23:08.0743 3172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:23:08.0822 3172 TermService - ok
17:23:08.0834 3172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:23:08.0866 3172 Themes - ok
17:23:08.0885 3172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:23:08.0913 3172 THREADORDER - ok
17:23:08.0937 3172 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\drivers\tihub3.sys
17:23:08.0955 3172 tihub3 - ok
17:23:08.0965 3172 [ 3BB96FD0BA8E2AB43FD013C1495783F0 ] tixhci C:\Windows\system32\drivers\tixhci.sys
17:23:08.0987 3172 tixhci - ok
17:23:08.0996 3172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:23:09.0041 3172 TrkWks - ok
17:23:09.0082 3172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:23:09.0141 3172 TrustedInstaller - ok
17:23:09.0161 3172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:09.0212 3172 tssecsrv - ok
17:23:09.0234 3172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:23:09.0267 3172 TsUsbFlt - ok
17:23:09.0291 3172 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:23:09.0308 3172 TsUsbGD - ok
17:23:09.0405 3172 [ E8985332F611F56ADBCFF987E7D67D51 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
17:23:09.0443 3172 TuneUp.UtilitiesSvc - ok
17:23:09.0463 3172 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
17:23:09.0477 3172 TuneUpUtilitiesDrv - ok
17:23:09.0490 3172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:23:09.0534 3172 tunnel - ok
17:23:09.0569 3172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:23:09.0587 3172 uagp35 - ok
17:23:09.0600 3172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:23:09.0647 3172 udfs - ok
17:23:09.0672 3172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:23:09.0698 3172 UI0Detect - ok
17:23:09.0726 3172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:23:09.0745 3172 uliagpkx - ok
17:23:09.0755 3172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:23:09.0785 3172 umbus - ok
17:23:09.0795 3172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:23:09.0815 3172 UmPass - ok
17:23:09.0884 3172 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:23:09.0938 3172 UNS - ok
17:23:09.0950 3172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:23:09.0993 3172 upnphost - ok
17:23:10.0018 3172 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:23:10.0051 3172 upperdev - ok
17:23:10.0089 3172 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:23:10.0110 3172 USBAAPL64 - ok
17:23:10.0150 3172 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:23:10.0204 3172 usbaudio - ok
17:23:10.0230 3172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:10.0267 3172 usbccgp - ok
17:23:10.0292 3172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:23:10.0315 3172 usbcir - ok
17:23:10.0335 3172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:23:10.0369 3172 usbehci - ok
17:23:10.0396 3172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:23:10.0432 3172 usbhub - ok
17:23:10.0453 3172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:23:10.0474 3172 usbohci - ok
17:23:10.0488 3172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:23:10.0523 3172 usbprint - ok
17:23:10.0543 3172 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:23:10.0584 3172 usbscan - ok
17:23:10.0614 3172 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
17:23:10.0651 3172 usbser - ok
17:23:10.0664 3172 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:23:10.0700 3172 UsbserFilt - ok
17:23:10.0715 3172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:10.0740 3172 USBSTOR - ok
17:23:10.0751 3172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:23:10.0771 3172 usbuhci - ok
17:23:10.0801 3172 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:23:10.0826 3172 usbvideo - ok
17:23:10.0848 3172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:23:10.0898 3172 UxSms - ok
17:23:10.0913 3172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:23:10.0927 3172 VaultSvc - ok
17:23:10.0938 3172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:23:10.0964 3172 vdrvroot - ok
17:23:10.0986 3172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:23:11.0025 3172 vds - ok
17:23:11.0051 3172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:11.0080 3172 vga - ok
17:23:11.0095 3172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:23:11.0140 3172 VgaSave - ok
17:23:11.0165 3172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:23:11.0186 3172 vhdmp - ok
17:23:11.0199 3172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:23:11.0215 3172 viaide - ok
17:23:11.0264 3172 [ F211E659AAF2D82E4DBD6EA4A8178829 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
17:23:11.0294 3172 VIPAppService - ok
17:23:11.0316 3172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:23:11.0336 3172 volmgr - ok
17:23:11.0350 3172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:23:11.0372 3172 volmgrx - ok
17:23:11.0380 3172 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:23:11.0401 3172 volsnap - ok
17:23:11.0438 3172 [ DBB357B5C3D97039CDD010E01D165870 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
17:23:11.0459 3172 Vsdatant - ok
17:23:11.0489 3172 vsmon - ok
17:23:11.0513 3172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:23:11.0530 3172 vsmraid - ok
17:23:11.0561 3172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:23:11.0611 3172 VSS - ok
17:23:11.0630 3172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:23:11.0671 3172 vwifibus - ok
17:23:11.0681 3172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:23:11.0723 3172 vwififlt - ok
17:23:11.0754 3172 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:23:11.0775 3172 vwifimp - ok
17:23:11.0796 3172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:23:11.0833 3172 W32Time - ok
17:23:11.0857 3172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:23:11.0875 3172 WacomPen - ok
17:23:11.0899 3172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:23:11.0943 3172 WANARP - ok
17:23:11.0945 3172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:23:11.0972 3172 Wanarpv6 - ok
