| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Add by Browse to save MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2013, 10:38
| #1 |
 |  Add by Browse to save Malware Hallo, ich habe ein Problem. Ich hatte vor einiger Zeit schon mal das Problem, dass bei mir vereinzelte Wörter auf verschiedenen Websiten immer unterstrichen und als Hyperlink versehen waren. Immer wenn man mit der Maus drüber gefahren ist, stand da Coupons by CouponDropdown -> by browse to save. Daraufhin hatte ich ein bisschen im Internet "gegooglet" und meinen Rechner komplett platt gemacht (haben einige Seiten geraten). Danach ging es 3 Wochen gut und jetzt habe ich diesen Mist wieder auf meinem Rechner, aber nur auf meinen Stand PC und net aufm meinem Netbook. Ich benutze GData Internet Security 2013 mit der höchsten Firewalleinstellung aber trotzdem. Ich verstehe das ganze nicht, wo kommt sowas her? Auch eine Virenprüfung hat nichts ergeben. Könnt Ihr mir helfen? MfG  |
|
17.01.2013, 14:51
| #2 |
| /// Malware-holic   | Add by Browse to save Malware Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
17.01.2013, 15:43
| #3 |
| | Add by Browse to save Malware Hallo,
__________________habe OTL runter geladen und durchgeführt. Das hat er raus gebracht: Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.01.2013 15:23:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,44% Memory free 8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 119,76 Gb Free Space | 61,35% Space Free | Partition Type: NTFS Drive D: | 400,86 Gb Total Space | 344,64 Gb Free Space | 85,98% Space Free | Partition Type: NTFS Drive J: | 983,70 Mb Total Space | 1,38 Mb Free Space | 0,14% Space Free | Partition Type: FAT Computer Name: GAMESTATION | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.17 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe PRC - [2013.01.11 13:33:50 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.25 22:21:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.12.14 16:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.14 16:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 13:33:51 | 002,242,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013.01.11 13:33:50 | 000,158,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2013.01.11 13:33:50 | 000,022,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll MOD - [2013.01.08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe MOD - [2012.02.07 04:20:13 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe MOD - [2011.08.10 06:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll MOD - [2011.04.12 08:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll MOD - [2011.03.21 12:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll MOD - [2011.01.09 13:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll MOD - [2010.12.02 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll MOD - [2010.11.01 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll MOD - [2010.09.20 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll MOD - [2010.09.20 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ========== Services (SafeList) ========== SRV - [2013.01.11 13:33:51 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.25 22:21:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.14 16:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2010.05.28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.14 11:46:15 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.14 11:45:53 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.09 09:46:03 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.08 16:50:16 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.08 16:48:08 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.08 16:48:08 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC) DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 38 A7 95 CA DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.23 16:03:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.10 16:49:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.11 13:33:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.23 16:03:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.11 13:33:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.12.20 17:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: Google Drive = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveByclick = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0\ CHR - Extension: AdBlock = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\ CHR - Extension: Google Mail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe () O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614DE756-C15D-4485-AEC5-55391C5F95ED}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 09:24:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TuneUp Software [2013.01.15 09:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.15 09:24:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.15 09:24:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.11 13:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.11 09:16:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tools [2013.01.10 16:51:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PDF Architect [2013.01.10 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick [2013.01.10 16:49:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\APP_NAME_NON_STRING [2013.01.10 16:49:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\PDF Architect Files [2013.01.10 16:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.01.10 16:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.01.10 16:49:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pdfforge [2013.01.10 16:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.01.10 16:49:29 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.10 16:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.01.10 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Programs [2013.01.09 09:46:08 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2013.01.09 09:46:03 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.08 17:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon [2013.01.07 12:36:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Nikon [2013.01.07 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Nikon [2013.01.07 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.07 10:39:53 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.07 10:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6 [2013.01.07 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2013.01.07 10:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2013.01.07 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ArcSoft [2013.01.07 10:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.07 10:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 [2013.01.07 10:32:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.01.07 10:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon [2013.01.07 10:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Home [2013.01.07 10:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 [2013.01.07 10:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon [2013.01.07 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon [2013.01.07 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon [2013.01.07 10:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hybrid Synthesizers [2013.01.07 10:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitars [2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15 [2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintsService [2013.01.07 10:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp [2013.01.07 10:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon [2013.01.03 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Eigene Scans [2013.01.02 18:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.02 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.02 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.01.02 11:34:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple Computer [2013.01.02 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Apple Computer [2013.01.02 11:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.02 11:34:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.01.02 11:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.02 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.01.02 11:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.01.02 11:32:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apple [2013.01.02 11:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.01.02 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.01.02 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.01.02 11:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.01.02 11:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.31 10:45:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Diagnostics [2012.12.27 11:41:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\My Games [2012.12.27 11:31:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TS3Client [2012.12.27 10:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.12.26 09:00:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\My Games [2012.12.25 22:22:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Ubisoft Game Launcher [2012.12.25 22:21:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.12.25 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.12.25 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2012.12.24 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.12.23 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.12.23 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HP [2012.12.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\HP [2012.12.23 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HpUpdate [2012.12.23 16:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.12.23 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.12.23 16:02:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.12.23 16:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.12.23 16:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2012.12.23 16:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2012.12.23 16:00:19 | 000,235,008 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpzc35oe.dll [2012.12.23 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.23 15:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Adobe [2012.12.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Adobe [2012.12.23 15:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.23 15:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.23 15:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.12.23 15:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2012.12.23 13:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.12.23 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.12.23 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.12.23 11:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.12.23 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.12.23 11:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.12.23 11:43:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.12.23 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ElevatedDiagnostics [2012.12.22 17:00:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.22 16:25:11 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.12.22 16:24:55 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.12.21 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PunkBuster [2012.12.21 18:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.12.21 18:05:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Battlefield 3 [2012.12.21 18:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.12.21 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ESN [2012.12.21 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.12.21 15:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.12.21 15:01:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.12.21 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.12.21 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Origin [2012.12.21 10:19:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Origin [2012.12.21 10:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.12.21 10:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.12.21 10:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.12.20 18:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2012.12.20 18:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2012.12.20 18:21:46 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll [2012.12.20 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013 [2012.12.20 18:07:03 | 000,062,368 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.12.20 18:06:55 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.12.20 