Hallo zusammen,
seit gestern meldet mein G Data einen Trojaner in der Datei

Datei:\C:\Windows\assembly\GAC_64\Desktop.ini
Trojan.Sirefef.FY

sowie

Datei:\C:\Windows\assembly\GAC_32\Desktop.ini
Trojan.Generic.7552386

Mein System: Windows 7 Home Edition 64bit
Virenprogramm: G Data InternetSecurity 2013

Was ich bereits unternommen habe:
Desinfection mit G Data: Resultat -> schwarzer Screen und nach Neustart wieder die Virenmeldung.

Download und check Malwarebytes -> hat keine Malware gefunden

TDSSKiller (Log File siehe unten)

habe dann versucht das File (desktop.ini) über die CMD Line zu löschen -> Zugriff verweigert. Auch ein Kill der Prozesse, welche diese Date in Verwenung hatten brachte nichts ein.

Nun ersuche ich hier um Rat, da ich aufgrund Job und Familie mein Backup etwas schleifen habe lassen und daher keine echte Lust habe das System neu aufzusetzen ;-)

Ich bedanke mich bereits im Voraus für die Hilfe
Grüße
Marco

TDSSKiller

Zitat:

20:48:12.0628 6992 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:48:12.0800 6992 ============================================================
20:48:12.0800 6992 Current date / time: 2012/07/10 20:48:12.0800
20:48:12.0800 6992 SystemInfo:
20:48:12.0800 6992
20:48:12.0800 6992 OS Version: 6.1.7601 ServicePack: 1.0
20:48:12.0800 6992 Product type: Workstation
20:48:12.0800 6992 ComputerName: MRC-PC
20:48:12.0800 6992 UserName: mRc
20:48:12.0800 6992 Windows directory: C:\Windows
20:48:12.0800 6992 System windows directory: C:\Windows
20:48:12.0800 6992 Running under WOW64
20:48:12.0800 6992 Processor architecture: Intel x64
20:48:12.0800 6992 Number of processors: 4
20:48:12.0800 6992 Page size: 0x1000
20:48:12.0800 6992 Boot type: Normal boot
20:48:12.0800 6992 ============================================================
20:48:17.0295 6992 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:17.0310 6992 Drive \Device\Harddisk1\DR1 - Size: 0x1CC271FE00 (115.04 Gb), SectorSize: 0x200, Cylinders: 0x3AA9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:17.0326 6992 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:17.0341 6992 Drive \Device\Harddisk3\DR3 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x298D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:48:17.0341 6992 Drive \Device\Harddisk4\DR4 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:48:17.0653 6992 ============================================================
20:48:17.0653 6992 \Device\Harddisk0\DR0:
20:48:17.0653 6992 MBR partitions:
20:48:17.0653 6992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
20:48:17.0653 6992 \Device\Harddisk1\DR1:
20:48:17.0653 6992 MBR partitions:
20:48:17.0653 6992 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE613000
20:48:17.0653 6992 \Device\Harddisk2\DR2:
20:48:17.0653 6992 MBR partitions:
20:48:17.0653 6992 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
20:48:17.0653 6992 \Device\Harddisk3\DR3:
20:48:17.0653 6992 MBR partitions:
20:48:17.0653 6992 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995DC81
20:48:17.0653 6992 \Device\Harddisk4\DR4:
20:48:17.0653 6992 MBR partitions:
20:48:17.0653 6992 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
20:48:17.0653 6992 ============================================================
20:48:17.0685 6992 C: <-> \Device\Harddisk0\DR0\Partition0
20:48:17.0685 6992 D: <-> \Device\Harddisk1\DR1\Partition0
20:48:17.0700 6992 E: <-> \Device\Harddisk3\DR3\Partition0
20:48:17.0731 6992 G: <-> \Device\Harddisk2\DR2\Partition0
20:48:17.0747 6992 I: <-> \Device\Harddisk4\DR4\Partition0
20:48:17.0747 6992 ============================================================
20:48:17.0747 6992 Initialize success
20:48:17.0747 6992 ============================================================
20:51:55.0695 7424 ============================================================
20:51:55.0695 7424 Scan started
20:51:55.0695 7424 Mode: Manual; SigCheck; TDLFS;
20:51:55.0695 7424 ============================================================
20:51:56.0366 7424 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:51:56.0444 7424 1394ohci - ok
20:51:56.0475 7424 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:51:56.0475 7424 ACPI - ok
20:51:56.0491 7424 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:51:56.0522 7424 AcpiPmi - ok
20:51:56.0647 7424 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:56.0662 7424 AdobeFlashPlayerUpdateSvc - ok
20:51:56.0693 7424 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:51:56.0709 7424 adp94xx - ok
20:51:56.0740 7424 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:51:56.0740 7424 adpahci - ok
20:51:56.0771 7424 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:51:56.0771 7424 adpu320 - ok
20:51:56.0803 7424 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:51:56.0912 7424 AeLookupSvc - ok
20:51:56.0959 7424 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:51:57.0005 7424 AFD - ok
20:51:57.0021 7424 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:51:57.0037 7424 agp440 - ok
20:51:57.0052 7424 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:51:57.0068 7424 ALG - ok
20:51:57.0083 7424 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:51:57.0083 7424 aliide - ok
20:51:57.0099 7424 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:51:57.0115 7424 amdide - ok
20:51:57.0130 7424 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:51:57.0161 7424 AmdK8 - ok
20:51:57.0177 7424 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:51:57.0193 7424 AmdPPM - ok
20:51:57.0224 7424 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:51:57.0224 7424 amdsata - ok
20:51:57.0239 7424 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:51:57.0255 7424 amdsbs - ok
20:51:57.0271 7424 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:51:57.0271 7424 amdxata - ok
20:51:57.0302 7424 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:51:57.0333 7424 AppID - ok
20:51:57.0349 7424 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:51:57.0380 7424 AppIDSvc - ok
20:51:57.0411 7424 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:51:57.0458 7424 Appinfo - ok
20:51:57.0567 7424 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:51:57.0567 7424 Apple Mobile Device - ok
20:51:57.0583 7424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:51:57.0598 7424 arc - ok
20:51:57.0614 7424 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:51:57.0614 7424 arcsas - ok
20:51:57.0645 7424 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
20:51:57.0661 7424 AsrAppCharger - ok
20:51:57.0676 7424 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:57.0723 7424 AsyncMac - ok
20:51:57.0723 7424 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:51:57.0739 7424 atapi - ok
20:51:57.0785 7424 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:51:57.0832 7424 AudioEndpointBuilder - ok
20:51:57.0832 7424 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:51:57.0863 7424 AudioSrv - ok
20:51:58.0051 7424 AVKProxy (fcc4933f96883fec83d17697b75b0fde) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
20:51:58.0066 7424 AVKProxy - ok
20:51:58.0160 7424 AVKService (29da2d5958b352022a1bb5ce6fdb427c) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
20:51:58.0160 7424 AVKService - ok
20:51:58.0285 7424 AVKWCtl (9a75bddfce451c173cdeaefc1921a147) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
20:51:58.0316 7424 AVKWCtl - ok
20:51:58.0394 7424 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:51:58.0425 7424 AxInstSV - ok
20:51:58.0487 7424 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:51:58.0503 7424 b06bdrv - ok