17:23:11.0988 3172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:23:12.0029 3172 wbengine - ok
17:23:12.0039 3172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:23:12.0062 3172 WbioSrvc - ok
17:23:12.0074 3172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:23:12.0108 3172 wcncsvc - ok
17:23:12.0119 3172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:23:12.0166 3172 WcsPlugInService - ok
17:23:12.0184 3172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:23:12.0200 3172 Wd - ok
17:23:12.0226 3172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:23:12.0254 3172 Wdf01000 - ok
17:23:12.0260 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:23:12.0291 3172 WdiServiceHost - ok
17:23:12.0294 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:23:12.0312 3172 WdiSystemHost - ok
17:23:12.0322 3172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:23:12.0359 3172 WebClient - ok
17:23:12.0374 3172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:23:12.0435 3172 Wecsvc - ok
17:23:12.0450 3172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:23:12.0483 3172 wercplsupport - ok
17:23:12.0496 3172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:23:12.0529 3172 WerSvc - ok
17:23:12.0543 3172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:12.0577 3172 WfpLwf - ok
17:23:12.0590 3172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:23:12.0607 3172 WIMMount - ok
17:23:12.0623 3172 WinDefend - ok
17:23:12.0628 3172 WinHttpAutoProxySvc - ok
17:23:12.0655 3172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:23:12.0701 3172 Winmgmt - ok
17:23:12.0754 3172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:23:12.0813 3172 WinRM - ok
17:23:12.0843 3172 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:23:12.0873 3172 WinUsb - ok
17:23:12.0895 3172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:23:12.0946 3172 Wlansvc - ok
17:23:12.0972 3172 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:23:12.0986 3172 wlcrasvc - ok
17:23:13.0055 3172 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:23:13.0095 3172 wlidsvc - ok
17:23:13.0103 3172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:23:13.0127 3172 WmiAcpi - ok
17:23:13.0150 3172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:23:13.0173 3172 wmiApSrv - ok
17:23:13.0190 3172 WMPNetworkSvc - ok
17:23:13.0216 3172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:23:13.0236 3172 WPCSvc - ok
17:23:13.0246 3172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:23:13.0283 3172 WPDBusEnum - ok
17:23:13.0295 3172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:23:13.0329 3172 ws2ifsl - ok
17:23:13.0340 3172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:23:13.0372 3172 wscsvc - ok
17:23:13.0375 3172 WSearch - ok
17:23:13.0416 3172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:23:13.0466 3172 wuauserv - ok
17:23:13.0486 3172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:23:13.0515 3172 WudfPf - ok
17:23:13.0538 3172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:13.0567 3172 WUDFRd - ok
17:23:13.0589 3172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:23:13.0615 3172 wudfsvc - ok
17:23:13.0631 3172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:23:13.0655 3172 WwanSvc - ok
17:23:13.0670 3172 ================ Scan global ===============================
17:23:13.0680 3172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:23:13.0710 3172 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:23:13.0719 3172 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:23:13.0731 3172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:23:13.0746 3172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:23:13.0748 3172 [Global] - ok
17:23:13.0749 3172 ================ Scan MBR ==================================
17:23:13.0753 3172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:23:13.0981 3172 \Device\Harddisk0\DR0 - ok
17:23:13.0986 3172 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:23:15.0284 3172 \Device\Harddisk1\DR1 - ok
17:23:15.0285 3172 ================ Scan VBR ==================================
17:23:15.0292 3172 [ D0AB50880A4F3C15C21A89F1F5A0547B ] \Device\Harddisk0\DR0\Partition1
17:23:15.0293 3172 \Device\Harddisk0\DR0\Partition1 - ok
17:23:15.0303 3172 [ 43BF4FDB1545CD4D2BEE3F92EA2815F0 ] \Device\Harddisk0\DR0\Partition2
17:23:15.0304 3172 \Device\Harddisk0\DR0\Partition2 - ok
17:23:15.0335 3172 [ 05537B444AF4E617B66EDCFFDF6C43BA ] \Device\Harddisk0\DR0\Partition3
17:23:15.0357 3172 \Device\Harddisk0\DR0\Partition3 - ok
17:23:15.0360 3172 [ F9A9BE2D33D90E5943F0028713ABF707 ] \Device\Harddisk1\DR1\Partition1
17:23:15.0361 3172 \Device\Harddisk1\DR1\Partition1 - ok
17:23:15.0362 3172 ============================================================
17:23:15.0362 3172 Scan finished
17:23:15.0362 3172 ============================================================
17:23:15.0372 6580 Detected object count: 6
17:23:15.0372 6580 Actual detected object count: 6
17:23:41.0686 6580 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0686 6580 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:41.0687 6580 CalendarSynchService ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0687 6580 CalendarSynchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:41.0688 6580 DatevPrintService ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0688 6580 DatevPrintService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:41.0690 6580 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0690 6580 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:41.0691 6580 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0691 6580 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:41.0693 6580 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:41.0693 6580 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 23.01.2013, 17:36   #8
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 09:32   #9
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