18:06:55 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012.12.20 18:06:54 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.12.20 18:06:53 | 000,065,008 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2012.12.20 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2012.12.20 18:05:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Downloaded Installations [2012.12.20 17:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics [2012.12.20 17:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Plantronics [2012.12.20 17:45:25 | 001,327,104 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\PLTGC.sys [2012.12.20 17:45:24 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltrPLTGC.dll [2012.12.20 17:40:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.12.20 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software [2012.12.20 17:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOUSE Editor [2012.12.20 17:04:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla [2012.12.20 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Thunderbird [2012.12.20 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Thunderbird [2012.12.20 17:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.20 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.12.20 16:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.20 16:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.20 16:58:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google [2012.12.20 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Deployment [2012.12.20 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apps [2012.12.20 16:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.20 16:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.12.20 16:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.12.20 16:51:04 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.20 16:51:04 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.20 16:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.12.20 16:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.12.20 16:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.12.20 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.12.20 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.12.20 16:49:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.12.20 16:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.12.20 16:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.12.20 16:48:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help [2012.12.20 16:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.12.20 16:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.12.20 16:47:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.12.20 16:47:45 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\Searches [2012.12.20 16:43:47 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.20 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Identities [2012.12.20 16:43:36 | 000,000,000 | R--D | C] -- C:\Users\Michael\Contacts [2012.12.20 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\VirtualStore [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Vorlagen [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Verlauf [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Temporary Internet Files [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Startmenü [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\SendTo [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Recent [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Netzwerkumgebung [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Lokale Einstellungen [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Videos [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Musik [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Eigene Dateien [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Bilder [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Druckumgebung [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Cookies [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Anwendungsdaten [2012.12.20 16:43:29 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Anwendungsdaten [2012.12.20 16:43:28 | 000,000,000 | --SD | C] -- C:\Users\Michael\AppData\Roaming\Microsoft [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Videos [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Saved Games [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Pictures [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Music [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Links [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Favorites [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Downloads [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\Desktop [2012.12.20 16:43:28 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.20 16:43:28 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData [2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Temp [2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft [2012.12.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Media Center Programs [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Programme [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.12.20 16:42:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.20 16:26:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.12.20 16:24:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.12.20 16:22:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.12.20 16:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.12.20 16:19:56 | 000,000,000 | -HSD | C] -- C:\Boot [2012.12.20 10:40:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Bachelorarbeit [2012.12.20 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Games [2012.12.20 10:38:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Studium [2012.12.20 10:35:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Musik [2012.12.20 10:05:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Michael Desktop ========== Files - Modified Within 30 Days ========== [2013.01.17 15:14:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.17 15:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.17 13:18:04 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.17 13:18:04 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.17 13:11:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\HP_192.168.2.102_CN89Q960JB052X [2013.01.17 13:10:49 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.17 13:10:36 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2013.01.17 13:05:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.17 13:05:52 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.17 13:05:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.17 13:05:52 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.17 13:05:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.17 10:09:35 | 000,949,845 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.01.17 10:09:35 | 000,051,137 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.01.16 22:08:08 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.16 22:08:08 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.16 22:07:45 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.14 11:46:15 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.01.14 11:45:53 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.01.13 10:38:10 | 000,002,255 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk [2013.01.11 09:11:28 | 000,311,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 09:46:08 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2013.01.09 09:46:03 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2013.01.08 16:50:16 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.01.08 16:48:08 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.01.08 16:48:08 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.01.07 12:36:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.01.07 10:32:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Application [2013.01.07 10:32:22 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Swirl [2013.01.07 10:32:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Application Support [2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Applause and Laugher [2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Sync [2013.01.07 10:31:47 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Analog Pad [2013.01.07 10:31:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT [2013.01.07 10:31:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT [2013.01.07 10:31:24 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Basics [2013.01.07 10:31:24 | 000,000,268 | RH-- | M] () -- C:\Users\Michael\AppData\Roaming\Automator [2013.01.02 11:38:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.27 10:55:52 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.12.25 22:21:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.25 22:21:36 | 000,001,201 | ---- | M] () -- C:\Users\Michael\Desktop\Uplay.lnk [2012.12.23 16:06:12 | 000,272,452 | ---- | M] () -- C:\Windows\hpwins20.dat [2012.12.23 16:02:06 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.12.22 16:33:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.22 16:33:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.21 15:01:51 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.20 17:45:27 | 000,000,402 | ---- | M] () -- C:\Windows\PLTGC.ini.cfl [2012.12.20 17:45:27 | 000,000,132 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2012.12.20 17:45:26 | 000,000,534 | ---- | M] () -- C:\Windows\PLTGC.ini.imi [2012.12.20 17:45:22 | 000,000,432 | ---- | M] () -- C:\Windows\System\PLTGC.ini [2012.12.20 17:03:46 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.12.20 16:27:47 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.12.20 16:27:47 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.12.20 16:25:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.20 16:19:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK ========== Files Created - No Company Name ========== [2013.01.17 13:11:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\HP_192.168.2.102_CN89Q960JB052X [2013.01.07 10:32:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application [2013.01.07 10:32:22 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Swirl [2013.01.07 10:32:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support [2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applause and Laugher [2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Sync [2013.01.07 10:31:47 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Analog Pad [2013.01.07 10:31:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2013.01.07 10:31:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2013.01.07 10:31:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basics [2013.01.07 10:31:24 | 000,000,268 | RH-- | C] () -- C:\Users\Michael\AppData\Roaming\Automator [2013.01.07 10:31:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2013.01.02 11:38:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.02 11:32:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.12.27 10:55:52 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.12.25 22:21:36 | 000,001,201 | ---- | C] () -- C:\Users\Michael\Desktop\Uplay.lnk [2012.12.23 16:03:13 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.12.23 16:02:41 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2012.12.23 16:02:06 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.12.23 15:58:50 | 000,272,452 | ---- | C] () -- C:\Windows\hpwins20.dat [2012.12.23 15:58:50 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat [2012.12.23 15:49:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.22 16:33:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.22 16:33:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.22 16:25:47 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.12.22 16:24:43 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.12.22 16:24:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.12.22 16:24:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.12.22 16:24:24 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.12.21 19:05:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.21 18:51:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.21 18:06:15 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.21 15:01:51 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.21 15:01:17 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.21 15:01:17 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.21 15:01:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.21 10:07:43 | 000,949,845 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.12.21 10:07:43 | 000,051,137 | ---- | C] () -- C:\Windows\SysWow64\nmp.map [2012.12.20 17:45:27 