20:51:58.0550 7424 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:51:58.0565 7424 b57nd60a - ok
20:51:58.0612 7424 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:51:58.0628 7424 BDESVC - ok
20:51:58.0643 7424 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:51:58.0675 7424 Beep - ok
20:51:58.0737 7424 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:51:58.0768 7424 BITS - ok
20:51:58.0799 7424 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:51:58.0815 7424 blbdrive - ok
20:51:58.0909 7424 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:51:58.0924 7424 Bonjour Service - ok
20:51:58.0955 7424 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:51:58.0987 7424 bowser - ok
20:51:59.0018 7424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:51:59.0033 7424 BrFiltLo - ok
20:51:59.0049 7424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:51:59.0049 7424 BrFiltUp - ok
20:51:59.0080 7424 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:51:59.0111 7424 Browser - ok
20:51:59.0143 7424 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:51:59.0158 7424 Brserid - ok
20:51:59.0174 7424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:51:59.0189 7424 BrSerWdm - ok
20:51:59.0205 7424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:51:59.0221 7424 BrUsbMdm - ok
20:51:59.0221 7424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:51:59.0236 7424 BrUsbSer - ok
20:51:59.0252 7424 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:51:59.0283 7424 BTHMODEM - ok
20:51:59.0314 7424 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:51:59.0345 7424 bthserv - ok
20:51:59.0361 7424 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:59.0392 7424 cdfs - ok
20:51:59.0423 7424 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:51:59.0455 7424 cdrom - ok
20:51:59.0501 7424 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:51:59.0533 7424 CertPropSvc - ok
20:51:59.0548 7424 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:51:59.0548 7424 circlass - ok
20:51:59.0595 7424 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:51:59.0595 7424 CLFS - ok
20:51:59.0657 7424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:59.0657 7424 clr_optimization_v2.0.50727_32 - ok
20:51:59.0720 7424 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:51:59.0720 7424 clr_optimization_v2.0.50727_64 - ok
20:51:59.0782 7424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:59.0782 7424 clr_optimization_v4.0.30319_32 - ok
20:51:59.0813 7424 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:51:59.0829 7424 clr_optimization_v4.0.30319_64 - ok
20:51:59.0845 7424 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:59.0876 7424 CmBatt - ok
20:51:59.0891 7424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:51:59.0907 7424 cmdide - ok
20:51:59.0954 7424 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:51:59.0969 7424 CNG - ok
20:51:59.0985 7424 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:51:59.0985 7424 Compbatt - ok
20:52:00.0016 7424 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:52:00.0047 7424 CompositeBus - ok
20:52:00.0063 7424 COMSysApp - ok
20:52:00.0125 7424 cpuz134 - ok
20:52:00.0141 7424 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:52:00.0141 7424 crcdisk - ok
20:52:00.0172 7424 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:52:00.0188 7424 CryptSvc - ok
20:52:00.0250 7424 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:52:00.0281 7424 DcomLaunch - ok
20:52:00.0313 7424 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:52:00.0344 7424 defragsvc - ok
20:52:00.0375 7424 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:52:00.0406 7424 DfsC - ok
20:52:00.0437 7424 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:52:00.0469 7424 Dhcp - ok
20:52:00.0484 7424 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:52:00.0515 7424 discache - ok
20:52:00.0531 7424 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:52:00.0547 7424 Disk - ok
20:52:00.0562 7424 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:52:00.0593 7424 Dnscache - ok
20:52:00.0625 7424 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:52:00.0656 7424 dot3svc - ok
20:52:00.0687 7424 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:52:00.0718 7424 DPS - ok
20:52:00.0749 7424 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:52:00.0749 7424 drmkaud - ok
20:52:00.0827 7424 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:00.0843 7424 DXGKrnl - ok
20:52:00.0874 7424 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:52:00.0905 7424 EapHost - ok
20:52:01.0015 7424 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:52:01.0108 7424 ebdrv - ok
20:52:01.0171 7424 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:52:01.0186 7424 EFS - ok
20:52:01.0249 7424 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:52:01.0264 7424 ehRecvr - ok
20:52:01.0295 7424 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:52:01.0327 7424 ehSched - ok
20:52:01.0373 7424 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:52:01.0389 7424 elxstor - ok
20:52:01.0405 7424 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:52:01.0420 7424 ErrDev - ok
20:52:01.0451 7424 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
20:52:01.0467 7424 EtronHub3 - ok
20:52:01.0483 7424 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
20:52:01.0514 7424 EtronXHCI - ok
20:52:01.0561 7424 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:52:01.0576 7424 EventSystem - ok
20:52:01.0607 7424 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:52:01.0654 7424 exfat - ok
20:52:01.0670 7424 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:52:01.0717 7424 fastfat - ok
20:52:01.0779 7424 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:52:01.0810 7424 Fax - ok
20:52:01.0826 7424 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:52:01.0841 7424 fdc - ok
20:52:01.0857 7424 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:52:01.0904 7424 fdPHost - ok
20:52:01.0919 7424 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:52:01.0951 7424 FDResPub - ok
20:52:01.0966 7424 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:52:01.0966 7424 FileInfo - ok
20:52:01.0982 7424 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:52:01.0997 7424 Filetrace - ok
20:52:02.0013 7424 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:02.0029 7424 flpydisk - ok
20:52:02.0060 7424 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:52:02.0060 7424 FltMgr - ok
20:52:02.0107 7424 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
20:52:02.0107 7424 FNETTBOH_305 - ok
20:52:02.0122 7424 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
20:52:02.0138 7424 FNETURPX - ok
20:52:02.0216 7424 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:52:02.0247 7424 FontCache - ok
20:52:02.0294 7424 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:52:02.0294 7424 FontCache3.0.0.0 - ok
20:52:02.0309 7424 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:52:02.0325 7424 FsDepends - ok
20:52:02.0341 7424 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:52:02.0356 7424 Fs_Rec - ok
20:52:02.0403 7424 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:52:02.0419 7424 fvevol - ok
20:52:02.0465 7424 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:52:02.0465 7424 gagp30kx - ok
20:52:02.0497 7424 GDBehave (116f4672a804da33e1159c005ae88b9c) C:\Windows\system32\drivers\GDBehave.sys
20:52:02.0497 7424 GDBehave - ok
20:52:02.0699 7424 GDFwSvc (2922b4d0aa4095797e66d87f08ca4d72) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
20:52:02.0731 7424 GDFwSvc - ok
20:52:02.0809 7424 GDMnIcpt (e02ac68f1fc31d38ead729e00bd68c93) C:\Windows\system32\drivers\MiniIcpt.sys