ImMoment macht mein PC glaube nichts mehr und steht bei "fertiggestellt Stufe_4. Hab das Gefühl das der nicht mehr weiter arbeitet. Combo fix läuft jetzt seit einer halben Stunde. Kann ich es einfach abbrechen und neu starten?

Oh, jetzt gehts weiter :-). Stufe 6. Braucht aber länger als die angegebenen 10Minuten.

Alt 25.01.2013, 10:34   #10
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



das ist ja auch ein schätzwert, oder denkst du wir kennen jedes system der welt und können einen genauen Wert berechnen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 10:38   #11
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Sorry, sollte keine. Vorwurf sein, hab nur keinen Plan was wir hier eigentlich genau machen und das Programm, läuft schon seit über einer Stunde..... Bin jetzt bei Stufe 6a :-)

So, 4 Std. später :-). Bis Stufe 50 ging es glaube ich... ich hoffe das heißt nicht, dass mein Computer total verseucht ist :-/!?
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-24.02 - MG2 25.01.2013   9:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6124.4122 [GMT 1:00]
ausgeführt von:: c:\users\MG2\Downloads\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-25 bis 2013-01-25  ))))))))))))))))))))))))))))))
.
.
2013-01-25 13:23 . 2013-01-25 13:23	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\temp
2013-01-25 13:23 . 2013-01-25 13:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-25 08:47 . 2013-01-25 08:47	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1ED645DD-6CF3-4A94-AC43-3E0D644B74B7}\offreg.dll
2013-01-25 07:57 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1ED645DD-6CF3-4A94-AC43-3E0D644B74B7}\mpengine.dll
2013-01-23 13:12 . 2013-01-23 13:12	--------	d-----w-	C:\_OTL
2013-01-21 11:03 . 2013-01-21 11:03	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\Diagnostics
2013-01-21 07:48 . 2013-01-21 07:48	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-21 07:46 . 2013-01-21 07:46	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\Apple Computer
2013-01-19 14:29 . 2013-01-21 08:14	--------	d-----w-	c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-01-19 14:28 . 2013-01-19 14:29	--------	d-----w-	c:\users\MG2\AppData\Roaming\hpqLog
2013-01-19 10:43 . 2012-11-29 15:06	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-19 10:43 . 2012-11-29 15:06	25952	----a-w-	c:\windows\system32\authuitu.dll
2013-01-19 10:43 . 2012-11-29 15:06	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-01-19 10:42 . 2013-01-19 10:43	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2013
2013-01-19 10:40 . 2013-01-18 20:25	81920	----a-w-	c:\windows\eSellerateControl350.dll
2013-01-19 10:40 . 2013-01-18 20:25	356352	----a-w-	c:\windows\eSellerateEngine.dll
2013-01-19 10:40 . 2013-01-18 20:24	274432	----a-w-	c:\windows\SysWow64\ssleay32.dll
2013-01-19 10:40 . 2013-01-18 20:22	1122304	----a-w-	c:\windows\SysWow64\libeay32.dll
2013-01-19 10:40 . 2013-01-19 11:45	--------	d-----w-	c:\program files\Browse To Save Removal Tool
2013-01-16 17:21 . 2013-01-16 17:21	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\Macromedia
2013-01-16 11:25 . 2013-01-16 11:25	--------	d-----w-	C:\DASSDVS
2013-01-16 10:39 . 2013-01-16 10:39	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\Zeon
2013-01-16 10:39 . 2013-01-16 10:39	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\Nuance
2013-01-15 13:31 . 2013-01-15 13:31	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-15 13:30 . 2013-01-15 13:31	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2013-01-15 13:22 . 2013-01-15 13:22	868848	----a-w-	c:\windows\system32\drivers\sptd.sys
2013-01-15 13:22 . 2013-01-15 13:22	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\DAEMON Tools
2013-01-15 13:00 . 2013-01-15 13:00	--------	d-----w-	c:\users\MG2\AppData\Roaming\PDF Architect
2013-01-15 12:56 . 2013-01-15 12:56	--------	d-----w-	c:\users\MG2\AppData\Roaming\Zeon
2013-01-15 10:03 . 2013-01-15 10:03	--------	d-----w-	C:\DDS
2013-01-15 10:03 . 2013-01-15 10:03	--------	d-----w-	c:\program files (x86)\Common Files\Software FX Shared
2013-01-14 08:03 . 2013-01-14 08:03	--------	d-----w-	c:\programdata\PDFC
2013-01-13 11:05 . 2013-01-13 11:05	--------	d-----w-	c:\users\MG2\AppData\Roaming\APP_NAME_NON_STRING
2013-01-11 15:15 . 2013-01-11 15:15	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\TuneUp Software