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2012.12.20 17:45:26 | 000,813,288 | ---- | C] () -- C:\Windows\SysNative\PLTGC.exe [2012.12.20 17:45:26 | 000,000,132 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2012.12.20 17:45:22 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2012.12.20 17:45:22 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2012.12.20 17:45:22 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2012.12.20 17:03:46 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.12.20 17:03:46 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.12.20 16:58:55 | 000,002,255 | ---- | C] () -- C:\Users\Michael\Desktop\Google Chrome.lnk [2012.12.20 16:58:14 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.20 16:58:13 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.20 16:43:51 | 000,001,405 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.12.20 16:43:48 | 000,001,439 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.20 16:27:39 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.12.20 16:27:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.12.20 16:25:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.20 16:24:07 | 3220,525,056 | -HS- | C] () -- C:\hiberfil.sys [2012.12.20 16:19:58 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.12.20 16:19:57 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.10 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\APP_NAME_NON_STRING [2012.12.25 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo [2013.01.07 12:36:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nikon [2012.12.21 11:57:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Origin [2013.01.10 16:51:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PDF Architect [2013.01.10 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pdfforge [2012.12.20 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird [2013.01.03 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client [2013.01.15 09:24:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > |
|
17.01.2013, 17:07
| #4 |
| /// Malware-holic | Add by Browse to save Malware hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
CHR - Extension: SaveByclick = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0\
[2013.01.10 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 18:22
| #5 |
| | Add by Browse to save Malware so upload hat geklappt. Anbei der Inhalt der Textdatei: All processes killed ========== OTL ========== C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhjnkpmiddonogfafdajomknfhljaik\1_0 folder moved successfully. C:\ProgramData\SaveByclick folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Michael User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Michael ->Temp folder emptied: 1919194962 bytes ->Temporary Internet Files folder emptied: 120145303 bytes ->Google Chrome cache emptied: 383807249 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 226921936 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64161 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33988 bytes RecycleBin emptied: 187016019 bytes Total Files Cleaned = 2.706,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01172013_173731 Files\Folders moved on Reboot... C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
17.01.2013, 18:28
| #6 |
| /// Malware-holic | Add by Browse to save Malware
__________________ --> Add by Browse to save Malware |
|
17.01.2013, 18:55
| #7 |
| /// Malware-holic | Add by Browse to save Malware passt download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 18:56
| #8 |
| | Add by Browse to save Malware super, hier der log vom tdsskiller: 18:52:20.0998 2608 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:52:21.0310 2608 ============================================================ 18:52:21.0310 2608 Current date / time: 2013/01/17 18:52:21.0310 18:52:21.0310 2608 SystemInfo: 18:52:21.0310 2608 18:52:21.0310 2608 OS Version: 6.1.7601 ServicePack: 1.0 18:52:21.0310 2608 Product type: Workstation 18:52:21.0310 2608 ComputerName: GAMESTATION 18:52:21.0310 2608 UserName: Michael 18:52:21.0310 2608 Windows directory: C:\Windows 18:52:21.0310 2608 System windows directory: C:\Windows 18:52:21.0310 2608 Running under WOW64 18:52:21.0310 2608 Processor architecture: Intel x64 18:52:21.0310 2608 Number of processors: 3 18:52:21.0310 2608 Page size: 0x1000 18:52:21.0310 2608 Boot type: Normal boot 18:52:21.0310 2608 ============================================================ 18:52:22.0383 2608 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:52:22.0411 2608 Drive \Device\Harddisk5\DR5 - Size: 0x3D7FFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:52:22.0412 2608 ============================================================ 18:52:22.0413 2608 \Device\Harddisk0\DR0: 18:52:22.0413 2608 MBR partitions: 18:52:22.0413 2608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866E000 18:52:22.0413 2608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x321B7000 18:52:22.0413 2608 \Device\Harddisk5\DR5: 18:52:22.0413 2608 MBR partitions: 18:52:22.0413 2608 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBFC0 18:52:22.0413 2608 ============================================================ 18:52:22.0466 2608 C: <-> \Device\Harddisk0\DR0\Partition1 18:52:22.0505 2608 D: <-> \Device\Harddisk0\DR0\Partition2 18:52:22.0506 2608 ============================================================ 18:52:22.0506 2608 Initialize success 18:52:22.0506 2608 ============================================================ 18:52:54.0680 6844 ============================================================ 18:52:54.0681 6844 Scan started 18:52:54.0681 6844 Mode: Manual; SigCheck; TDLFS; 18:52:54.0681 6844 ============================================================ 18:52:55.0474 6844 ================ Scan system memory ======================== 18:52:55.0474 6844 System memory - ok 18:52:55.0475 6844 ================ Scan services ============================= 18:52:55.0582 6844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:52:55.0691 6844 1394ohci - ok 18:52:55.0719 6844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:52:55.0736 6844 ACPI - ok 18:52:55.0748 6844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:52:55.0794 6844 AcpiPmi - ok 18:52:55.0852 6844 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:52:55.0884 6844 AdobeARMservice - ok 18:52:55.0935 6844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:52:55.0969 6844 adp94xx - ok 18:52:55.0982 6844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:52:56.0000 6844 adpahci - ok 18:52:56.0006 6844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:52:56.0020 6844 adpu320 - ok 18:52:56.0041 6844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:52:56.0177 6844 AeLookupSvc - ok 18:52:56.0220 6844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:52:56.0287 6844 AFD - ok 18:52:56.0323 6844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:52:56.0343 6844 agp440 - ok 18:52:56.0356 6844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:52:56.0383 6844 ALG - ok 18:52:56.0407 6844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:52:56.0418 6844 aliide - ok 18:52:56.0430 6844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:52:56.0443 6844 amdide - ok 18:52:56.0482 6844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:52:56.0539 6844 AmdK8 - ok 18:52:56.0556 6844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:52:56.0585 6844 AmdPPM - ok 18:52:56.0603 6844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:52:56.0624 6844 amdsata - ok 18:52:56.0631 6844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:52:56.0646 6844 amdsbs - ok 18:52:56.0661 6844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:52:56.0672 6844 amdxata - ok 18:52:56.0700 6844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:52:56.0791 6844 AppID - ok 18:52:56.0815 6844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:52:56.0865 6844 AppIDSvc - ok 18:52:56.0899 6844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:52:56.0976 6844 Appinfo - ok 18:52:57.0107 6844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:52:57.0139 6844 Apple Mobile Device - ok 18:52:57.0157 6844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:52:57.0173 6844 arc - ok 18:52:57.0179 6844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:52:57.0196 6844 arcsas - ok 18:52:57.0214 6844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:52:57.0281 6844 AsyncMac - ok 18:52:57.0302 6844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:52:57.0312 6844 atapi - ok 18:52:57.0354 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:52:57.0438 6844 AudioEndpointBuilder - ok 18:52:57.0448 6844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:52:57.0483 6844 AudioSrv - ok 18:52:57.0562 6844 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe 18:52:57.0625 6844 AVKProxy - ok 18:52:57.0660 6844 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe 18:52:57.0676 6844 AVKService - ok 18:52:57.0710 6844 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe 18:52:57.0767 6844 AVKWCtl - ok 18:52:57.0797 6844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:52:57.0892 6844 AxInstSV - ok 18:52:57.0935 6844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:52:57.0996 6844 b06bdrv - ok 18:52:58.0036 6844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:52:58.0100 6844 b57nd60a - ok 18:52:58.0124 6844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:52:58.0180 6844 BDESVC - ok 18:52:58.0194 6844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:52:58.0253 6844 Beep - ok 18:52:58.0302 6844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:52:58.0370 6844 BFE - ok 18:52:58.0418 6844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:52:58.0495 6844 BITS - ok 18:52:58.0538 6844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:52:58.0600 6844 blbdrive - ok 18:52:58.0666 6844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:52:58.0708 6844 Bonjour Service - ok 18:52:58.0731 6844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:52:58.0778 6844 bowser - ok 18:52:58.0791 6844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:52:58.0857 6844 BrFiltLo - ok 18:52:58.0862 6844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:52:58.0893 6844 BrFiltUp - ok 18:52:58.0920 6844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:52:58.0951 6844 Browser - ok 18:52:58.0974 6844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:52:59.0024 6844 Brserid - ok 18:52:59.0030 6844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:52:59.0064 6844 BrSerWdm - ok 18:52:59.0068 6844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:52:59.0110 6844 BrUsbMdm - ok 18:52:59.0115 6844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:52:59.0147 6844 BrUsbSer - ok 18:52:59.0163 6844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:52:59.0187 6844 BTHMODEM - ok 18:52:59.0224 6844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:52:59.0280 6844 bthserv - ok 18:52:59.0308 6844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:52:59.0340 6844 cdfs - ok 18:52:59.0381 6844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:52:59.0420 6844 cdrom - ok 18:52:59.0468 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:52:59.0514 6844 CertPropSvc - ok 18:52:59.0518 6844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:52:59.0557 6844 circlass - ok 18:52:59.0582 6844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:52:59.0601 6844 CLFS - ok 18:52:59.0646 6844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:52:59.0683 6844 clr_optimization_v2.0.50727_32 - ok 18:52:59.0731 6844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:52:59.0769 6844 clr_optimization_v2.0.50727_64 - ok 18:52:59.0897 6844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:52:59.0952 6844 clr_optimization_v4.0.30319_32 - ok 18:52:59.0996 6844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:53:00.0026 6844 clr_optimization_v4.0.30319_64 - ok 18:53:00.0060 6844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:53:00.0107 6844 CmBatt - ok 18:53:00.0132 6844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:53:00.0151 6844 cmdide - ok 18:53:00.0183 6844 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 18:53:00.0226 6844 CNG - ok 18:53:00.0244 6844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:53:00.0255 6844 Compbatt - ok 18:53:00.0273 6844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:53:00.0299 6844 CompositeBus - ok 18:53:00.0314 6844 COMSysApp - ok 18:53:00.0327 6844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:53:00.0339 6844 crcdisk - ok 18:53:00.0378 6844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:53:00.0416 6844 CryptSvc - ok 18:53:00.0453 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:53:00.0499 