20:52:02.0824 7424 GDMnIcpt - ok
20:52:02.0840 7424 GdNetMon (d826b9c59de0b310c9e560763560d8f9) C:\Windows\system32\drivers\GdNetMon64.sys
20:52:02.0840 7424 GdNetMon - ok
20:52:02.0871 7424 GDPkIcpt (290ddb8c97249f99569b77e9df2f76fc) C:\Windows\system32\drivers\PktIcpt.sys
20:52:02.0871 7424 GDPkIcpt - ok
20:52:02.0949 7424 GDScan (110c6dc36ea9f5da664a584756b1b297) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
20:52:02.0965 7424 GDScan - ok
20:52:02.0980 7424 gdwfpcd (876d6fa58981d073dd4063225370b12f) C:\Windows\system32\drivers\gdwfpcd64.sys
20:52:02.0980 7424 gdwfpcd - ok
20:52:03.0043 7424 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:52:03.0074 7424 gpsvc - ok
20:52:03.0105 7424 GRD (9580cbf03d2ee08bd1c0d701aae4092a) C:\Windows\system32\drivers\GRD.sys
20:52:03.0105 7424 GRD - ok
20:52:03.0121 7424 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:52:03.0152 7424 hcw85cir - ok
20:52:03.0199 7424 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:52:03.0214 7424 HdAudAddService - ok
20:52:03.0245 7424 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:52:03.0261 7424 HDAudBus - ok
20:52:03.0277 7424 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:52:03.0308 7424 HidBatt - ok
20:52:03.0323 7424 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:52:03.0339 7424 HidBth - ok
20:52:03.0355 7424 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:52:03.0370 7424 HidIr - ok
20:52:03.0401 7424 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:52:03.0433 7424 hidserv - ok
20:52:03.0464 7424 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:52:03.0464 7424 HidUsb - ok
20:52:03.0495 7424 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:52:03.0511 7424 hkmsvc - ok
20:52:03.0542 7424 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:52:03.0557 7424 HomeGroupListener - ok
20:52:03.0589 7424 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:52:03.0620 7424 HomeGroupProvider - ok
20:52:03.0635 7424 HookCentre (3cd18f0b3681fb267e67763cc3152d4e) C:\Windows\system32\drivers\HookCentre.sys
20:52:03.0651 7424 HookCentre - ok
20:52:03.0651 7424 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:52:03.0667 7424 HpSAMD - ok
20:52:03.0729 7424 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:52:03.0776 7424 HTTP - ok
20:52:03.0791 7424 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:52:03.0807 7424 hwpolicy - ok
20:52:03.0823 7424 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:52:03.0823 7424 i8042prt - ok
20:52:03.0869 7424 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:52:03.0869 7424 iaStorV - ok
20:52:03.0979 7424 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:52:03.0994 7424 idsvc - ok
20:52:04.0025 7424 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:52:04.0025 7424 iirsp - ok
20:52:04.0088 7424 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:52:04.0135 7424 IKEEXT - ok
20:52:04.0150 7424 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:52:04.0150 7424 intelide - ok
20:52:04.0181 7424 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:52:04.0197 7424 intelppm - ok
20:52:04.0213 7424 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:52:04.0259 7424 IPBusEnum - ok
20:52:04.0275 7424 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:04.0306 7424 IpFilterDriver - ok
20:52:04.0322 7424 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:52:04.0337 7424 IPMIDRV - ok
20:52:04.0353 7424 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:52:04.0384 7424 IPNAT - ok
20:52:04.0415 7424 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:52:04.0431 7424 IRENUM - ok
20:52:04.0447 7424 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:52:04.0462 7424 isapnp - ok
20:52:04.0478 7424 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:52:04.0493 7424 iScsiPrt - ok
20:52:04.0509 7424 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:52:04.0525 7424 kbdclass - ok
20:52:04.0540 7424 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:52:04.0571 7424 kbdhid - ok
20:52:04.0603 7424 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:04.0603 7424 KeyIso - ok
20:52:04.0618 7424 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:52:04.0618 7424 KSecDD - ok
20:52:04.0634 7424 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:52:04.0649 7424 KSecPkg - ok
20:52:04.0649 7424 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:52:04.0696 7424 ksthunk - ok
20:52:04.0727 7424 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:52:04.0759 7424 KtmRm - ok
20:52:04.0790 7424 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:52:04.0837 7424 LanmanServer - ok
20:52:04.0852 7424 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:52:04.0899 7424 LanmanWorkstation - ok
20:52:04.0930 7424 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:52:04.0961 7424 lltdio - ok
20:52:05.0102 7424 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:52:05.0133 7424 lltdsvc - ok
20:52:05.0149 7424 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:52:05.0164 7424 lmhosts - ok
20:52:05.0195 7424 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:52:05.0195 7424 LSI_FC - ok
20:52:05.0211 7424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:52:05.0227 7424 LSI_SAS - ok
20:52:05.0242 7424 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:52:05.0242 7424 LSI_SAS2 - ok
20:52:05.0258 7424 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:52:05.0258 7424 LSI_SCSI - ok
20:52:05.0289 7424 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:52:05.0305 7424 luafv - ok
20:52:05.0336 7424 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:52:05.0336 7424 Mcx2Svc - ok
20:52:05.0351 7424 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:52:05.0367 7424 megasas - ok
20:52:05.0383 7424 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:52:05.0398 7424 MegaSR - ok
20:52:05.0429 7424 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:52:05.0429 7424 MEIx64 - ok
20:52:05.0523 7424 Microsoft SharePoint Workspace Audit Service - ok
20:52:05.0539 7424 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:52:05.0570 7424 MMCSS - ok
20:52:05.0585 7424 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:52:05.0617 7424 Modem - ok
20:52:05.0648 7424 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:52:05.0663 7424 monitor - ok
20:52:05.0695 7424 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:52:05.0710 7424 mouclass - ok
20:52:05.0726 7424 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:52:05.0741 7424 mouhid - ok
20:52:05.0773 7424 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:52:05.0773 7424 mountmgr - ok
20:52:05.0835 7424 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:52:05.0835 7424 MozillaMaintenance - ok
20:52:05.0866 7424 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:52:05.0882 7424 mpio - ok
20:52:05.0897 7424 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:52:05.0913 7424 mpsdrv - ok
20:52:05.0944 7424 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:52:05.0975 7424 MRxDAV - ok
20:52:06.0007 7424 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:06.0038 7424 mrxsmb - ok
20:52:06.0069 7424 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:06.0100 7424 mrxsmb10 - ok
20:52:06.0131 7424 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:06.0131 7424 mrxsmb20 - ok
20:52:06.0147 7424 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:52:06.0163 7424 msahci - ok
20:52:06.0178 7424 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:52:06.0178 7424 msdsm - ok
20:52:06.0225 7424 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:52:06.0225 7424 MSDTC - ok