2013-01-11 08:41 . 2013-01-11 08:41	--------	d-----w-	c:\users\MG2\AppData\Roaming\TuneUp Software
2013-01-11 08:40 . 2013-01-11 08:41	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-11 08:40 . 2013-01-21 08:14	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-11 08:40 . 2013-01-11 08:40	--------	d--h--w-	c:\programdata\Common Files
2013-01-11 08:39 . 2013-01-11 08:39	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-11 08:39 . 2013-01-11 08:39	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-01-10 11:04 . 2013-01-10 11:04	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\elsterformular
2013-01-10 11:03 . 2013-01-10 11:04	--------	d-----w-	c:\programdata\elsterformular
2013-01-10 11:03 . 2013-01-10 11:03	--------	d-----w-	c:\program files (x86)\ElsterFormular
2013-01-09 16:15 . 2013-01-09 16:15	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\PDF Architect
2013-01-09 16:13 . 2013-01-18 12:48	--------	d-----w-	c:\programdata\SaveByclick
2013-01-09 16:13 . 2013-01-09 16:13	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\APP_NAME_NON_STRING
2013-01-09 16:13 . 2013-01-09 16:13	--------	d-----w-	c:\program files (x86)\PDF Architect
2013-01-09 16:12 . 2013-01-09 16:12	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\pdfforge
2013-01-09 16:12 . 2012-10-28 17:32	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2013-01-09 16:12 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-01-09 16:12 . 2013-01-09 16:13	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-01-09 16:12 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-01-09 16:12 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-01-09 16:12 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-01-09 16:11 . 2013-01-09 16:11	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\Programs
2013-01-09 16:05 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-09 08:35 . 2013-01-21 08:47	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\Apple Computer
2013-01-08 16:06 . 2013-01-08 16:07	--------	d-----w-	c:\programdata\Apple
2013-01-08 11:01 . 2013-01-09 16:55	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-07 14:54 . 2013-01-07 14:54	--------	d-----w-	c:\users\MG2\AppData\Local\webkit
2013-01-07 14:51 . 2013-01-07 14:51	--------	d-----w-	c:\users\MG2\.thumbnails
2013-01-07 14:49 . 2013-01-07 14:49	--------	d-----w-	c:\users\MG2\AppData\Local\fontconfig
2013-01-07 14:49 . 2013-01-07 16:16	--------	d-----w-	c:\users\MG2\.gimp-2.8
2013-01-07 14:49 . 2013-01-07 14:49	--------	d-----w-	c:\users\MG2\AppData\Local\gegl-0.2
2013-01-07 14:48 . 2013-01-07 14:48	--------	d-----w-	c:\program files\GIMP 2
2013-01-03 15:53 . 2013-01-03 15:53	--------	d-----w-	c:\users\MG2\AppData\Local\Mozilla
2013-01-03 15:52 . 2013-01-03 15:52	--------	d-----w-	c:\users\MG2\AppData\Roaming\CheckPoint
2013-01-03 15:21 . 2013-01-03 15:21	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\CheckPoint
2013-01-03 15:20 . 2013-01-03 15:20	--------	d-----w-	c:\program files\CheckPoint
2013-01-03 15:20 . 2012-11-15 20:06	89432	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-01-03 15:20 . 2012-11-15 20:06	611160	----a-w-	c:\windows\system32\drivers\klif.sys
2013-01-03 15:08 . 2013-01-03 15:20	--------	d-----w-	c:\program files (x86)\CheckPoint
2013-01-03 15:08 . 2013-01-03 15:08	--------	d-----w-	c:\programdata\CheckPoint
2013-01-03 11:29 . 2013-01-03 11:29	--------	d-----w-	c:\programdata\Browser Manager
2013-01-03 08:58 . 2013-01-03 15:53	--------	d-----w-	c:\programdata\boost_interprocess
2013-01-03 08:58 . 2013-01-03 13:35	--------	d-----w-	c:\users\MG2\AppData\Local\iLivid
2012-12-29 17:04 . 2012-12-29 17:04	--------	d-----w-	c:\users\MG2\AppData\Roaming\klickTel
2012-12-28 15:29 . 2012-12-28 15:29	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\WebApp
2012-12-28 15:27 . 2012-12-28 15:27	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\CyberLink
2012-12-28 10:56 . 2012-12-28 10:56	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\Foxit Software
2012-12-28 10:19 . 2013-01-03 15:32	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-12-28 10:18 . 2012-12-28 10:18	--------	d-----w-	c:\programdata\StarMoney Business 5.0
2012-12-28 10:17 . 2013-01-24 13:43	--------	d-----w-	c:\program files (x86)\StarMoney Business 5.0 Commerzbank-Edition
2012-12-28 10:17 . 2012-12-28 10:17	--------	d-----w-	c:\program files (x86)\Common Files\StarFinanz