6844 DcomLaunch - ok 18:53:00.0541 6844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:53:00.0595 6844 defragsvc - ok 18:53:00.0624 6844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:53:00.0664 6844 DfsC - ok 18:53:00.0687 6844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:53:00.0722 6844 Dhcp - ok 18:53:00.0738 6844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:53:00.0776 6844 discache - ok 18:53:00.0793 6844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:53:00.0806 6844 Disk - ok 18:53:00.0833 6844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:53:00.0891 6844 Dnscache - ok 18:53:00.0923 6844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:53:00.0984 6844 dot3svc - ok 18:53:01.0014 6844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:53:01.0098 6844 DPS - ok 18:53:01.0123 6844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:53:01.0137 6844 drmkaud - ok 18:53:01.0177 6844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:53:01.0207 6844 DXGKrnl - ok 18:53:01.0245 6844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:53:01.0313 6844 EapHost - ok 18:53:01.0368 6844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:53:01.0436 6844 ebdrv - ok 18:53:01.0457 6844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:53:01.0481 6844 EFS - ok 18:53:01.0522 6844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:53:01.0599 6844 ehRecvr - ok 18:53:01.0627 6844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:53:01.0664 6844 ehSched - ok 18:53:01.0694 6844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:53:01.0728 6844 elxstor - ok 18:53:01.0747 6844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:53:01.0787 6844 ErrDev - ok 18:53:01.0833 6844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:53:01.0892 6844 EventSystem - ok 18:53:01.0914 6844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:53:01.0952 6844 exfat - ok 18:53:01.0963 6844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:53:02.0007 6844 fastfat - ok 18:53:02.0042 6844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:53:02.0061 6844 Fax - ok 18:53:02.0065 6844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:53:02.0091 6844 fdc - ok 18:53:02.0106 6844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:53:02.0144 6844 fdPHost - ok 18:53:02.0159 6844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:53:02.0194 6844 FDResPub - ok 18:53:02.0206 6844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:53:02.0218 6844 FileInfo - ok 18:53:02.0222 6844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:53:02.0253 6844 Filetrace - ok 18:53:02.0268 6844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:53:02.0280 6844 flpydisk - ok 18:53:02.0302 6844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:53:02.0317 6844 FltMgr - ok 18:53:02.0357 6844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:53:02.0394 6844 FontCache - ok 18:53:02.0426 6844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:53:02.0437 6844 FontCache3.0.0.0 - ok 18:53:02.0441 6844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:53:02.0454 6844 FsDepends - ok 18:53:02.0479 6844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:53:02.0512 6844 Fs_Rec - ok 18:53:02.0557 6844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:53:02.0605 6844 fvevol - ok 18:53:02.0622 6844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:53:02.0637 6844 gagp30kx - ok 18:53:02.0678 6844 [ 330A3B41D6FFC434561CBDD73FF6715B ] GDBehave C:\Windows\system32\drivers\GDBehave.sys 18:53:02.0692 6844 GDBehave - ok 18:53:02.0775 6844 [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe 18:53:02.0842 6844 GDFwSvc - ok 18:53:02.0863 6844 [ BAF8516F1D119C56EA5E8A4CEBEFD669 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys 18:53:02.0874 6844 GDMnIcpt - ok 18:53:02.0902 6844 [ 4392B0D685141724526FB48CF162DDD1 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys 18:53:02.0933 6844 GDPkIcpt - ok 18:53:02.0977 6844 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe 18:53:03.0003 6844 GDScan - ok 18:53:03.0023 6844 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys 18:53:03.0042 6844 gdwfpcd - ok 18:53:03.0069 6844 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:53:03.0078 6844 GEARAspiWDM - ok 18:53:03.0120 6844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:53:03.0184 6844 gpsvc - ok 18:53:03.0232 6844 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys 18:53:03.0264 6844 GRD - ok 18:53:03.0303 6844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:53:03.0328 6844 gupdate - ok 18:53:03.0332 6844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:53:03.0348 6844 gupdatem - ok 18:53:03.0368 6844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:53:03.0419 6844 hcw85cir - ok 18:53:03.0463 6844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:53:03.0531 6844 HdAudAddService - ok 18:53:03.0547 6844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:53:03.0592 6844 HDAudBus - ok 18:53:03.0599 6844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:53:03.0629 6844 HidBatt - ok 18:53:03.0646 6844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:53:03.0666 6844 HidBth - ok 18:53:03.0670 6844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:53:03.0695 6844 HidIr - ok 18:53:03.0714 6844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:53:03.0761 6844 hidserv - ok 18:53:03.0801 6844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:53:03.0833 6844 HidUsb - ok 18:53:03.0855 6844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:53:03.0912 6844 hkmsvc - ok 18:53:03.0944 6844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:53:03.0969 6844 HomeGroupListener - ok 18:53:03.0999 6844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:53:04.0022 6844 HomeGroupProvider - ok 18:53:04.0036 6844 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys 18:53:04.0046 6844 HookCentre - ok 18:53:04.0215 6844 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 18:53:04.0251 6844 hpqcxs08 - ok 18:53:04.0268 6844 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 18:53:04.0280 6844 hpqddsvc - ok 18:53:04.0302 6844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:53:04.0318 6844 HpSAMD - ok 18:53:04.0345 6844 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 18:53:04.0372 6844 HPSLPSVC - ok 18:53:04.0425 6844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:53:04.0520 6844 HTTP - ok 18:53:04.0549 6844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:53:04.0581 6844 hwpolicy - ok 18:53:04.0615 6844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:53:04.0631 6844 i8042prt - ok 18:53:04.0661 6844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:53:04.0686 6844 iaStorV - ok 18:53:04.0737 6844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:53:04.0781 6844 idsvc - ok 18:53:04.0807 6844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:53:04.0819 6844 iirsp - ok 18:53:04.0846 6844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:53:04.0896 6844 IKEEXT - ok 18:53:04.0914 6844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:53:04.0926 6844 intelide - ok 18:53:04.0955 6844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:53:04.0994 6844 intelppm - ok 18:53:05.0019 6844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:53:05.0066 6844 IPBusEnum - ok 18:53:05.0093 6844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:53:05.0130 6844 IpFilterDriver - ok 18:53:05.0162 6844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:53:05.0200 6844 iphlpsvc - ok 18:53:05.0226 6844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:53:05.0239 6844 IPMIDRV - ok 18:53:05.0243 6844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:53:05.0285 6844 IPNAT - ok 18:53:05.0323 6844 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:53:05.0341 6844 iPod Service - ok 18:53:05.0363 6844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:53:05.0424 6844 IRENUM - ok 18:53:05.0447 6844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:53:05.0462 6844 isapnp - ok 18:53:05.0482 6844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:53:05.0503 6844 iScsiPrt - ok 18:53:05.0519 6844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:53:05.0531 6844 kbdclass - ok 18:53:05.0554 6844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:53:05.0566 6844 kbdhid - ok 18:53:05.0579 6844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:53:05.0590 6844 KeyIso - ok 18:53:05.0614 6844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:53:05.0627 6844 KSecDD - ok 18:53:05.0651 6844 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:53:05.0665 6844 KSecPkg - ok 18:53:05.0679 6844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:53:05.0716 6844 ksthunk - ok 18:53:05.0738 6844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:53:05.0780 6844 KtmRm - ok 18:53:05.0823 6844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:53:05.0896 6844 LanmanServer - ok 18:53:05.0918 6844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:53:05.0962 6844 LanmanWorkstation - ok 18:53:05.0983 6844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:53:06.0026 6844 lltdio - ok 18:53:06.0040 6844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:53:06.0093 6844 lltdsvc - ok 18:53:06.0112 6844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:53:06.0142 6844 lmhosts - ok 18:53:06.0158 6844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:53:06.0172 6844 LSI_FC - ok 18:53:06.0184 6844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:53:06.0197 6844 LSI_SAS - ok 18:53:06.0201 6844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:53:06.0213 6844 LSI_SAS2 - ok 18:53:06.0217 6844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:53:06.0231 6844 LSI_SCSI - ok 18:53:06.0240 6844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:53:06.0284 6844 luafv - ok 18:53:06.0321 6844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:53:06.0377 6844 Mcx2Svc - ok 18:53:06.0389 6844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:53:06.0408 6844 megasas - ok 18:53:06.0423 6844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:53:06.0442 6844 MegaSR - ok 18:53:06.0462 6844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:53:06.0511 6844 MMCSS - ok 18:53:06.0528 6844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:53:06.0558 6844 Modem - ok 18:53:06.0571 6844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:53:06.0594 6844 monitor - ok 18:53:06.0614 6844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:53:06.0626 6844 mouclass - ok 18:53:06.0630 6844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:53:06.0654 6844 mouhid - ok 18:53:06.0696 6844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:53:06.0709 6844 mountmgr - ok 18:53:06.0745 6844 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:53:06.0758 6844 MozillaMaintenance - ok 18:53:06.0776 6844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:53:06.0790 6844 mpio - ok 18:53:06.0795 6844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:53:06.0826 6844 mpsdrv - ok 18:53:06.0864 6844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:53:06.0941 6844 MpsSvc - ok 18:53:06.0967 6844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:53:07.0001 6844 MRxDAV - ok 18:53:07.0020 6844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:53:07.0058 6844 mrxsmb - ok 18:53:07.0064 6844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:53:07.0093 6844 mrxsmb10 - ok 18:53:07.0120 6844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:53:07.0133 6844 mrxsmb20 - ok 18:53:07.0162 6844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:53:07.0174 6844 msahci - ok 18:53:07.0194 6844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:53:07.0208 6844 msdsm - ok 18:53:07.0219 6844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:53:07.0243 6844 MSDTC - ok 18:53:07.0256 6844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:53:07.0286 6844 Msfs - ok 18:53:07.0293 6844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:53:07.0336 6844 mshidkmdf - ok 18:53:07.0349 6844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:53:07.0360 6844 msisadrv - ok 18:53:07.0392 6844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:53:07.0434 6844 MSiSCSI - ok 18:53:07.0437 6844 msiserver - ok 18:53:07.0462 6844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:53:07.0503 6844 MSKSSRV - ok 18:53:07.0507 6844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:53:07.0553 6844 MSPCLOCK - ok 18:53:07.0556 6844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:53:07.0596 6844 MSPQM - ok 18:53:07.0626 6844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:53:07.0645 6844 MsRPC - ok 18:53:07.0650 6844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:53:07.0661 6844 mssmbios - ok 