20:52:06.0241 7424 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:52:06.0272 7424 Msfs - ok
20:52:06.0272 7424 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:52:06.0319 7424 mshidkmdf - ok
20:52:06.0319 7424 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:52:06.0334 7424 msisadrv - ok
20:52:06.0365 7424 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:52:06.0412 7424 MSiSCSI - ok
20:52:06.0412 7424 msiserver - ok
20:52:06.0428 7424 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:52:06.0459 7424 MSKSSRV - ok
20:52:06.0475 7424 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:06.0506 7424 MSPCLOCK - ok
20:52:06.0506 7424 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:52:06.0537 7424 MSPQM - ok
20:52:06.0568 7424 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:52:06.0584 7424 MsRPC - ok
20:52:06.0599 7424 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:52:06.0599 7424 mssmbios - ok
20:52:06.0615 7424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:52:06.0631 7424 MSTEE - ok
20:52:06.0646 7424 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:52:06.0662 7424 MTConfig - ok
20:52:06.0662 7424 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:52:06.0677 7424 Mup - ok
20:52:06.0709 7424 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:52:06.0755 7424 napagent - ok
20:52:06.0787 7424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:52:06.0802 7424 NativeWifiP - ok
20:52:06.0865 7424 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:52:06.0896 7424 NDIS - ok
20:52:06.0911 7424 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:06.0943 7424 NdisCap - ok
20:52:06.0958 7424 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:06.0989 7424 NdisTapi - ok
20:52:07.0005 7424 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:07.0036 7424 Ndisuio - ok
20:52:07.0067 7424 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:07.0099 7424 NdisWan - ok
20:52:07.0114 7424 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:52:07.0161 7424 NDProxy - ok
20:52:07.0161 7424 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:52:07.0192 7424 NetBIOS - ok
20:52:07.0208 7424 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:52:07.0239 7424 NetBT - ok
20:52:07.0255 7424 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:07.0270 7424 Netlogon - ok
20:52:07.0301 7424 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:52:07.0333 7424 Netman - ok
20:52:07.0364 7424 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:52:07.0411 7424 netprofm - ok
20:52:07.0473 7424 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:07.0489 7424 NetTcpPortSharing - ok
20:52:07.0504 7424 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:52:07.0504 7424 nfrd960 - ok
20:52:07.0551 7424 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:52:07.0598 7424 NlaSvc - ok
20:52:07.0629 7424 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:52:07.0660 7424 Npfs - ok
20:52:07.0660 7424 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:52:07.0691 7424 nsi - ok
20:52:07.0707 7424 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:52:07.0754 7424 nsiproxy - ok
20:52:07.0847 7424 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:52:07.0879 7424 Ntfs - ok
20:52:07.0941 7424 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:52:07.0972 7424 Null - ok
20:52:08.0003 7424 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
20:52:08.0003 7424 NVHDA - ok
20:52:08.0690 7424 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:52:08.0877 7424 nvlddmkm - ok
20:52:08.0986 7424 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:52:08.0986 7424 nvraid - ok
20:52:09.0017 7424 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:52:09.0033 7424 nvstor - ok
20:52:09.0111 7424 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
20:52:09.0127 7424 nvsvc - ok
20:52:09.0267 7424 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:52:09.0283 7424 nvUpdatusService - ok
20:52:09.0361 7424 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:52:09.0361 7424 nv_agp - ok
20:52:09.0392 7424 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:52:09.0407 7424 ohci1394 - ok
20:52:09.0439 7424 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:09.0454 7424 ose - ok
20:52:09.0735 7424 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:52:09.0797 7424 osppsvc - ok
20:52:09.0860 7424 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:52:09.0891 7424 p2pimsvc - ok
20:52:09.0922 7424 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:52:09.0938 7424 p2psvc - ok
20:52:09.0969 7424 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:52:09.0969 7424 Parport - ok
20:52:10.0000 7424 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:52:10.0000 7424 partmgr - ok
20:52:10.0031 7424 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:52:10.0047 7424 PcaSvc - ok
20:52:10.0078 7424 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:52:10.0078 7424 pci - ok
20:52:10.0125 7424 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:52:10.0125 7424 pciide - ok
20:52:10.0156 7424 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:10.0172 7424 pcmcia - ok
20:52:10.0172 7424 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:52:10.0187 7424 pcw - ok
20:52:10.0219 7424 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:52:10.0250 7424 PEAUTH - ok
20:52:10.0312 7424 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:52:10.0328 7424 PerfHost - ok
20:52:10.0421 7424 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:52:10.0468 7424 pla - ok
20:52:10.0531 7424 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:52:10.0546 7424 PlugPlay - ok
20:52:10.0577 7424 PnkBstrA - ok
20:52:10.0593 7424 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:52:10.0609 7424 PNRPAutoReg - ok
20:52:10.0640 7424 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:52:10.0655 7424 PNRPsvc - ok
20:52:10.0702 7424 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:52:10.0733 7424 PolicyAgent - ok
20:52:10.0765 7424 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:52:10.0796 7424 Power - ok
20:52:10.0858 7424 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:10.0874 7424 PptpMiniport - ok
20:52:10.0905 7424 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:52:10.0921 7424 Processor - ok
20:52:10.0952 7424 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:52:10.0967 7424 ProfSvc - ok
20:52:10.0983 7424 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:10.0999 7424 ProtectedStorage - ok
20:52:11.0014 7424 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:52:11.0061 7424 Psched - ok
20:52:11.0139 7424 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:52:11.0170 7424 ql2300 - ok
20:52:11.0248 7424 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:11.0264 7424 ql40xx - ok
20:52:11.0295 7424 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:52:11.0326 7424 QWAVE - ok
20:52:11.0342 7424 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:52:11.0357 7424 QWAVEdrv - ok
20:52:11.0373 7424 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:11.0404 7424 RasAcd - ok
20:52:11.0435 7424 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:11.0467 7424 RasAgileVpn - ok
20:52:11.0482 7424 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:52:11.0529 7424 RasAuto - ok
20:52:11.0560 7424 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:11.0607 7424 Rasl2tp - ok
20:52:11.0638 7424 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:52:11.0669 7424 RasMan - ok
20:52:11.0685 7424 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:11.0716 7424 RasPppoe - ok