2012-12-27 15:33 . 2012-12-27 15:37	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\Garmin
2012-12-27 15:33 . 2012-12-27 15:37	--------	d-----w-	c:\users\Morgengold Günni\AppData\Roaming\Garmin
2012-12-27 15:32 . 2012-12-27 15:32	--------	d-----w-	c:\users\Morgengold Günni\AppData\Local\GARMIN_Corp
2012-12-27 12:24 . 2013-01-25 08:31	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 16:02 . 2012-09-20 14:43	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-16 16:02 . 2012-05-18 03:25	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 13:39	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 13:39	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:39	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:39	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 16:05	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-29 10:28 . 2012-11-29 10:27	8794192	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-14 07:06 . 2012-12-13 06:23	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 06:23	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 06:23	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 06:23	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 06:23	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 06:23	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 06:24	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 06:23	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 06:23	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 06:23	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 06:24	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 06:23	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 06:23	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 06:24	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 06:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 06:24	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 06:23	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 06:23	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 06:23	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 06:24	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 06:24	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 06:24	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 05:55	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 05:55	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-13 05:54	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 05:54	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-11-01 14:31 . 2012-11-01 14:31	450136	----a-w-	c:\windows\system32\drivers\vsdatant.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-10-28 08:58	73216	----a-w-	c:\users\Morgengold Günni\AppData\Local\fbDownloader\Extensions\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6EF6B546-25FB-455B-801F-FDB3B3D39F9E}]
2012-09-13 08:48	536672	------w-	c:\datev\PROGRAMM\B0000397\DtvIePwdSafe.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-11-12 968120]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-11-01 577536]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"GoogleChromeAutoLaunch_91BA814B1394C4868ED327062A8426DC"="c:\users\MG2\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-24 343168]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-27 61112]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-09-15 121648]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"DATEV Update-Monitor"="c:\datev\PROGRAMM\Install\DvInesASDMon.Exe" [2012-08-30 288352]
"SiPaHost"="c:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2012-08-07 535136]
"SMB50StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 5.0 Commerzbank-Edition\app\oflagent.exe" [2012-10-11 56528]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
.
c:\users\Morgengold Günni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MG2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Telefon- und Branchenbuch + Rückwärtssuche 2013 - Inversmonitor.lnk - c:\program files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche 2013\kmon.exe [2012-12-11 8435200]
Telefon- und Branchenbuch + Rückwärtssuche 2013 - Schnellstarter.lnk - c:\program files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche 2013\kstart32.exe [2012-12-11 475136]
.
c:\users\MG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MG2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - c:\datev\PROGRAMM\BSoffice\service\OfficeDiag.exe [2012-8-30 42592]
CleanupPrintJobs.lnk - c:\datev\PROGRAMM\B0001401\CleanupPrintJobs.exe [2012-6-13 22624]
SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2012-6-13 22624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-01-15 868848]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/17 20:34;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
R3 Datev.Database.Conserve;DATEV Connection Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-06-23 16152]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys [2011-06-23 16152]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2012-05-18 31152]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-15 283200]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-24 204288]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [2012-06-14 87040]
S2 DVckService;DVckService;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [2012-08-30 2635872]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 2375168]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 KOBIL_MSDI;KOBIL_MSDI;c:\datev\PROGRAMM\B0000404\msdisrv.exe [2011-03-03 192512]
S2 msi2500scan;msi2500scan;c:\program files\MiricsFlexiTV\Driver\msi2500scan.exe [2011-12-16 229376]
S2 MSiDVBT;MSiDVBT;c:\program files\MiricsFlexiTV\DVBT\DVBService.exe [2011-12-16 2715648]
S2 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [2011-06-17 62111072]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-09-06 109360]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys [2012-07-03 84728]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\datev\PROGRAMM\B0000398\SiPaHostService.exe [2012-07-02 188000]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 5.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-07-13 82544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2012-07-03 157792]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 MSi2500BDA;AVerMsiBDA service;c:\windows\system32\DRIVERS\AVerMsiBDA.sys [2011-12-16 228352]
S3 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-08-11 1582144]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys [2011-06-23 28440]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-05 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-09-09 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-09-26 409408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 16:02]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000Core.job
- c:\users\MG2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 09:51]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3222151745-4052763131-2753839444-1000UA.job
- c:\users\MG2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 09:51]
.
2013-01-20 c:\windows\Tasks\HPCeeScheduleForMG2.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2013-01-18 c:\windows\Tasks\HPCeeScheduleForMorgengold Günni.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}]
2012-09-13 08:49	710240	------w-	c:\datev\PROGRAMM\B0000397\DtvIePwdSafe64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\MG2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-08-24 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-26 1424896]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchnu.com/406
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\MG2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MG2\AppData\Roaming\Mozilla\Firefox\Profiles\5dz7qo7a.default\
FF - ExtSQL: 2013-01-03 09:18; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF - ExtSQL: 2013-01-03 16:21; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-03 16:36; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2013-01-09 17:13; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-01-11 09:39; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-01-20 17:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\MG2\AppData\Roaming\Mozilla\Firefox\Profiles\5dz7qo7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-ISW - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{525BA381-389C-4975-BDD3-C36DCF66D5BD} - c:\programdata\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56}\BMWiUpdater.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-25  14:26:10
ComboFix-quarantined-files.txt  2013-01-25 13:26
.
Vor Suchlauf: 14 Verzeichnis(se), 1.648.410.640.384 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 1.647.906.947.072 Bytes frei
.
- - End Of File - - 31C233938DED5EACC9032804C19B0A51
         
--- --- ---

Alt 30.01.2013, 09:57   #12
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Danke für die bisherige Hilfe, muss ich aber noch was machen? Das Problem ist leider immer noch da.
Gruss Günni

Alt 31.01.2013, 12:38   #13
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Hab auch noch anderes zu tun,a lso geduld.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2013, 13:11   #14
guenni83
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



Ok danke... hab leider das Problem, dass ich keine Ahnung habe wo das Programm installiert wird. Hab jetzt alles durchsucht und nicht gefunden, bei der Installation wird auch kein Pfad angezeigt :-/.
Immerhin hab ich jetzt ne neue Suchmaschine und eine neue Startseite die gleich voreingestellt wurde, also irgendwas hat das Programm zumindest gemacht. Hab die setup Datei auch als Administrator gestartet.

Alt 31.01.2013, 14:52   #15
markusg
/// Malware-holic
 
Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Standard

Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!



hast du wirklich Malwarebytes instaliert? das ändert die startseite nicht. wie heißt das setup was du hast, datei namen als text posten.
außerdem legts ne verknüpfung an
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!
beiträge, browse to save, eigenes, gefährlich, nervig, passwörter, thema, werbebanner



Ähnliche Themen: Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!


  1. Habe aus Versehen eine Iso heruntergeladen "admin.getmagnosoft.com" ist diese gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2015 (9)
  2. "Browse to save" Virus
    Log-Analyse und Auswertung - 05.08.2014 (2)
  3. "cdncache-a.akamaihd.net" - PopUp's, Werbebanner und "click to continue"-Links
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (39)
  4. "Browse to save" Virus
    Log-Analyse und Auswertung - 25.01.2014 (7)
  5. Bitte auch um Hilfe bei "Browse to save".. es macht mich wahnsinnig...
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (2)
  6. Wie kann ich "Browse To Save" entfernen?
    Log-Analyse und Auswertung - 14.05.2013 (11)
  7. Mit dem Titel "Click to Continue by Browse to Save" öffnen sich im Internet-Browser ein fremdes Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (5)
  8. "click to continue" oder "browse to save" entfernen
    Log-Analyse und Auswertung - 02.04.2013 (21)
  9. "Adds to Browse to save" Virus
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (19)
  10. Unbekannter Virus-> "Ads by Browse to Save"
    Log-Analyse und Auswertung - 06.02.2013 (11)
  11. "click to continue" oder "browse to save" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (2)
  12. Werbebanner by Browse to Save - Virus
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (13)
  13. Ich habe mir vor drei Tagen den Ukash-BKA-Virus "eingefangen". Wie bekomme ich den wieder los?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  14. Habe auch Probleme mit "Failed to save all the components for the file System32\\00... " Win7
    Mülltonne - 09.12.2011 (4)
  15. Habe auch Probleme mit "Failed to save all the components for the file System32\\00... " Win7
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (35)
  16. habe auch "Roter Bildschirm: "Ihr System wurde aus Sicherheitsgründen blockiert" "
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! - Kann mir jemand bei "Browse to Save" helfen? Hatte hier schon ein paar Beiträge dazu gelesen und mache jetzt auch (wie man es wohl machen soll) ein eigenes Thema auf - Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg!...
Archiv
Du betrachtest: Ich habe jetzt auch "Browse to Save" Werbebanner und bekomme diese nicht weg! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.