18:53:07.0677 6844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:53:07.0718 6844 MSTEE - ok 18:53:07.0721 6844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:53:07.0737 6844 MTConfig - ok 18:53:07.0770 6844 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 18:53:07.0808 6844 MTsensor - ok 18:53:07.0830 6844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:53:07.0869 6844 Mup - ok 18:53:07.0907 6844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:53:07.0986 6844 napagent - ok 18:53:08.0010 6844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:53:08.0046 6844 NativeWifiP - ok 18:53:08.0087 6844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:53:08.0115 6844 NDIS - ok 18:53:08.0133 6844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:53:08.0164 6844 NdisCap - ok 18:53:08.0175 6844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:53:08.0215 6844 NdisTapi - ok 18:53:08.0235 6844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:53:08.0282 6844 Ndisuio - ok 18:53:08.0309 6844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:53:08.0350 6844 NdisWan - ok 18:53:08.0381 6844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:53:08.0449 6844 NDProxy - ok 18:53:08.0483 6844 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 18:53:08.0489 6844 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 18:53:08.0489 6844 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 18:53:08.0504 6844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:53:08.0535 6844 NetBIOS - ok 18:53:08.0562 6844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:53:08.0594 6844 NetBT - ok 18:53:08.0606 6844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:53:08.0617 6844 Netlogon - ok 18:53:08.0648 6844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:53:08.0696 6844 Netman - ok 18:53:08.0713 6844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:53:08.0760 6844 netprofm - ok 18:53:08.0806 6844 [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys 18:53:08.0854 6844 netr7364 - ok 18:53:08.0878 6844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:53:08.0893 6844 NetTcpPortSharing - ok 18:53:08.0911 6844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:53:08.0927 6844 nfrd960 - ok 18:53:08.0964 6844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:53:09.0007 6844 NlaSvc - ok 18:53:09.0012 6844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:53:09.0045 6844 Npfs - ok 18:53:09.0068 6844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:53:09.0140 6844 nsi - ok 18:53:09.0144 6844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:53:09.0191 6844 nsiproxy - ok 18:53:09.0259 6844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:53:09.0312 6844 Ntfs - ok 18:53:09.0325 6844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:53:09.0355 6844 Null - ok 18:53:09.0604 6844 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:53:09.0875 6844 nvlddmkm - ok 18:53:09.0898 6844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:53:09.0912 6844 nvraid - ok 18:53:09.0926 6844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:53:09.0941 6844 nvstor - ok 18:53:09.0979 6844 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:53:10.0028 6844 nvsvc - ok 18:53:10.0090 6844 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:53:10.0135 6844 nvUpdatusService - ok 18:53:10.0156 6844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:53:10.0170 6844 nv_agp - ok 18:53:10.0241 6844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:53:10.0285 6844 odserv - ok 18:53:10.0298 6844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:53:10.0313 6844 ohci1394 - ok 18:53:10.0345 6844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:53:10.0376 6844 ose - ok 18:53:10.0404 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:53:10.0441 6844 p2pimsvc - ok 18:53:10.0461 6844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:53:10.0478 6844 p2psvc - ok 18:53:10.0515 6844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:53:10.0549 6844 Parport - ok 18:53:10.0569 6844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:53:10.0585 6844 partmgr - ok 18:53:10.0600 6844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:53:10.0631 6844 PcaSvc - ok 18:53:10.0650 6844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:53:10.0669 6844 pci - ok 18:53:10.0680 6844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:53:10.0694 6844 pciide - ok 18:53:10.0710 6844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:53:10.0730 6844 pcmcia - ok 18:53:10.0734 6844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:53:10.0750 6844 pcw - ok 18:53:10.0844 6844 [ B1078DE6104E20BC4CA9591D17CDD5C3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe 18:53:10.0909 6844 PDF Architect Helper Service - ok 18:53:10.0937 6844 [ 256D740E98DB5B86CB248EACADC5DBEC ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe 18:53:10.0963 6844 PDF Architect Service - ok 18:53:10.0979 6844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:53:11.0033 6844 PEAUTH - ok 18:53:11.0096 6844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:53:11.0148 6844 PerfHost - ok 18:53:11.0199 6844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:53:11.0283 6844 pla - ok 18:53:11.0354 6844 [ AB168D5CF1CD69F9FA6F09C828FEA660 ] PlantronicsGC C:\Windows\system32\drivers\PLTGC.sys 18:53:11.0424 6844 PlantronicsGC - ok 18:53:11.0464 6844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:53:11.0490 6844 PlugPlay - ok 18:53:11.0528 6844 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 18:53:11.0544 6844 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 18:53:11.0544 6844 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 18:53:11.0564 6844 PnkBstrA - ok 18:53:11.0589 6844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:53:11.0644 6844 PNRPAutoReg - ok 18:53:11.0673 6844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:53:11.0697 6844 PNRPsvc - ok 18:53:11.0730 6844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:53:11.0805 6844 PolicyAgent - ok 18:53:11.0836 6844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:53:11.0877 6844 Power - ok 18:53:11.0905 6844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:53:11.0976 6844 PptpMiniport - ok 18:53:11.0993 6844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:53:12.0020 6844 Processor - ok 18:53:12.0049 6844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:53:12.0076 6844 ProfSvc - ok 18:53:12.0089 6844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:53:12.0103 6844 ProtectedStorage - ok 18:53:12.0146 6844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:53:12.0230 6844 Psched - ok 18:53:12.0263 6844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:53:12.0304 6844 ql2300 - ok 18:53:12.0312 6844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:53:12.0326 6844 ql40xx - ok 18:53:12.0378 6844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:53:12.0398 6844 QWAVE - ok 18:53:12.0402 6844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:53:12.0433 6844 QWAVEdrv - ok 18:53:12.0453 6844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:53:12.0494 6844 RasAcd - ok 18:53:12.0529 6844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:53:12.0586 6844 RasAgileVpn - ok 18:53:12.0597 6844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:53:12.0635 6844 RasAuto - ok 18:53:12.0657 6844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:53:12.0736 6844 Rasl2tp - ok 18:53:12.0762 6844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:53:12.0819 6844 RasMan - ok 18:53:12.0835 6844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:53:12.0881 6844 RasPppoe - ok 18:53:12.0892 6844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:53:12.0937 6844 RasSstp - ok 18:53:12.0964 6844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:53:13.0000 6844 rdbss - ok 18:53:13.0012 6844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:53:13.0037 6844 rdpbus - ok 18:53:13.0050 6844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:53:13.0081 6844 RDPCDD - ok 18:53:13.0099 6844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:53:13.0142 6844 RDPENCDD - ok 18:53:13.0156 6844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:53:13.0186 6844 RDPREFMP - ok 18:53:13.0258 6844 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:53:13.0327 6844 RdpVideoMiniport - ok 18:53:13.0353 6844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:53:13.0402 6844 RDPWD - ok 18:53:13.0440 6844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:53:13.0466 6844 rdyboost - ok 18:53:13.0491 6844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:53:13.0537 6844 RemoteAccess - ok 18:53:13.0563 6844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:53:13.0603 6844 RemoteRegistry - ok 18:53:13.0612 6844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:53:13.0660 6844 RpcEptMapper - ok 18:53:13.0686 6844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:53:13.0729 6844 RpcLocator - ok 18:53:13.0757 6844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:53:13.0798 6844 RpcSs - ok 18:53:13.0824 6844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:53:13.0857 6844 rspndr - ok 18:53:13.0935 6844 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:53:13.0961 6844 RTL8167 - ok 18:53:13.0980 6844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:53:13.0995 6844 SamSs - ok 18:53:14.0022 6844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:53:14.0036 6844 sbp2port - ok 18:53:14.0073 6844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:53:14.0183 6844 SCardSvr - ok 18:53:14.0212 6844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:53:14.0255 6844 scfilter - ok 18:53:14.0333 6844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:53:14.0402 6844 Schedule - ok 18:53:14.0429 6844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:53:14.0461 6844 SCPolicySvc - ok 18:53:14.0528 6844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:53:14.0585 6844 SDRSVC - ok 18:53:14.0620 6844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:53:14.0682 6844 secdrv - ok 18:53:14.0697 6844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:53:14.0733 6844 seclogon - ok 18:53:14.0757 6844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:53:14.0797 6844 SENS - ok 18:53:14.0811 6844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:53:14.0861 6844 SensrSvc - ok 18:53:14.0895 6844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:53:14.0932 6844 Serenum - ok 18:53:14.0945 6844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:53:14.0958 6844 Serial - ok 18:53:14.0969 6844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:53:14.0993 6844 sermouse - ok 18:53:15.0023 6844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:53:15.0064 6844 SessionEnv - ok 18:53:15.0085 6844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:53:15.0114 6844 sffdisk - ok 18:53:15.0118 6844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:53:15.0149 6844 sffp_mmc - ok 18:53:15.0152 6844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:53:15.0180 6844 sffp_sd - ok 18:53:15.0194 6844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:53:15.0206 6844 sfloppy - ok 18:53:15.0234 6844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:53:15.0270 6844 SharedAccess - ok 18:53:15.0297 6844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:53:15.0331 6844 ShellHWDetection - ok 18:53:15.0352 6844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:53:15.0364 6844 SiSRaid2 - ok 18:53:15.0368 6844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:53:15.0380 6844 SiSRaid4 - ok 18:53:15.0389 6844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:53:15.0436 6844 Smb - ok 18:53:15.0479 6844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:53:15.0493 6844 SNMPTRAP - ok 18:53:15.0507 6844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:53:15.0519 6844 spldr - ok 18:53:15.0549 6844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:53:15.0567 6844 Spooler - ok 18:53:15.0661 6844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:53:15.0734 6844 sppsvc - ok 18:53:15.0756 6844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:53:15.0822 6844 sppuinotify - ok 18:53:15.0845 6844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:53:15.0883 6844 srv - ok 18:53:15.0898 6844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:53:15.0916 6844 srv2 - ok 18:53:15.0940 6844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:53:15.0969 6844 srvnet - ok 18:53:15.0995 6844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:53:16.0034 6844 SSDPSRV - ok 18:53:16.0044 6844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:53:16.0076 6844 SstpSvc - ok 18:53:16.0138 6844 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 18:53:16.0175 6844 Stereo Service - ok 18:53:16.0189 6844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:53:16.0201 6844 stexstor - ok 18:53:16.0236 6844 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 18:53:16.0281 6844 StillCam - ok 18:53:16.0321 6844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:53:16.0363 6844 stisvc - ok 18:53:16.0380 6844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:53:16.0395 6844 swenum - ok 18:53:16.0426 6844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:53:16.0491 6844 swprv - ok 18:53:16.0540 6844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:53:16.0588 6844 SysMain - ok 18:53:16.0608 6844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:53:16.0626 6844 TabletInputService - ok 18:53:16.0637 6844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:53:16.0777 6844 TapiSrv - ok 18:53:16.0803 6844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:53:16.0869 6844 TBS - ok 18:53:16.0933 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:53:16.0989 6844 Tcpip - ok 18:53:17.0021 6844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:53:17.0056 6844 TCPIP6 - ok 18:53:17.0074 6844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:53:17.0086 6844 tcpipreg - ok 18:53:17.0117 6844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:53:17.0173 6844 TDPIPE - ok 18:53:17.0200 6844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:53:17.0309 6844 TDTCP - ok 18:53:17.0400 6844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:53:17.0468 6844 tdx - ok 18:53:17.0495 6844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:53:17.0507 6844 TermDD - ok 18:53:17.0548 6844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:53:17.0632 6844 TermService - ok 18:53:17.0653 6844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:53:17.0676 6844 Themes - ok 18:53:17.0691 6844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:53:17.0721 6844 THREADORDER - ok 18:53:17.0737 6844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:53:17.0782 6844 TrkWks - ok 18:53:17.0840 6844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:53:17.0915 6844 TrustedInstaller - ok 18:53:17.0948 6844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:53:17.0987 6844 tssecsrv - ok 18:53:18.0033 6844 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:53:18.0093 6844 TsUsbFlt - ok 18:53:18.0142 6844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:53:18.0240 6844 tunnel - ok 18:53:18.0260 6844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:53:18.0275 6844 uagp35 - ok 18:53:18.0303 6844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:53:18.0374 6844 udfs - ok 18:53:18.0402 6844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:53:18.0416 6844 UI0Detect - ok 18:53:18.0431 6844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:53:18.0446 6844 uliagpkx - ok 18:53:18.0480 6844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:53:18.0504 6844 umbus - ok 18:53:18.0516 6844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:53:18.0528 6844 UmPass - ok 18:53:18.0541 6844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:53:18.0583 6844 upnphost - ok 18:53:18.0613 6844 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:53:18.0661 6844 USBAAPL64 - ok 18:53:18.0687 6844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:53:18.0734 6844 usbaudio - ok 18:53:18.0754 6844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:53:18.0793 6844 usbccgp - ok 18:53:18.0824 6844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:53:18.0862 6844 usbcir - ok 18:53:18.0873 6844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:53:18.0888 6844 usbehci - ok 18:53:18.0907 6844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:53:18.0939 6844 usbhub - ok 18:53:18.0944 6844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:53:18.0974 6844 usbohci - ok 18:53:18.0990 6844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:53:19.0012 6844 usbprint - ok 18:53:19.0033 6844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:53:19.0072 6844 USBSTOR - ok 18:53:19.0088 6844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:53:19.0111 6844 usbuhci - ok 18:53:19.0130 6844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:53:19.0167 6844 UxSms - ok 18:53:19.0181 6844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:53:19.0192 6844 VaultSvc - ok 18:53:19.0221 6844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:53:19.0233 6844 vdrvroot - ok 18:53:19.0280 6844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:53:19.0344 6844 vds - ok 18:53:19.0360 6844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:53:19.0374 6844 vga - ok 18:53:19.0385 6844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:53:19.0427 6844 VgaSave - ok 18:53:19.0450 6844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:53:19.0468 6844 vhdmp - ok 18:53:19.0478 6844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:53:19.0490 6844 viaide - ok 18:53:19.0508 6844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:53:19.0521 6844 volmgr - ok 18:53:19.0556 6844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:53:19.0592 6844 volmgrx - ok 18:53:19.0607 6844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:53:19.0628 6844 volsnap - ok 18:53:19.0652 6844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:53:19.0667 6844 vsmraid - ok 18:53:19.0723 6844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:53:19.0804 6844 VSS - ok 18:53:19.0808 6844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:53:19.0829 6844 vwifibus - ok 18:53:19.0845 6844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:53:19.0860 6844 vwififlt - ok 18:53:19.0884 6844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:53:19.0921 6844 W32Time - ok 18:53:19.0938 6844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:53:19.0962 6844 WacomPen - ok 18:53:19.0998 6844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:53:20.0078 6844 WANARP - ok 18:53:20.0082 6844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:53:20.0113 6844 Wanarpv6 - ok 18:53:20.0165 6844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:53:20.0244 6844 wbengine - ok 18:53:20.0263 6844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:53:20.0283 6844 WbioSrvc - ok 18:53:20.0312 6844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:53:20.0355 6844 wcncsvc - ok 18:53:20.0366 6844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:53:20.0390 6844 WcsPlugInService - ok 18:53:20.0402 6844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:53:20.0414 6844 Wd - ok 18:53:20.0444 6844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:53:20.0498 6844 Wdf01000 - ok 18:53:20.0520 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:53:20.0614 6844 WdiServiceHost - ok 18:53:20.0619 6844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:53:20.0639 6844 WdiSystemHost - ok 18:53:20.0673 6844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:53:20.0705 6844 WebClient - ok 18:53:20.0722 6844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:53:20.0772 6844 Wecsvc - ok 18:53:20.0787 6844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:53:20.0862 6844 wercplsupport - ok 18:53:20.0883 6844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:53:20.0915 6844 WerSvc - ok 18:53:20.0930 6844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:53:20.0961 6844 WfpLwf - ok 18:53:20.0976 6844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:53:20.0987 6844 WIMMount - ok 18:53:20.0998 6844 WinDefend - ok 18:53:21.0001 6844 WinHttpAutoProxySvc - ok 18:53:21.0034 6844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:53:21.0066 6844 Winmgmt - ok 18:53:21.0138 6844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:53:21.0206 6844 WinRM - ok 18:53:21.0243 6844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:53:21.0265 6844 WinUsb - ok 18:53:21.0298 6844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:53:21.0337 6844 Wlansvc - ok 18:53:21.0426 6844 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:53:21.0494 6844 wlidsvc - ok 18:53:21.0519 6844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:53:21.0530 6844 WmiAcpi - ok 18:53:21.0551 6844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:53:21.0567 6844 wmiApSrv - ok 18:53:21.0584 6844 WMPNetworkSvc - ok 18:53:21.0592 6844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:53:21.0615 6844 WPCSvc - ok 18:53:21.0645 6844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:53:21.0681 6844 WPDBusEnum - ok 18:53:21.0713 6844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:53:21.0763 6844 ws2ifsl - ok 18:53:21.0777 6844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:53:21.0803 6844 wscsvc - ok 18:53:21.0833 6844 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 18:53:21.0887 6844 WSDPrintDevice - ok 18:53:21.0891 6844 WSearch - ok 18:53:21.0952 6844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:53:22.0007 6844 wuauserv - ok 18:53:22.0029 6844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:53:22.0064 6844 WudfPf - ok 18:53:22.0105 6844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:53:22.0159 6844 WUDFRd - ok 18:53:22.0187 6844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:53:22.0221 6844 wudfsvc - ok 18:53:22.0246 6844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:53:22.0277 6844 WwanSvc - ok 18:53:22.0290 6844 ================ Scan global =============================== 18:53:22.0314 6844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:53:22.0343 6844 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 18:53:22.0362 6844 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 18:53:22.0398 6844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:53:22.0455 6844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:53:22.0465 6844 [Global] - ok 18:53:22.0466 6844 ================ Scan MBR ================================== 18:53:22.0503 6844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:53:22.0795 6844 \Device\Harddisk0\DR0 - ok 18:53:22.0800 6844 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5 18:53:26.0002 6844 \Device\Harddisk5\DR5 - ok 18:53:26.0003 6844 ================ Scan VBR ================================== 18:53:26.0008 6844 [ E6C256FB632E4C9978F5649552AC6BB1 ] \Device\Harddisk0\DR0\Partition1 18:53:26.0011 6844 \Device\Harddisk0\DR0\Partition1 - ok 18:53:26.0033 6844 [ 6897E5D43DEB8C4D37ACBE7933A945A3 ] \Device\Harddisk0\DR0\Partition2 18:53:26.0034 6844 \Device\Harddisk0\DR0\Partition2 - ok 18:53:26.0038 6844 [ C699F26418F3772DFD006F1DB121A60C ] \Device\Harddisk5\DR5\Partition1 18:53:26.0040 6844 \Device\Harddisk5\DR5\Partition1 - ok 18:53:26.0040 6844 ============================================================ 18:53:26.0040 6844 Scan finished 18:53:26.0040 6844 ============================================================ 18:53:26.0053 6444 Detected object count: 2 18:53:26.0053 6444 Actual detected object count: 2 18:55:26.0372 6444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:26.0372 6444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:26.0375 6444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:26.0376 6444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
17.01.2013, 22:02
| #9 | |
| /// Malware-holic | Add by Browse to save Malware Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2013, 08:48
| #10 |
| | Add by Browse to save Malware Guten Morgen, habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören). Was soll ich tun? CombiFix nochmal starten? Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe. MfG und danke im Voraus Combofix hat sich doch net aufgehangen, ist jetzt bei Stufe 23. Wie lange kann das dauern? [QUOTE=Giere84;993336]Guten Morgen, habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören). Was soll ich tun? CombiFix nochmal starten? Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe. MfG und danke im Voraus Guten Morgen, habe mir CombiFix runter geladen und gestartet. Nur seit einer geraumen Zeit (ca. 30 min) tut sich nichts mehr. Er ist stehen geblieben bei "Fertigstellung Stufe_4" und der Rechner arbeitet auch nicht (kein Geräusch der Festplatte zu hören). Was soll ich tun? CombiFix nochmal starten? Der öffnet mir bei meinen Browsern auch keine Internetseiten mehr, obwohl ich laut Verbindungsnachweis eine Internetverbindung habe. MfG und danke im Voraus Sorry ich wollte den Beitrag nur ändern, da kam das hier bei raus  ComboFix ist jetzt bei Stufe 27. Wie lange kann das dauern? |
|
18.01.2013, 15:05
| #11 |
| | Add by Browse to save Malware Hallo, also ich habe Combofix durchgeführt und hier ist die logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-17.04 - Michael 18.01.2013 11:18:42.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2392 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-18 bis 2013-01-18 ))))))))))))))))))))))))))))))
.
.
2013-01-18 13:58 . 2013-01-18 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 07:08 . 2013-01-18 07:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\offreg.dll
2013-01-17 16:37 . 2013-01-17 17:18 -------- d-----w- C:\_OTL
2013-01-15 08:24 . 2013-01-15 08:24 -------- d-----w- c:\programdata\TuneUp Software
2013-01-15 08:24 . 2013-01-15 08:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 08:24 . 2013-01-15 08:24 -------- d--h--w- c:\programdata\Common Files
2013-01-15 07:59 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\mpengine.dll
2013-01-11 12:33 . 2013-01-12 11:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 15:49 . 2013-01-10 15:49 -------- d-----w- c:\program files (x86)\PDF Architect
2013-01-10 15:49 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-10 15:49 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-10 15:49 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-10 15:49 . 2013-01-10 15:50 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-10 15:49 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-10 15:49 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-01-10 15:49 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-01-10 15:49 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-01-10 13:20 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 13:20 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 08:46 . 2013-01-09 08:46 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2013-01-09 08:46 . 2013-01-09 08:46 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2013-01-08 16:20 . 2013-01-08 16:20 -------- d-----w- c:\programdata\Nikon
2013-01-07 09:42 . 2013-01-07 09:42 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-07 09:39 . 2013-01-07 09:39 -------- d-----w- C:\NVIDIA
2013-01-07 09:34 . 2013-01-07 09:34 -------- d-----w- c:\program files (x86)\ArcSoft
2013-01-07 09:34 . 2013-01-07 09:34 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2013-01-07 09:33 . 2013-01-07 09:33 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\windows\Downloaded Installations
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\programdata\Home
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-07 09:31 . 2013-01-07 09:33 -------- d-----w- c:\program files (x86)\Nikon
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\program files\Nikon
2013-01-07 09:31 . 2013-01-07 09:31 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\Hybrid Synthesizers
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\Guitars
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\programdata\Ultima_T15
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\programdata\EnterNHelp
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\PrintsService
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-02 17:10 . 2013-01-02 17:10 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-02 10:34 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-02 10:34 . 2013-01-02 10:34 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\program files\iPod
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\program files\iTunes
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\program files (x86)\iTunes
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\programdata\Apple Computer
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-02 10:32 . 2013-01-02 10:40 -------- d-----w- c:\program files\Common Files\Apple
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files\Bonjour
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files (x86)\Bonjour
2013-01-02 10:31 . 2013-01-02 10:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-02 10:31 . 2013-01-02 10:32 -------- d-----w- c:\programdata\Apple
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-25 21:21 . 2012-12-25 21:21 -------- d-----w- c:\program files (x86)\Ubisoft
2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-12-23 15:06 . 2012-12-23 15:06 -------- d-----w- c:\programdata\WEBREG
2012-12-23 15:02 . 2012-12-23 15:02 -------- d-----w- c:\programdata\HP Product Assistant
2012-12-23 15:02 . 2012-12-23 15:02 -------- d-----w- c:\windows\SysWow64\spool
2012-12-23 15:01 . 2012-12-23 15:01 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-23 15:00 . 2012-12-23 15:00 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-12-23 15:00 . 2012-12-23 15:00 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-12-23 15:00 . 2008-12-01 09:02 226816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzpp5oe.dll
2012-12-23 15:00 . 2008-12-01 09:06 131072 ----a-w- c:\windows\system32\hpz3l5oe.dll
2012-12-23 15:00 . 2008-12-01 09:05 235008 ----a-w- c:\windows\SysWow64\hpzc35oe.dll
2012-12-23 15:00 . 2006-11-30 10:14 671816 ----a-w- c:\windows\system32\hpcdmc32.dll
2012-12-23 15:00 . 2012-12-23 15:02 -------- d-----w- c:\program files (x86)\HP
2012-12-23 14:58 . 2012-12-23 15:06 -------- d-----w- c:\programdata\HP
2012-12-23 14:58 . 2010-05-31 04:36 358744 ----a-w- c:\windows\system32\hpzids40.dll
2012-12-23 14:58 . 2010-02-01 06:54 944128 ----a-w- c:\windows\system32\hpwwiax4.dll
2012-12-23 14:58 . 2010-02-01 06:54 740864 ----a-w- c:\windows\system32\hpwtscl3.dll
2012-12-23 14:58 . 2010-02-01 06:54 540672 ----a-w- c:\windows\system32\hppldcoi.dll
2012-12-23 14:58 . 2010-02-01 06:54 488960 ----a-w- c:\windows\system32\hpovst11.dll
2012-12-23 14:49 . 2012-12-23 14:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-23 14:42 . 2012-12-23 14:42 -------- d-----w- c:\programdata\Hewlett-Packard
2012-12-23 14:42 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-12-23 12:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-23 12:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-23 12:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-23 12:43 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-23 12:43 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-23 12:43 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-23 12:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-23 12:43 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-23 12:43 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-23 12:10 . 2012-12-23 12:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-12-23 12:10 . 2012-12-23 12:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-12-23 11:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-23 11:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-23 11:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-23 10:52 . 2013-01-14 12:03 -------- d-----w- c:\program files (x86)\Microsoft
2012-12-23 10:44 . 2012-12-23 10:44 -------- d-----w- c:\windows\system32\SPReview
2012-12-23 10:43 . 2012-12-23 10:43 -------- d-----w- c:\windows\system32\EventProviders
2012-12-23 07:49 . 2012-12-23 07:49 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-12-23 07:49 . 2012-12-23 07:49 -------- d-----w- c:\windows\system32\wbem\en-US
2012-12-22 15:41 . 2013-01-10 18:03 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-22 15:26 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-12-22 15:26 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-12-22 15:26 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-12-22 15:26 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-12-22 15:26 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-12-22 15:26 . 2010-11-20 13:27 1743360 ----a-w- c:\windows\system32\sysmain.dll
2012-12-22 15:26 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-12-22 15:26 . 2010-11-20 12:19 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-12-22 15:26 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-12-22 15:24 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2012-12-22 15:23 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-12-22 15:23 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-12-22 15:23 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-12-21 18:05 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-21 18:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-21 18:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-21 18:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-21 17:57 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-21 17:52 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:52 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 10:34 . 2012-10-10 20:23 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2012-10-10 20:23 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-10 20:23 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:22 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-10 20:22 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-23 11:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-23 11:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-10 13:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-12-14 15:26 92384 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-12-14 732384]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-08 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-08 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-14 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2013-01-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-14 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-08 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 15:05 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-18 15:02:00
ComboFix-quarantined-files.txt 2013-01-18 14:01
ComboFix2.txt 2013-01-18 10:13
.
Vor Suchlauf: 13 Verzeichnis(se), 130.643.849.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 130.348.716.032 Bytes frei
.
- - End Of File - - F8B19E5EFFE569094B563D53B6738E97
|
|
18.01.2013, 15:13
| #12 |
| | Add by Browse to save Malware ich hatte erst ausversehen, Combofix von dem Downloadordner ausgeführt. Hatte diesen eigentlich unübersehbaren Hinweis, dass die Datei nur auf dem Desktop ausgeführt werden darf, irgendwie übersehen. Darauf hin habe ich Combofix nochmal auf dem Desktop durch laufen lassen (siehe Antwort darüber). Ich hoffe es stellt keine Probleme für meinen Rechner dar. Bis jetzt läuft auch alles normal. Die erste logfile ist hier: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-17.04 - Michael 18.01.2013 8:07.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2319 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Application
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-18 bis 2013-01-18 ))))))))))))))))))))))))))))))
.
.
2013-01-18 10:10 . 2013-01-18 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 07:08 . 2013-01-18 07:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\offreg.dll
2013-01-17 16:37 . 2013-01-17 17:18 -------- d-----w- C:\_OTL
2013-01-15 08:24 . 2013-01-15 08:24 -------- d-----w- c:\programdata\TuneUp Software
2013-01-15 08:24 . 2013-01-15 08:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 08:24 . 2013-01-15 08:24 -------- d--h--w- c:\programdata\Common Files
2013-01-15 07:59 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEB6E13F-6A90-45FD-86C2-0C312EB36B25}\mpengine.dll
2013-01-11 12:33 . 2013-01-12 11:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 15:49 . 2013-01-10 15:49 -------- d-----w- c:\program files (x86)\PDF Architect
2013-01-10 15:49 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-10 15:49 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-10 15:49 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-10 15:49 . 2013-01-10 15:50 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-10 15:49 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-10 15:49 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-01-10 15:49 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-01-10 15:49 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-01-10 13:20 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 13:20 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 08:46 . 2013-01-09 08:46 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2013-01-09 08:46 . 2013-01-09 08:46 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2013-01-08 16:20 . 2013-01-08 16:20 -------- d-----w- c:\programdata\Nikon
2013-01-07 09:42 . 2013-01-07 09:42 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-07 09:39 . 2013-01-07 09:39 -------- d-----w- C:\NVIDIA
2013-01-07 09:34 . 2013-01-07 09:34 -------- d-----w- c:\program files (x86)\ArcSoft
2013-01-07 09:34 . 2013-01-07 09:34 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2013-01-07 09:33 . 2013-01-07 09:33 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\windows\Downloaded Installations
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2013-01-07 09:32 . 2013-01-07 09:32 -------- d-----w- c:\programdata\Home
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-07 09:31 . 2013-01-07 09:33 -------- d-----w- c:\program files (x86)\Nikon
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\program files\Nikon
2013-01-07 09:31 . 2013-01-07 09:31 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\Hybrid Synthesizers
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\Guitars
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\programdata\Ultima_T15
2013-01-07 09:31 . 2013-01-07 09:32 -------- d-----w- c:\programdata\EnterNHelp
2013-01-07 09:31 . 2013-01-07 09:31 -------- d-----w- c:\programdata\PrintsService
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-02 17:10 . 2013-01-02 17:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-02 17:10 . 2013-01-02 17:10 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-02 10:34 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-02 10:34 . 2013-01-02 10:34 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\program files\iPod
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\program files\iTunes
2013-01-02 10:33 . 2013-01-02 10:34 -------- d-----w- c:\program files (x86)\iTunes
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\programdata\Apple Computer
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-02 10:32 . 2013-01-02 10:40 -------- d-----w- c:\program files\Common Files\Apple
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files\Bonjour
2013-01-02 10:32 . 2013-01-02 10:32 -------- d-----w- c:\program files (x86)\Bonjour
2013-01-02 10:31 . 2013-01-02 10:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-02 10:31 . 2013-01-02 10:32 -------- d-----w- c:\programdata\Apple
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-25 21:21 . 2012-12-25 21:21 -------- d-----w- c:\program files (x86)\Ubisoft
2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-12-23 15:06 . 2012-12-23 15:06 -------- d-----w- c:\programdata\WEBREG
2012-12-23 15:02 . 2012-12-23 15:02 -------- d-----w- c:\programdata\HP Product Assistant
2012-12-23 15:02 . 2012-12-23 15:02 -------- d-----w- c:\windows\SysWow64\spool
2012-12-23 15:01 . 2012-12-23 15:01 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-23 15:00 . 2012-12-23 15:00 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-12-23 15:00 . 2012-12-23 15:00 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-12-23 15:00 . 2008-12-01 09:02 226816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzpp5oe.dll
2012-12-23 15:00 . 2008-12-01 09:06 131072 ----a-w- c:\windows\system32\hpz3l5oe.dll
2012-12-23 15:00 . 2008-12-01 09:05 235008 ----a-w- c:\windows\SysWow64\hpzc35oe.dll
2012-12-23 15:00 . 2006-11-30 10:14 671816 ----a-w- c:\windows\system32\hpcdmc32.dll
2012-12-23 15:00 . 2012-12-23 15:02 -------- d-----w- c:\program files (x86)\HP
2012-12-23 14:58 . 2012-12-23 15:06 -------- d-----w- c:\programdata\HP
2012-12-23 14:58 . 2010-05-31 04:36 358744 ----a-w- c:\windows\system32\hpzids40.dll
2012-12-23 14:58 . 2010-02-01 06:54 944128 ----a-w- c:\windows\system32\hpwwiax4.dll
2012-12-23 14:58 . 2010-02-01 06:54 740864 ----a-w- c:\windows\system32\hpwtscl3.dll
2012-12-23 14:58 . 2010-02-01 06:54 540672 ----a-w- c:\windows\system32\hppldcoi.dll
2012-12-23 14:58 . 2010-02-01 06:54 488960 ----a-w- c:\windows\system32\hpovst11.dll
2012-12-23 14:49 . 2012-12-23 14:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-23 14:42 . 2012-12-23 14:42 -------- d-----w- c:\programdata\Hewlett-Packard
2012-12-23 14:42 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-12-23 12:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-23 12:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-23 12:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-23 12:43 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-23 12:43 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-23 12:43 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-23 12:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-23 12:43 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-23 12:43 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-23 12:10 . 2012-12-23 12:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-12-23 12:10 . 2012-12-23 12:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-12-23 11:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-23 11:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-23 11:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-23 10:52 . 2013-01-14 12:03 -------- d-----w- c:\program files (x86)\Microsoft
2012-12-23 10:44 . 2012-12-23 10:44 -------- d-----w- c:\windows\system32\SPReview
2012-12-23 10:43 . 2012-12-23 10:43 -------- d-----w- c:\windows\system32\EventProviders
2012-12-23 07:49 . 2012-12-23 07:49 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-12-23 07:49 . 2012-12-23 07:49 -------- d-----w- c:\windows\system32\wbem\en-US
2012-12-22 15:41 . 2013-01-10 18:03 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-22 15:26 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-12-22 15:26 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-12-22 15:26 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-12-22 15:26 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-12-22 15:26 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-12-22 15:26 . 2010-11-20 13:27 1743360 ----a-w- c:\windows\system32\sysmain.dll
2012-12-22 15:26 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-12-22 15:26 . 2010-11-20 12:19 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-12-22 15:26 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-12-22 15:24 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2012-12-22 15:23 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-12-22 15:23 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-12-22 15:23 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-12-21 18:05 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-21 18:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-21 18:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-21 18:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-21 17:57 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-21 17:52 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:52 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 17:52 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 10:34 . 2012-10-10 20:23 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2012-10-10 20:23 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-10 20:23 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:22 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-10 20:22 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-23 11:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-23 11:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-10 13:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-12-14 15:26 92384 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-12-14 732384]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-08 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-08 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-14 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2013-01-09 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-14 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-08 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 15:05 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-18 11:13:46
ComboFix-quarantined-files.txt 2013-01-18 10:13
.
Vor Suchlauf: 8 Verzeichnis(se), 131.093.782.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 130.582.302.720 Bytes frei
.
- - End Of File - - 6F7400CC3064085B39F729BA6D7C9358
|
|
18.01.2013, 17:41
| #13 |
| /// Malware-holic | Add by Browse to save Malware Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.01.2013, 17:20
| #14 |
| | Add by Browse to save Malware Hallo, es wurden keine Funde festgestellt. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michael :: GAMESTATION [Administrator] 19.01.2013 10:42:49 mbam-log-2013-01-19 (10-42-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 365827 Laufzeit: 48 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.01.2013, 18:56
| #15 |
| /// Malware-holic | Add by Browse to save Malware hi lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert ist, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Add by Browse to save Malware |
| add by browse to save, browse to save, coupons, crazy, einiger, gdata, gefahren, inter, interne, internet, internet security 2013, komplett, malware, maus, nichts, platt, prüfung, rechner, security, seite, seiten, stand, unterstrichen, verschiedene, verschiedenen, virenprüfung, website, websiten, woche, wochen, wörter |
Linear-Darstellung