20:52:11.0732 7424 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:11.0747 7424 RasSstp - ok
20:52:11.0779 7424 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:11.0810 7424 rdbss - ok
20:52:11.0825 7424 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:11.0841 7424 rdpbus - ok
20:52:11.0857 7424 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:11.0872 7424 RDPCDD - ok
20:52:11.0903 7424 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:52:11.0935 7424 RDPENCDD - ok
20:52:11.0935 7424 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:52:11.0966 7424 RDPREFMP - ok
20:52:11.0997 7424 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:52:11.0997 7424 RDPWD - ok
20:52:12.0028 7424 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:52:12.0044 7424 rdyboost - ok
20:52:12.0075 7424 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:52:12.0122 7424 RemoteAccess - ok
20:52:12.0153 7424 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:52:12.0184 7424 RemoteRegistry - ok
20:52:12.0215 7424 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:52:12.0231 7424 RpcEptMapper - ok
20:52:12.0247 7424 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:52:12.0262 7424 RpcLocator - ok
20:52:12.0309 7424 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:52:12.0340 7424 RpcSs - ok
20:52:12.0356 7424 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:52:12.0371 7424 rspndr - ok
20:52:12.0418 7424 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:52:12.0434 7424 RTL8167 - ok
20:52:12.0449 7424 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:12.0449 7424 SamSs - ok
20:52:12.0481 7424 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:52:12.0481 7424 sbp2port - ok
20:52:12.0512 7424 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:52:12.0559 7424 SCardSvr - ok
20:52:12.0574 7424 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:52:12.0605 7424 scfilter - ok
20:52:12.0699 7424 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:52:12.0730 7424 Schedule - ok
20:52:12.0761 7424 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:52:12.0777 7424 SCPolicySvc - ok
20:52:12.0808 7424 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:52:12.0824 7424 SDRSVC - ok
20:52:12.0886 7424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:52:12.0917 7424 secdrv - ok
20:52:12.0933 7424 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:52:12.0964 7424 seclogon - ok
20:52:12.0980 7424 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:52:12.0996 7424 SENS - ok
20:52:13.0011 7424 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:52:13.0011 7424 SensrSvc - ok
20:52:13.0042 7424 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:52:13.0058 7424 Serenum - ok
20:52:13.0074 7424 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:52:13.0089 7424 Serial - ok
20:52:13.0105 7424 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:52:13.0120 7424 sermouse - ok
20:52:13.0152 7424 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:52:13.0183 7424 SessionEnv - ok
20:52:13.0198 7424 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:52:13.0230 7424 sffdisk - ok
20:52:13.0230 7424 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:52:13.0261 7424 sffp_mmc - ok
20:52:13.0261 7424 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:52:13.0292 7424 sffp_sd - ok
20:52:13.0292 7424 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:13.0308 7424 sfloppy - ok
20:52:13.0339 7424 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:52:13.0370 7424 ShellHWDetection - ok
20:52:13.0370 7424 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:52:13.0386 7424 SiSRaid2 - ok
20:52:13.0401 7424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:52:13.0401 7424 SiSRaid4 - ok
20:52:13.0432 7424 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:52:13.0464 7424 Smb - ok
20:52:13.0479 7424 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:52:13.0495 7424 SNMPTRAP - ok
20:52:13.0510 7424 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:52:13.0510 7424 spldr - ok
20:52:13.0542 7424 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:52:13.0573 7424 Spooler - ok
20:52:13.0760 7424 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:52:13.0807 7424 sppsvc - ok
20:52:13.0885 7424 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:52:13.0916 7424 sppuinotify - ok
20:52:13.0963 7424 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:52:13.0994 7424 srv - ok
20:52:14.0025 7424 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:52:14.0041 7424 srv2 - ok
20:52:14.0056 7424 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:14.0088 7424 srvnet - ok
20:52:14.0119 7424 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:52:14.0150 7424 SSDPSRV - ok
20:52:14.0166 7424 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:52:14.0181 7424 SstpSvc - ok
20:52:14.0322 7424 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:52:14.0322 7424 Stereo Service - ok
20:52:14.0353 7424 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:52:14.0353 7424 stexstor - ok
20:52:14.0415 7424 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:52:14.0431 7424 stisvc - ok
20:52:14.0446 7424 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:52:14.0462 7424 swenum - ok
20:52:14.0493 7424 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:52:14.0524 7424 swprv - ok
20:52:14.0618 7424 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:52:14.0665 7424 SysMain - ok
20:52:14.0743 7424 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:52:14.0758 7424 TabletInputService - ok
20:52:14.0790 7424 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:52:14.0821 7424 TapiSrv - ok
20:52:14.0836 7424 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:52:14.0883 7424 TBS - ok
20:52:15.0024 7424 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:52:15.0055 7424 Tcpip - ok
20:52:15.0273 7424 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:15.0304 7424 TCPIP6 - ok
20:52:15.0351 7424 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:52:15.0382 7424 tcpipreg - ok
20:52:15.0414 7424 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:52:15.0429 7424 TDPIPE - ok
20:52:15.0445 7424 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:52:15.0460 7424 TDTCP - ok
20:52:15.0492 7424 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:52:15.0523 7424 tdx - ok
20:52:15.0538 7424 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:52:15.0538 7424 TermDD - ok
20:52:15.0585 7424 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:52:15.0632 7424 TermService - ok
20:52:15.0648 7424 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:52:15.0679 7424 Themes - ok
20:52:15.0710 7424 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:52:15.0726 7424 THREADORDER - ok
20:52:15.0741 7424 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:52:15.0772 7424 TrkWks - ok
20:52:15.0819 7424 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:52:15.0835 7424 TrustedInstaller - ok
20:52:15.0866 7424 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:15.0882 7424 tssecsrv - ok
20:52:15.0913 7424 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:52:15.0944 7424 TsUsbFlt - ok
20:52:15.0991 7424 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:16.0022 7424 tunnel - ok
20:52:16.0053 7424 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:52:16.0053 7424 uagp35 - ok
20:52:16.0100 7424 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:52:16.0131 7424 udfs - ok
20:52:16.0147 7424 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:52:16.0147 7424 UI0Detect - ok
20:52:16.0178 7424 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:52:16.0178 7424 uliagpkx - ok
20:52:16.0209 7424 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:52:16.0225 7424 umbus - ok
20:52:16.0240 7424 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:52:16.0256 7424 UmPass - ok
20:52:16.0303 7424 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:52:16.0318 7424 upnphost - ok
20:52:16.0365 7424 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:52:16.0381 7424 USBAAPL64 - ok
20:52:16.0396 7424 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:16.0412 7424 usbccgp - ok
20:52:16.0443 7424 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:52:16.0443 7424 usbcir - ok
20:52:16.0459 7424 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:52:16.0474 7424 usbehci - ok
20:52:16.0506 7424 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:16.0521 7424 usbhub - ok
20:52:16.0521 7424 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:52:16.0537 7424 usbohci - ok
20:52:16.0552 7424 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:52:16.0568 7424 usbprint - ok
20:52:16.0584 7424 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:52:16.0615 7424 usbscan - ok
20:52:16.0630 7424 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:16.0646 7424 USBSTOR - ok
20:52:16.0662 7424 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:52:16.0677 7424 usbuhci - ok
20:52:16.0693 7424 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:52:16.0724 7424 UxSms - ok
20:52:16.0740 7424 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:16.0755 7424 VaultSvc - ok
20:52:16.0771 7424 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:52:16.0786 7424 vdrvroot - ok
20:52:16.0818 7424 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:52:16.0849 7424 vds - ok
20:52:16.0864 7424 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:16.0880 7424 vga - ok
20:52:16.0896 7424 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:52:16.0927 7424 VgaSave - ok
20:52:16.0942 7424 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:52:16.0958 7424 vhdmp - ok
20:52:16.0974 7424 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:52:16.0974 7424 viaide - ok
20:52:16.0989 7424 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:52:17.0005 7424 volmgr - ok
20:52:17.0036 7424 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:52:17.0052 7424 volmgrx - ok
20:52:17.0067 7424 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:52:17.0083 7424 volsnap - ok
20:52:17.0098 7424 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:17.0114 7424 vsmraid - ok
20:52:17.0208 7424 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:52:17.0239 7424 VSS - ok
20:52:17.0332 7424 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:52:17.0348 7424 vwifibus - ok
20:52:17.0379 7424 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:52:17.0410 7424 W32Time - ok
20:52:17.0426 7424 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:52:17.0442 7424 WacomPen - ok
20:52:17.0488 7424 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:17.0520 7424 WANARP - ok
20:52:17.0535 7424 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:17.0566 7424 Wanarpv6 - ok
20:52:17.0644 7424 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:52:17.0676 7424 wbengine - ok
20:52:17.0707 7424 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:52:17.0722 7424 WbioSrvc - ok
20:52:17.0754 7424 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:52:17.0769 7424 wcncsvc - ok
20:52:17.0800 7424 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:52:17.0800 7424 WcsPlugInService - ok
20:52:17.0816 7424 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:52:17.0832 7424 Wd - ok
20:52:17.0863 7424 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:52:17.0878 7424 Wdf01000 - ok
20:52:17.0894 7424 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:17.0925 7424 WdiServiceHost - ok
20:52:17.0925 7424 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:17.0941 7424 WdiSystemHost - ok
20:52:17.0972 7424 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:52:17.0988 7424 WebClient - ok
20:52:18.0019 7424 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:52:18.0066 7424 Wecsvc - ok
20:52:18.0081 7424 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:52:18.0112 7424 wercplsupport - ok
20:52:18.0128 7424 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:52:18.0159 7424 WerSvc - ok
20:52:18.0175 7424 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:18.0206 7424 WfpLwf - ok
20:52:18.0222 7424 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:52:18.0222 7424 WIMMount - ok
20:52:18.0222 7424 WinHttpAutoProxySvc - ok
20:52:18.0300 7424 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:52:18.0315 7424 Winmgmt - ok
20:52:18.0424 7424 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:52:18.0471 7424 WinRM - ok
20:52:18.0580 7424 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:52:18.0612 7424 Wlansvc - ok
20:52:18.0643 7424 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:52:18.0658 7424 WmiAcpi - ok
20:52:18.0690 7424 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:52:18.0690 7424 wmiApSrv - ok
20:52:18.0752 7424 WMPNetworkSvc - ok
20:52:18.0752 7424 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:52:18.0768 7424 WPCSvc - ok
20:52:18.0799 7424 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:52:18.0814 7424 WPDBusEnum - ok
20:52:18.0830 7424 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:18.0861 7424 ws2ifsl - ok
20:52:18.0861 7424 WSearch - ok
20:52:18.0986 7424 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:52:19.0017 7424 wuauserv - ok
20:52:19.0095 7424 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:52:19.0126 7424 WudfPf - ok
20:52:19.0173 7424 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:19.0204 7424 WUDFRd - ok
20:52:19.0220 7424 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:52:19.0251 7424 wudfsvc - ok
20:52:19.0267 7424 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:52:19.0298 7424 WwanSvc - ok
20:52:19.0329 7424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:52:19.0501 7424 \Device\Harddisk0\DR0 - ok
20:52:19.0501 7424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
20:52:19.0548 7424 \Device\Harddisk1\DR1 - ok
20:52:19.0548 7424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:52:19.0704 7424 \Device\Harddisk2\DR2 - ok
20:52:19.0704 7424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
20:52:19.0750 7424 \Device\Harddisk3\DR3 - ok
20:52:19.0750 7424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
20:52:20.0172 7424 \Device\Harddisk4\DR4 - ok
20:52:20.0187 7424 Boot (0x1200) (da4888628bde40c131e5fed18998916b) \Device\Harddisk0\DR0\Partition0
20:52:20.0187 7424 \Device\Harddisk0\DR0\Partition0 - ok
20:52:20.0187 7424 Boot (0x1200) (e0f1da36ed0a779c1990067f821ae1b0) \Device\Harddisk1\DR1\Partition0
20:52:20.0187 7424 \Device\Harddisk1\DR1\Partition0 - ok
20:52:20.0187 7424 Boot (0x1200) (8556a1cc0fd477c3917ab711c8243694) \Device\Harddisk2\DR2\Partition0
20:52:20.0187 7424 \Device\Harddisk2\DR2\Partition0 - ok
20:52:20.0187 7424 Boot (0x1200) (6fde92cd70b07de23491f4c4c415d65d) \Device\Harddisk3\DR3\Partition0
20:52:20.0187 7424 \Device\Harddisk3\DR3\Partition0 - ok
20:52:20.0187 7424 Boot (0x1200) (1e94f0684fcb62f32a66d24d5bd7eff2) \Device\Harddisk4\DR4\Partition0
20:52:20.0187 7424 \Device\Harddisk4\DR4\Partition0 - ok
20:52:20.0187 7424 ============================================================
20:52:20.0187 7424 Scan finished
20:52:20.0187 7424 ============================================================
20:52:20.0203 7416 Detected object count: 0
20:52:20.0203 7416 Actual detected object count: 0

OTL TXT

Zitat:

OTL logfile created on: 10.07.2012 20:35:39 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\mRc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,77% Memory free
15,96 Gb Paging File | 13,83 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 427,12 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive D: | 115,04 Gb Total Space | 71,46 Gb Free Space | 62,12% Space Free | Partition Type: NTFS
Drive E: | 76,68 Gb Total Space | 54,26 Gb Free Space | 70,75% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 722,21 Gb Free Space | 77,53% Space Free | Partition Type: NTFS
Drive I: | 931,48 Gb Total Space | 486,36 Gb Free Space | 52,21% Space Free | Partition Type: NTFS

Computer Name: MRC-PC | User Name: mRc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.10 20:35:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mRc\Downloads\OTL.exe
PRC - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.05.24 05:23:01 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.03.19 12:01:01 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.15 22:15:15 | 000,499,712 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe
PRC - [2012.03.08 23:29:53 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2012.01.27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.07.29 22:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.17 12:40:14 | 000,448,600 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
MOD - [2012.03.15 22:15:15 | 000,499,712 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe


========== Win32 Services (SafeList) ==========

SRV - [2012.06.18 22:55:14 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.06.01 05:05:18 | 002,011,056 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.14 21:17:57 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.03.19 12:01:01 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.09 22:25:44 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.07.09 22:23:04 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.07.09 22:23:04 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.07.09 22:23:04 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.07.09 22:23:03 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.07.09 21:46:06 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.06.09 12:42:48 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.08 23:33:16 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.03.08 23:29:53 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.11 15:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D E0 8C 2C 73 FD CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.14 21:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.04.03 10:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mRc\AppData\Roaming\mozilla\Extensions
[2012.07.10 20:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mRc\AppData\Roaming\mozilla\Firefox\Profiles\7g4r4ugh.default\extensions
[2012.04.04 21:39:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\mRc\AppData\Roaming\mozilla\Firefox\Profiles\7g4r4ugh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.18 22:40:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\mRc\AppData\Roaming\mozilla\Firefox\Profiles\7g4r4ugh.default\extensions\ich@maltegoetz.de
[2012.04.04 22:03:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\mRc\AppData\Roaming\mozilla\Firefox\Profiles\7g4r4ugh.default\extensions\toolbar@ask.com
[2011.07.29 22:02:18 | 000,002,333 | ---- | M] () -- C:\Users\mRc\AppData\Roaming\Mozilla\Firefox\Profiles\7g4r4ugh.default\searchplugins\askcom.xml
[2012.07.09 22:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.09 22:23:04 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.05.14 21:17:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - Startup: C:\Users\mRc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mRc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mRc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AC6F326-BA8E-410E-8355-C4EA5C96FD46}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.10 20:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WoLoSoft
[2012.07.10 20:00:42 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.07.10 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.10 20:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.07.10 19:52:09 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\SpeedyPC Software
[2012.07.10 19:52:09 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\DriverCure
[2012.07.10 19:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.07.09 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\QuickScan
[2012.07.09 22:25:44 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.07.09 21:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012.07.09 21:46:07 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.07.09 21:46:07 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.07.09 21:46:07 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.07.09 21:46:06 | 000,031,608 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.07.09 21:46:05 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.07.09 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\Malwarebytes
[2012.07.09 21:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 20:57:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.07.09 17:59:28 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.07.08 18:57:01 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Local\SCE
[2012.07.08 18:57:01 | 000,000,000 | ---D | C] -- C:\Crash
[2012.07.08 18:56:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.07.06 18:07:09 | 000,000,000 | -H-D | C] -- C:\Users\mRc\.jbidwatcher
[2012.07.06 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.05 22:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JBidwatcher
[2012.07.05 22:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberFOX Software
[2012.07.01 09:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion GoPal Assistant
[2012.07.01 09:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medion GoPal Assistant
[2012.06.24 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\WinRAR
[2012.06.24 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.24 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.24 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.06.22 07:28:10 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.06.22 07:26:36 | 000,000,000 | ---D | C] -- C:\Users\mRc\Documents\My Curse
[2012.06.18 20:33:42 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\UAs
[2012.06.18 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\xmldm
[2012.06.18 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\mRc\AppData\Roaming\kock
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.10 20:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.10 20:29:20 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 20:29:20 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 20:26:23 | 000,000,000 | ---- | M] () -- C:\Users\mRc\defogger_reenable
[2012.07.10 20:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 20:22:06 | 2133,864,447 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 20:04:02 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012.07.10 17:41:39 | 000,711,111 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.07.10 17:41:39 | 000,041,526 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.07.09 23:22:11 | 000,815,430 | ---- | M] () -- C:\Users\mRc\AppData\Local\census.cache
[2012.07.09 23:21:36 | 000,106,321 | ---- | M] () -- C:\Users\mRc\AppData\Local\ars.cache
[2012.07.09 23:12:08 | 000,000,036 | ---- | M] () -- C:\Users\mRc\AppData\Local\housecall.guid.cache
[2012.07.09 22:25:44 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.07.09 22:23:04 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.07.09 22:23:04 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.07.09 22:23:04 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.07.09 22:23:03 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.07.09 21:46:06 | 000,031,608 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.07.09 21:45:49 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.07.09 17:59:28 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.07.07 19:07:28 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.07 19:07:28 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.07 19:07:28 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.07 19:07:28 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.07 19:07:28 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.06 18:07:52 | 000,000,032 | -H-- | M] () -- C:\Users\mRc\.deskmetrics
[2012.07.05 22:19:01 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\JBidwatcher 2.5.lnk
[2012.06.24 12:29:35 | 000,011,997 | -H-- | M] () -- C:\Users\mRc\dm.jpg
[2012.06.24 12:28:33 | 000,049,246 | -H-- | M] () -- C:\Users\mRc\dm.bmp
[2012.06.24 12:23:00 | 000,040,557 | -H-- | M] () -- C:\Users\mRc\dm_2.png
[2012.06.15 07:01:23 | 000,415,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.10 20:26:23 | 000,000,000 | ---- | C] () -- C:\Users\mRc\defogger_reenable
[2012.07.10 20:19:12 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEdi.lnk
[2012.07.10 20:03:47 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012.07.09 23:22:11 | 000,815,430 | ---- | C] () -- C:\Users\mRc\AppData\Local\census.cache
[2012.07.09 23:21:36 | 000,106,321 | ---- | C] () -- C:\Users\mRc\AppData\Local\ars.cache
[2012.07.09 23:12:08 | 000,000,036 | ---- | C] () -- C:\Users\mRc\AppData\Local\housecall.guid.cache
[2012.07.09 21:45:49 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.07.09 18:10:14 | 000,000,804 | ---- | C] () -- C:\Users\mRc\AppData\Local\{203aba22-11a1-cdda-f2c5-cc57e40c4d98}\L\00000004.@
[2012.07.08 23:19:36 | 000,001,632 | ---- | C] () -- C:\Users\mRc\AppData\Local\{203aba22-11a1-cdda-f2c5-cc57e40c4d98}\U\000000cb.@
[2012.07.08 18:56:29 | 000,001,056 | ---- | C] () -- C:\Users\mRc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2012.07.06 18:07:52 | 000,000,032 | -H-- | C] () -- C:\Users\mRc\.deskmetrics
[2012.07.05 22:19:01 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\JBidwatcher 2.5.lnk
[2012.06.24 12:28:51 | 000,011,997 | -H-- | C] () -- C:\Users\mRc\dm.jpg
[2012.06.24 12:26:33 | 000,049,246 | -H-- | C] () -- C:\Users\mRc\dm.bmp
[2012.06.24 12:22:57 | 000,040,557 | -H-- | C] () -- C:\Users\mRc\dm_2.png
[2012.06.14 21:10:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 16:30:33 | 001,354,070 | -H-- | C] () -- C:\Users\mRc\Aufnahme1.bmp
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.19 12:01:02 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.19 12:01:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.19 11:32:35 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.03.11 11:22:47 | 000,711,111 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.03.09 21:24:08 | 000,002,048 | -HS- | C] () -- C:\Users\mRc\AppData\Local\{203aba22-11a1-cdda-f2c5-cc57e40c4d98}\@
[2012.03.09 00:01:06 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012.03.19 10:03:08 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\Canneverbe Limited
[2012.07.10 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\DriverCure
[2012.04.04 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\DVDVideoSoft
[2012.04.04 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.04 21:36:31 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\Engelmann Media
[2012.06.18 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\kock
[2012.07.09 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\QuickScan
[2012.03.19 10:46:25 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\S.A.D
[2012.07.10 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\SpeedyPC Software
[2012.04.23 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\TS3Client
[2012.06.18 20:33:42 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\UAs
[2012.06.18 20:33:42 | 000,000,000 | ---D | M] -- C:\Users\mRc\AppData\Roaming\xmldm
[2012.06.12 18:36:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Markus,
habe Combofix ausgeführt. Log siehe unten.
Danke und Grüße
Marco

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-07-11.03 - mRc 11.07.2012  19:06:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.6321 [GMT 2:00]
ausgeführt von:: c:\users\mRc\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-11 17:11 . 2012-07-11 17:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-11 17:11 . 2012-07-11 17:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-10 18:19 . 2012-07-10 18:19	--------	d-----w-	c:\program files (x86)\WoLoSoft
2012-07-10 18:00 . 2012-07-10 18:07	--------	d-----w-	C:\sh4ldr
2012-07-10 18:00 . 2012-07-10 18:00	--------	d-----w-	c:\program files\Enigma Software Group
2012-07-10 18:00 . 2012-07-10 18:07	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-10 18:00 . 2012-07-10 18:00	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-10 17:52 . 2012-07-10 17:52	--------	d-----w-	c:\users\mRc\AppData\Roaming\SpeedyPC Software
2012-07-10 17:52 . 2012-07-10 17:52	--------	d-----w-	c:\users\mRc\AppData\Roaming\DriverCure
2012-07-10 17:51 . 2012-07-10 18:07	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-07-09 21:06 . 2012-07-09 21:06	--------	d-----w-	c:\users\mRc\AppData\Roaming\QuickScan
2012-07-09 20:25 . 2012-07-09 20:25	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-07-09 19:46 . 2012-02-02 10:38	51192	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2012-07-09 19:46 . 2012-07-09 20:23	64376	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2012-07-09 19:46 . 2012-07-09 20:23	54136	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-07-09 19:46 . 2012-07-09 20:23	122744	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-07-09 19:46 . 2012-07-09 19:46	31608	----a-w-	c:\windows\system32\drivers\GdNetMon64.sys
2012-07-09 19:46 . 2012-07-09 20:23	65912	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-07-09 19:18 . 2012-07-09 19:18	--------	d-----w-	c:\users\mRc\AppData\Roaming\Malwarebytes
2012-07-09 19:17 . 2012-07-09 19:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-09 18:57 . 2012-07-10 18:09	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-07-09 15:59 . 2012-07-09 15:59	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-07-08 16:57 . 2012-07-08 16:57	--------	d-----w-	c:\users\mRc\AppData\Local\SCE
2012-07-08 16:57 . 2012-07-08 16:57	--------	d-----w-	C:\Crash
2012-07-06 16:58 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{47B63128-2A69-4DF7-A7F6-E0E6362CAF1F}\mpengine.dll
2012-07-06 16:07 . 2012-07-06 19:57	--------	d--h--w-	c:\users\mRc\.jbidwatcher
2012-07-06 16:06 . 2012-07-06 16:06	839096	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-06 16:06 . 2012-07-06 16:06	955840	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-06 16:06 . 2012-07-06 16:06	--------	d-----w-	c:\program files\Java
2012-07-05 20:18 . 2012-07-05 20:18	--------	d-----w-	c:\program files (x86)\CyberFOX Software
2012-07-01 07:43 . 2012-07-01 07:43	--------	d-----w-	c:\program files (x86)\Medion GoPal Assistant
2012-06-22 05:29 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 05:29 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 05:29 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 05:29 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 05:29 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 05:29 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 05:29 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 05:29 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 05:29 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 18:33 . 2012-06-18 18:33	--------	d-----w-	c:\users\mRc\AppData\Roaming\UAs
2012-06-18 18:21 . 2012-06-18 18:33	--------	d-----w-	c:\users\mRc\AppData\Roaming\xmldm
2012-06-18 18:21 . 2012-06-18 18:21	--------	d-----w-	c:\users\mRc\AppData\Roaming\kock
2012-06-15 19:41 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-15 19:41 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-06-14 19:04 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 20:55 . 2012-04-02 07:05	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-18 20:55 . 2012-03-08 22:10	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 10:42 . 2012-03-09 19:17	59768	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-05-29 07:24 . 2012-06-09 09:19	10792	----a-w-	c:\windows\SysWow64\GdScrSv.de.dll
2012-05-25 03:37 . 2011-08-17 13:00	1836568	----a-w-	c:\windows\SysWow64\GdScrSv.scr
2012-05-15 10:48 . 2012-05-22 17:41	818496	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 17:41	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-22 17:41	5982528	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 17:41	364352	----a-w-	c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 17:41	301376	----a-w-	c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 17:41	2881856	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 17:41	2681664	----a-w-	c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 17:41	25743168	----a-w-	c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 17:41	2524992	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 17:41	25248064	----a-w-	c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 17:41	246592	----a-w-	c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 17:41	2445120	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 17:41	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 17:41	202048	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 17:41	19607872	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 17:41	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-22 17:41	17551680	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 17:41	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-22 17:41	14298944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-03-08 21:37	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-03-08 21:37	8139072	----a-w-	c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-03-08 21:37	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-08 21:37	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-08 21:37	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-03-08 21:37	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-08 21:37	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-08 21:37	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-03-08 21:38	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-03-08 21:38	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-08 21:38	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-03-08 21:38	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-08 21:38	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-03-08 21:38	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-03-08 21:38	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-05-05 07:29 . 2012-04-15 07:29	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 15:17 . 2012-04-29 15:17	334008	----a-r-	c:\users\mRc\AppData\Roaming\Microsoft\Installer\{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2012-04-29 15:17 . 2012-04-29 15:17	334008	----a-r-	c:\users\mRc\AppData\Roaming\Microsoft\Installer\{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}\ARPPRODUCTICON.exe
2012-04-18 17:08 . 2012-05-22 17:41	31040	----a-w-	c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-22 17:41	188736	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-03-08 21:37	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-29 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-29 20:05	1515688	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-29 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-03-08 4942336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-29 887976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-05-24 985624]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
c:\users\mRc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-6-7 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]
R3 cpuz134;cpuz134;c:\users\mRc\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-03-08 31808]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2012-07-09 31608]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-07-09 54136]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-03-08 15936]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-07-09 122744]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-07-09 65912]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-07-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-09 64376]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-05-25 1540120]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-06-01 2011056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-06-09 59768]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-04-04 5853872]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2012-04-04 70832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\mRc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mRc\AppData\Roaming\Mozilla\Firefox\Profiles\7g4r4ugh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-11  19:19:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-11 17:19
.
Vor Suchlauf: 11 Verzeichnis(se), 458.508.222.464 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 459.138.035.712 Bytes frei
.
- - End Of File - - 5EACA4F16C9FA8C5E30636A041DB5F91[/QUOTE]
         

--- --- ---

öffne computer, c: qoobox rechtsklick quarantain, mit winrar zb packen, und hocladen, wenn fertig, bitte melden
Trojaner-Board Upload Channel

Datei hochgeladen
Grüße
Marco

danke
du hast das rootkit zero access auf dem pc
wenn du onlinebanking machst, bank anrufen, banking sperren lassen
passwörter müssen später geendert werden
da dieses rootkit gefärhlich ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

• deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
• dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
  Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

• nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
• recovery cd oder recovery partition.
• falls dies ein fertig pc ist, nenne hersteller + typ.
• Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

hmpf... vielen Dank. Onlinebanking habe ich Gott sei Dank hier nicht drauf gemacht und viele Seiten mit Pwaswörter habe ich auch nicht. Werde dann System neu aufsetzen.
Vielen Dank nochmals für Deine Hilfe.
Grüße
Marco

sichere das neue system vernünftig ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser