Google leitet auf falsche Seiten weiter.

CMstorm · 06.06.2012, 21:19

Hallo,

seit heute morgen habe ich diese Problem, immer wenn ich auf der Seite "Google" bin und etwas suchen möchte gibt Google mir falsche Seiten an.
Ich habe keine Ahnung was das sein könnte aber ich vermute es ist ein Virus.
Was mir auch aufgefallen ist das bei Google die "https" rot durchgestrichen sind.
So in etwa.

Den Ersten Schritt habe ich gemacht das mit dem "defogger".
Den Zweiten Schritt bin ich auch durch gegangen "die files sind angehängt".
Da ich 64bit Windows 7 habe muss ich den Schritt drei nicht machen wie ich richtig verstanden habe.

Ich hoffe mir kann geholfen werde.

Ich bedanke mich jetzt schon mal bei demjenigen der sich die mühe macht und das durch liest.

Lg Alex

"Ich hoffe ich habe alle Schritte richtig gemacht"

cosinus · 08.06.2012, 14:41

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CMstorm · 08.06.2012, 19:45

Erstmal vielen dank an dich Cosinus das du dich meiner angenommen hast. Sehr nett.
Ich bin es leid das mein Sohn sich andauernd an meinen Laptop verirrt, mit der aussage „Ja aber mein PC ist so langsam wegen dem Virus“.
Ich hoffe das hat bald ein ende.
Was ich bemerkt habe das dieses durchgestrichene HTTP Zeichen nur bei dem Browser „Google Chrom“ auftaucht.

Also das mit dem Scan habe ich jetzt gemacht es hatte 0 Funde.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
aS :: AS-PC [Administrator]

Schutz: Deaktiviert

08.06.2012 18:25:21
mbam-log-2012-06-08 (18-25-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416285
Laufzeit: 33 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=643e20e074fa294eb2cf7e881ace33ff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-08 06:39:41
# local_time=2012-06-08 08:39:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 82 23754 91582871 0 0
# compatibility_mode=8192 67108863 100 0 5013 5013 0 0
# scanned=242563
# found=4
# cleaned=0
# scan_time=3582
C:\Windows\assembly\temp\U\80000032.@	Variante von Win32/Sirefef.EU Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Windows\assembly\temp\U\80000064.@	Win64/Sirefef.AC Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Windows\system64\consrv.dll	Win64/Sirefef.G Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
${Memory}	Variante von Win32/Sirefef.DN Trojaner	00000000000000000000000000000000	I

cosinus · 08.06.2012, 19:55

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

CMstorm · 08.06.2012, 20:02

Wo kann ich das den sehen ?
Ich müsste mal meinen Sohn fragen ob er das gemacht.

Edit* Also mein Sohn meinte er hätte da nichts gemacht.

cosinus · 08.06.2012, 20:23

Ist das si schwierig Malwarebytes zu starten und dann im Reiter Logdateien nachzusehen??

CMstorm · 08.06.2012, 20:27

Tut mir sehr leid ich kenne mich mit PC und ihren Programmen nicht sehr gut aus wie du.
Habe es gefunden dort ist nur eine Logdatei.
Und das ist die, die ich hier rein geschrieben habe.

Edit* Logischerweise kann ja nur eine Logdatei dort sein weil ich dieses Programm erst frisch runtergeladen habe.

cosinus · 08.06.2012, 20:52

Mehr wollte ich doch garnicht wissen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

CMstorm · 08.06.2012, 21:09

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.06.2012 22:00:22 - Run 2
OTL by OldTimer - Version 3.2.46.1     Folder = C:\downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,22% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 819,78 Gb Free Space | 88,01% Space Free | Partition Type: NTFS
Drive E: | 15,11 Gb Total Space | 9,00 Gb Free Space | 59,56% Space Free | Partition Type: FAT32
 
Computer Name: AS-PC | User Name: aS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 14:46:41 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.06.05 04:14:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.21 10:16:10 | 002,600,760 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2012.03.21 10:07:38 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009.05.01 14:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2004.06.09 16:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.21 10:12:10 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2006.05.25 17:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\iptk.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2006.12.11 13:12:22 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2012.06.06 14:46:41 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.19 09:17:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.02 22:15:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006.12.11 13:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcrcoms.exe -- (lxcr_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.26 05:26:02 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2006.06.06 06:45:24 | 000,432,512 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2012.01.30 19:03:35 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 6C 91 06 69 DF CC 01  [binary data]
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109986&babsrc=SP_ss&mntrId=8ccbc5b500000000000000241d20c019
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{516EAA9D-A1ED-4476-8136-87F9FB69978A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=E63253EB-88AE-4A8C-A19C-290A32BFE47F&apn_sauid=4221C183-23CC-45AA-A557-73CAECAF38ED&
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=58.67.147.200:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.11 18:14:13 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe File not found
O4 - HKLM..\Run: [VM_STI] C:\Windows\VM_STI.exe (BIGDOG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C33589B-7243-4724-8799-98A9E6AC909A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^aS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: MP3 Skype Recorder - hkey= - key= - C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2AA151FA-F949-6914-ACDC-C492BF4FF34C} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6791EBA7-0378-14D9-6F62-888BBBAE81DF} - Themes Setup
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.08 18:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.07 18:26:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.06 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\aS\Application Data
[2012.06.06 14:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.06 14:35:07 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012.06.04 13:10:18 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\Malwarebytes
[2012.06.04 13:10:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.04 13:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.04 13:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.04 13:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.02 22:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.02 22:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.31 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\MP3SkypeRecorder
[2012.05.31 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Local\Alexander_Nikiforov
[2012.05.31 23:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Skype Recorder
[2012.05.31 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee LLC
[2012.05.31 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\Screaming Bee
[2012.05.31 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012.05.31 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2012.05.31 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2012.05.31 17:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2012.05.31 15:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012.05.31 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2012.05.31 15:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewBlue
[2012.05.31 14:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks Vegas
[2012.05.31 14:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder
[2012.05.31 13:57:38 | 000,000,000 | ---D | C] -- C:\Users\aS\loooooo
[2012.05.30 21:24:38 | 000,000,000 | ---D | C] -- C:\AECS5COMMONPATH
[2012.05.30 21:24:34 | 000,000,000 | ---D | C] -- C:\CS5AEPRESETSFOLDER
[2012.05.30 21:24:34 | 000,000,000 | ---D | C] -- C:\AECS5PLUGINPATH
[2012.05.24 12:31:41 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\LolClient2
[2012.05.21 23:50:46 | 000,000,000 | ---D | C] -- C:\Users\aS\Documents\MAGIX
[2012.05.21 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\aS\Documents\MAGIX_MusicEditor
[2012.05.21 23:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.05.21 23:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.05.21 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.05.21 23:36:48 | 000,000,000 | ---D | C] -- C:\Users\aS\Documents\MAGIX Downloads
[2012.05.21 23:30:38 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Local\Ilivid Player
[2012.05.21 23:15:04 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Local\Xara
[2012.05.21 23:15:04 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\MAGIX
[2012.05.21 23:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012.05.21 23:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.05.21 22:46:05 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\Audacity
[2012.05.21 22:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.05.21 21:51:21 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\PhotoScape
[2012.05.21 21:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.05.21 21:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.05.19 14:18:13 | 000,000,000 | ---D | C] -- C:\Users\aS\Desktop\Beta-Client
[2012.05.19 11:15:58 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Local\Mozilla
[2012.05.19 11:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.19 10:53:56 | 000,000,000 | ---D | C] -- C:\Users\aS\AppData\Roaming\TeamViewer
[2012.05.19 10:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 20:45:20 | 000,018,235 | ---- | M] () -- C:\Users\aS\Documents\Troja.odt
[2012.06.08 18:12:39 | 005,041,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.08 18:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.08 18:12:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 17:44:39 | 000,021,408 | ---- | M] () -- C:\Users\aS\Documents\Nico trailer.veg
[2012.06.08 17:44:13 | 041,237,861 | ---- | M] () -- C:\Users\aS\Documents\Nico trailer.wmv
[2012.06.08 17:22:51 | 000,020,232 | ---- | M] () -- C:\Users\aS\Documents\Nico trailer.veg.bak
[2012.06.08 16:47:50 | 893,136,848 | ---- | M] () -- C:\Users\aS\Desktop\MAIN_720p_1.avi
[2012.06.08 16:08:11 | 000,101,394 | ---- | M] () -- C:\Users\aS\Documents\bookmarks_08.06.12.html
[2012.06.08 14:05:19 | 000,090,808 | ---- | M] () -- C:\Users\aS\Documents\cc_20120608_140516.reg
[2012.06.08 13:24:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.08 13:24:15 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.08 13:24:15 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.08 13:24:15 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.08 13:24:15 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 22:09:02 | 000,011,808 | ---- | M] () -- C:\Users\aS\Desktop\Extras.rar
[2012.06.06 22:08:51 | 000,012,423 | ---- | M] () -- C:\Users\aS\Desktop\OTL.rar
[2012.06.06 20:51:01 | 000,000,000 | ---- | M] () -- C:\Users\aS\defogger_reenable
[2012.06.06 02:16:35 | 000,118,168 | ---- | M] () -- C:\Users\aS\Documents\Carrera2.veg
[2012.06.06 02:06:31 | 000,122,812 | ---- | M] () -- C:\Users\aS\Desktop\darf ich vorstellen.png
[2012.06.06 01:55:55 | 000,118,704 | ---- | M] () -- C:\Users\aS\Documents\Carrera2.veg.bak
[2012.06.06 01:15:58 | 000,025,904 | ---- | M] () -- C:\Users\aS\Documents\menu+intro.veg
[2012.06.04 13:10:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 13:27:05 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 13:27:05 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 22:11:04 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.31 23:55:17 | 000,707,616 | ---- | M] () -- C:\Users\aS\Desktop\2012-05-31 time 23_52_19 Incoming Peer-to-Peer Call tightleesingah.mp3
[2012.05.31 23:49:30 | 000,003,031 | ---- | M] () -- C:\Users\aS\Desktop\MP3 Skype Recorder.lnk
[2012.05.31 21:27:25 | 053,830,779 | ---- | M] () -- C:\Users\aS\Documents\Carrera2.wmv
[2012.05.31 21:11:29 | 000,124,576 | ---- | M] () -- C:\Users\aS\Desktop\df.sfk
[2012.05.31 21:09:45 | 015,937,580 | ---- | M] () -- C:\Users\aS\Desktop\df.wav
[2012.05.31 19:48:47 | 000,944,984 | ---- | M] () -- C:\Users\aS\Desktop\Lens Flare 6.wmv.sfap0
[2012.05.31 19:46:04 | 000,091,308 | ---- | M] () -- C:\Users\aS\Desktop\sshinyoki.png
[2012.05.31 19:43:33 | 000,093,942 | ---- | M] () -- C:\Users\aS\Desktop\shaeineeeeex222.png
[2012.05.31 19:42:06 | 000,110,078 | ---- | M] () -- C:\Users\aS\Desktop\shaeineeeeex2.png
[2012.05.31 19:35:04 | 000,001,242 | ---- | M] () -- C:\Users\aS\Desktop\Adobe After Effects CS5.5.lnk
[2012.05.31 19:35:04 | 000,001,226 | ---- | M] () -- C:\Users\aS\Desktop\Adobe After Effects CS6.lnk
[2012.05.31 19:31:42 | 000,212,651 | ---- | M] () -- C:\Users\aS\Desktop\3D schrift.aep
[2012.05.31 19:31:33 | 000,166,050 | ---- | M] () -- C:\Users\aS\Desktop\kackeodcki.png
[2012.05.31 19:31:32 | 000,069,193 | ---- | M] () -- C:\Users\aS\Desktop\shaeineeeee.png
[2012.05.31 19:25:39 | 000,176,003 | ---- | M] () -- C:\Users\aS\Desktop\shaine.png
[2012.05.31 18:04:17 | 000,001,711 | ---- | M] () -- C:\Users\aS\Desktop\MorphVOXPro - Verknüpfung.lnk
[2012.05.31 15:06:46 | 000,007,264 | ---- | M] () -- C:\Users\aS\Desktop\MAIN_1.avi.sfk
[2012.05.31 14:29:17 | 013,977,483 | ---- | M] () -- C:\Users\aS\Documents\CarreraAdobe.wmv
[2012.05.31 14:23:47 | 000,018,024 | ---- | M] () -- C:\Users\aS\Documents\Carrera.wmv.sfk
[2012.05.31 14:23:19 | 002,298,584 | ---- | M] () -- C:\Users\aS\Documents\Carrera.wmv.sfap0
[2012.05.31 14:08:00 | 010,713,857 | ---- | M] () -- C:\Users\aS\Documents\Carrera.wmv
[2012.05.31 02:45:45 | 000,049,464 | ---- | M] () -- C:\Users\aS\Documents\Carrera.veg
[2012.05.31 02:01:04 | 000,035,888 | ---- | M] () -- C:\Users\aS\Documents\Carrera.veg.bak
[2012.05.30 15:02:50 | 000,025,904 | ---- | M] () -- C:\Users\aS\Documents\menu+intro.veg.bak
[2012.05.25 12:59:08 | 000,015,936 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1A.wmv.sfk
[2012.05.25 12:58:39 | 002,031,128 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1A.wmv.sfap0
[2012.05.23 18:32:29 | 088,710,215 | ---- | M] () -- C:\Users\aS\Documents\Ohne Titel.wmv
[2012.05.23 06:42:52 | 000,120,624 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv.sfk
[2012.05.23 06:41:13 | 015,431,576 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv.sfap0
[2012.05.22 21:47:57 | 000,024,669 | ---- | M] () -- C:\Users\aS\Documents\Eis.odt
[2012.05.22 18:55:53 | 000,075,008 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1Richtige.veg
[2012.05.22 18:51:28 | 067,446,035 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv
[2012.05.21 22:45:58 | 000,001,007 | ---- | M] () -- C:\Users\aS\Desktop\Audacity.lnk
[2012.05.21 21:51:03 | 000,001,031 | ---- | M] () -- C:\Users\aS\Desktop\PhotoScape.lnk
[2012.05.20 19:59:51 | 000,096,632 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1RichtigeBonus.veg
[2012.05.20 19:49:38 | 000,097,392 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1RichtigeBonus.veg.bak
[2012.05.20 19:24:57 | 000,015,936 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1.wmv.sfk
[2012.05.20 19:22:36 | 002,031,128 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1.wmv.sfap0
[2012.05.20 19:18:57 | 000,074,992 | ---- | M] () -- C:\Users\aS\Documents\Menu2-1Richtige.veg.bak
[2012.05.20 19:18:23 | 000,103,636 | ---- | M] () -- C:\Users\aS\Desktop\0520_191227.jpg
[2012.05.20 18:54:33 | 000,019,184 | ---- | M] () -- C:\Users\aS\Documents\MonsterTest.veg
[2012.05.20 18:46:06 | 007,725,505 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1A.wmv
[2012.05.20 18:38:39 | 008,005,505 | ---- | M] () -- C:\Users\aS\Documents\Monstertest1.wmv
[2012.05.20 14:08:01 | 604,370,284 | ---- | M] () -- C:\Users\aS\Desktop\MAIN_1.avi
[2012.05.20 01:00:39 | 000,034,744 | ---- | M] () -- C:\Users\aS\Documents\Seele.veg
[2012.05.20 00:59:54 | 014,397,559 | ---- | M] () -- C:\Users\aS\Documents\Seele.wmv
[2012.05.19 10:53:49 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.05.14 21:11:41 | 000,020,596 | ---- | M] () -- C:\Users\aS\Documents\Unbenannt 1.odt
 
========== Files Created - No Company Name ==========
 
[2012.06.08 17:39:17 | 041,237,861 | ---- | C] () -- C:\Users\aS\Documents\Nico trailer.wmv
[2012.06.08 17:22:51 | 000,021,408 | ---- | C] () -- C:\Users\aS\Documents\Nico trailer.veg
[2012.06.08 17:22:51 | 000,020,232 | ---- | C] () -- C:\Users\aS\Documents\Nico trailer.veg.bak
[2012.06.08 16:41:43 | 893,136,848 | ---- | C] () -- C:\Users\aS\Desktop\MAIN_720p_1.avi
[2012.06.08 16:08:10 | 000,101,394 | ---- | C] () -- C:\Users\aS\Documents\bookmarks_08.06.12.html
[2012.06.08 14:05:17 | 000,090,808 | ---- | C] () -- C:\Users\aS\Documents\cc_20120608_140516.reg
[2012.06.06 22:09:01 | 000,011,808 | ---- | C] () -- C:\Users\aS\Desktop\Extras.rar
[2012.06.06 22:08:51 | 000,012,423 | ---- | C] () -- C:\Users\aS\Desktop\OTL.rar
[2012.06.06 20:52:02 | 000,018,235 | ---- | C] () -- C:\Users\aS\Documents\Troja.odt
[2012.06.06 20:51:01 | 000,000,000 | ---- | C] () -- C:\Users\aS\defogger_reenable
[2012.06.06 14:46:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 02:06:29 | 000,122,812 | ---- | C] () -- C:\Users\aS\Desktop\darf ich vorstellen.png
[2012.06.04 13:10:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 23:52:20 | 000,707,616 | ---- | C] () -- C:\Users\aS\Desktop\2012-05-31 time 23_52_19 Incoming Peer-to-Peer Call tightleesingah.mp3
[2012.05.31 23:49:30 | 000,003,031 | ---- | C] () -- C:\Users\aS\Desktop\MP3 Skype Recorder.lnk
[2012.05.31 23:49:30 | 000,002,991 | ---- | C] () -- C:\Users\aS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
[2012.05.31 21:09:58 | 000,124,576 | ---- | C] () -- C:\Users\aS\Desktop\df.sfk
[2012.05.31 21:09:44 | 015,937,580 | ---- | C] () -- C:\Users\aS\Desktop\df.wav
[2012.05.31 19:48:47 | 000,944,984 | ---- | C] () -- C:\Users\aS\Desktop\Lens Flare 6.wmv.sfap0
[2012.05.31 19:45:48 | 000,091,308 | ---- | C] () -- C:\Users\aS\Desktop\sshinyoki.png
[2012.05.31 19:43:17 | 000,093,942 | ---- | C] () -- C:\Users\aS\Desktop\shaeineeeeex222.png
[2012.05.31 19:35:54 | 000,110,078 | ---- | C] () -- C:\Users\aS\Desktop\shaeineeeeex2.png
[2012.05.31 19:31:40 | 000,212,651 | ---- | C] () -- C:\Users\aS\Desktop\3D schrift.aep
[2012.05.31 19:31:21 | 000,069,193 | ---- | C] () -- C:\Users\aS\Desktop\shaeineeeee.png
[2012.05.31 19:31:17 | 000,166,050 | ---- | C] () -- C:\Users\aS\Desktop\kackeodcki.png
[2012.05.31 19:25:23 | 000,176,003 | ---- | C] () -- C:\Users\aS\Desktop\shaine.png
[2012.05.31 18:24:20 | 000,001,226 | ---- | C] () -- C:\Users\aS\Desktop\Adobe After Effects CS6.lnk
[2012.05.31 18:04:17 | 000,001,711 | ---- | C] () -- C:\Users\aS\Desktop\MorphVOXPro - Verknüpfung.lnk
[2012.05.31 17:35:04 | 033,998,680 | ---- | C] () -- C:\Users\aS\Desktop\MorphVOX Pro v4.3.13 with Addons + Crk.exe
[2012.05.31 15:06:13 | 000,007,264 | ---- | C] () -- C:\Users\aS\Desktop\MAIN_1.avi.sfk
[2012.05.31 14:23:20 | 000,018,024 | ---- | C] () -- C:\Users\aS\Documents\Carrera.wmv.sfk
[2012.05.31 14:23:18 | 002,298,584 | ---- | C] () -- C:\Users\aS\Documents\Carrera.wmv.sfap0
[2012.05.31 14:21:51 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012.05.31 14:21:06 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.05.31 14:20:52 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.05.31 14:20:50 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012.05.31 14:20:00 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.05.31 13:52:22 | 013,977,483 | ---- | C] () -- C:\Users\aS\Documents\CarreraAdobe.wmv
[2012.05.31 12:39:05 | 053,830,779 | ---- | C] () -- C:\Users\aS\Documents\Carrera2.wmv
[2012.05.31 02:53:08 | 000,118,704 | ---- | C] () -- C:\Users\aS\Documents\Carrera2.veg.bak
[2012.05.31 02:53:08 | 000,118,168 | ---- | C] () -- C:\Users\aS\Documents\Carrera2.veg
[2012.05.31 01:58:21 | 010,713,857 | ---- | C] () -- C:\Users\aS\Documents\Carrera.wmv
[2012.05.30 21:25:21 | 000,001,242 | ---- | C] () -- C:\Users\aS\Desktop\Adobe After Effects CS5.5.lnk
[2012.05.30 20:40:56 | 000,049,464 | ---- | C] () -- C:\Users\aS\Documents\Carrera.veg
[2012.05.30 20:40:56 | 000,035,888 | ---- | C] () -- C:\Users\aS\Documents\Carrera.veg.bak
[2012.05.25 12:58:39 | 002,031,128 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1A.wmv.sfap0
[2012.05.25 12:58:39 | 000,015,936 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1A.wmv.sfk
[2012.05.23 18:34:16 | 000,025,904 | ---- | C] () -- C:\Users\aS\Documents\menu+intro.veg.bak
[2012.05.23 18:34:16 | 000,025,904 | ---- | C] () -- C:\Users\aS\Documents\menu+intro.veg
[2012.05.23 18:24:59 | 088,710,215 | ---- | C] () -- C:\Users\aS\Documents\Ohne Titel.wmv
[2012.05.23 06:41:14 | 000,120,624 | ---- | C] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv.sfk
[2012.05.23 06:41:13 | 015,431,576 | ---- | C] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv.sfap0
[2012.05.22 08:27:35 | 067,446,035 | ---- | C] () -- C:\Users\aS\Documents\Menu2-1Richtige.wmv
[2012.05.21 22:45:58 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.05.21 22:45:58 | 000,001,007 | ---- | C] () -- C:\Users\aS\Desktop\Audacity.lnk
[2012.05.21 22:43:47 | 000,024,669 | ---- | C] () -- C:\Users\aS\Documents\Eis.odt
[2012.05.21 21:51:03 | 000,001,031 | ---- | C] () -- C:\Users\aS\Desktop\PhotoScape.lnk
[2012.05.20 19:22:37 | 000,015,936 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1.wmv.sfk
[2012.05.20 19:22:36 | 002,031,128 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1.wmv.sfap0
[2012.05.20 19:19:38 | 000,097,392 | ---- | C] () -- C:\Users\aS\Documents\Menu2-1RichtigeBonus.veg.bak
[2012.05.20 19:19:38 | 000,096,632 | ---- | C] () -- C:\Users\aS\Documents\Menu2-1RichtigeBonus.veg
[2012.05.20 19:18:22 | 000,103,636 | ---- | C] () -- C:\Users\aS\Desktop\0520_191227.jpg
[2012.05.20 18:54:33 | 000,019,184 | ---- | C] () -- C:\Users\aS\Documents\MonsterTest.veg
[2012.05.20 18:44:50 | 007,725,505 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1A.wmv
[2012.05.20 18:30:18 | 008,005,505 | ---- | C] () -- C:\Users\aS\Documents\Monstertest1.wmv
[2012.05.20 14:04:19 | 604,370,284 | ---- | C] () -- C:\Users\aS\Desktop\MAIN_1.avi
[2012.05.20 01:00:39 | 000,034,744 | ---- | C] () -- C:\Users\aS\Documents\Seele.veg
[2012.05.20 00:42:31 | 014,397,559 | ---- | C] () -- C:\Users\aS\Documents\Seele.wmv
[2012.05.19 10:53:49 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.05.19 10:53:49 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.04.21 16:12:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.03.11 16:13:14 | 000,000,214 | ---- | C] () -- C:\Windows\MSUTIL.INI
[2012.02.25 16:36:44 | 000,108,459 | ---- | C] () -- C:\ProgramData\1330180543.bdinstall.bin
[2012.02.25 00:03:36 | 000,201,768 | ---- | C] () -- C:\ProgramData\1330120858.bdinstall.bin
[2012.02.14 19:35:28 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012.02.08 15:58:20 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2012.02.08 15:58:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2012.02.08 15:58:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2012.02.08 15:58:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2012.02.08 15:58:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2012.02.08 15:58:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2012.02.08 15:58:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2012.02.08 15:58:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2012.02.08 15:58:19 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2012.02.08 15:58:19 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2012.02.08 15:58:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2012.02.08 15:58:19 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2012.02.08 15:58:19 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2012.02.08 15:58:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2012.02.08 15:58:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2012.01.30 18:10:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.01.30 18:00:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.04.10 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\.minecraft
[2012.05.31 21:11:49 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Audacity
[2012.01.31 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Babylon
[2012.03.02 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Canneverbe Limited
[2012.03.09 16:58:03 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.02 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DeepBurner
[2012.02.04 22:58:35 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DVDVideoSoft
[2012.01.30 18:42:13 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.02 23:42:11 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\GrabPro
[2012.01.30 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\LolClient
[2012.05.24 12:31:41 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\LolClient2
[2012.05.21 23:50:49 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\MAGIX
[2012.05.31 23:49:36 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\MP3SkypeRecorder
[2012.03.02 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\OpenCandy
[2012.02.08 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\OpenOffice.org
[2012.06.08 22:00:30 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Orbit
[2012.06.08 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\PhotoScape
[2012.04.10 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\ProgSense
[2012.02.02 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Publish Providers
[2012.02.25 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\QuickScan
[2012.05.31 18:04:30 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Screaming Bee
[2012.05.23 18:12:37 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Sony
[2012.03.09 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Sony Creative Software Inc
[2012.05.19 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\TeamViewer
[2012.05.02 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\TS3Client
[2012.05.25 05:57:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.10 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\.minecraft
[2012.05.31 14:29:42 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Adobe
[2012.04.12 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Apple Computer
[2012.05.31 21:11:49 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Audacity
[2012.01.31 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Babylon
[2012.03.02 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Canneverbe Limited
[2012.03.09 16:58:03 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.02 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DeepBurner
[2012.04.11 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DivX
[2012.02.04 22:58:35 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DVDVideoSoft
[2012.01.30 18:42:13 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.02 23:42:11 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\GrabPro
[2012.01.30 18:05:10 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Identities
[2012.02.14 19:31:02 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\InstallShield
[2012.01.30 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\LolClient
[2012.05.24 12:31:41 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\LolClient2
[2012.01.30 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Macromedia
[2012.05.21 23:50:49 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\MAGIX
[2012.06.08 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Media Center Programs
[2012.06.08 15:24:38 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Media Player Classic
[2012.03.02 21:33:44 | 000,000,000 | --SD | M] -- C:\Users\aS\AppData\Roaming\Microsoft
[2012.05.31 23:49:36 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\MP3SkypeRecorder
[2012.03.02 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\OpenCandy
[2012.02.08 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\OpenOffice.org
[2012.06.08 22:00:30 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Orbit
[2012.06.08 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\PhotoScape
[2012.04.10 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\ProgSense
[2012.02.02 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Publish Providers
[2012.02.25 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\QuickScan
[2012.05.31 18:04:30 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Screaming Bee
[2012.06.08 21:56:28 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Skype
[2012.05.23 18:12:37 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Sony
[2012.03.09 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Sony Creative Software Inc
[2012.05.19 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\TeamViewer
[2012.05.02 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\TS3Client
[2012.06.08 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\vlc
[2012.01.30 18:51:41 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.16 23:21:03 | 000,270,142 | ---- | M] () -- C:\Users\aS\AppData\Roaming\.minecraft\Minecraft.exe
[2012.04.11 16:25:26 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\aS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.31 23:49:30 | 000,375,162 | R--- | M] () -- C:\Users\aS\AppData\Roaming\Microsoft\Installer\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}\_1FE0E36A5139891EB85BB9.exe
[2012.05.31 23:49:30 | 000,375,162 | R--- | M] () -- C:\Users\aS\AppData\Roaming\Microsoft\Installer\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}\_A5FB52A5077E324DBDA19B.exe
[2012.03.02 21:33:24 | 006,047,088 | ---- | M] () -- C:\Users\aS\AppData\Roaming\OpenCandy\8E7F5123A9A541C188B6C8EA7C62D7B2\LinkuryInstaller_p1v12.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\system64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\system64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.01.30 19:07:07 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=2C353B6CE0C8D03225CAA2AF33B68D79 -- C:\Windows\SysNative\user32.dll
[2012.01.30 19:07:07 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=2C353B6CE0C8D03225CAA2AF33B68D79 -- C:\Windows\system64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2012.01.30 19:07:06 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll
[2012.02.28 07:37:57 | 010,991,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

--- --- ---

cosinus · 08.06.2012, 21:29

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109986&babsrc=SP_ss&mntrId=8ccbc5b500000000000000241d20c019
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{516EAA9D-A1ED-4476-8136-87F9FB69978A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=E63253EB-88AE-4A8C-A19C-290A32BFE47F&apn_sauid=4221C183-23CC-45AA-A557-73CAECAF38ED&
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=58.67.147.200:8080
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKU\S-1-5-21-497718101-2151430617-1334218238-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.01.31 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\aS\AppData\Roaming\Babylon
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

CMstorm · 08.06.2012, 21:44

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\SearchScopes\{516EAA9D-A1ED-4476-8136-87F9FB69978A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{516EAA9D-A1ED-4476-8136-87F9FB69978A}\ not found.
Registry key HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ not found.
HKU\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Programme\Lexmark Toolbar\toolband.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\orbitcth.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Programme\Lexmark Toolbar\toolband.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Programme\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Programme\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
File C:\Program Files (x86)\Orbitdownloader\GrabPro.dll not found.
Registry value HKEY_USERS\S-1-5-21-497718101-2151430617-1334218238-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\Users\aS\AppData\Roaming\Babylon folder moved successfully.
C:\install.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: aS
->Temp folder emptied: 333388688 bytes
->Temporary Internet Files folder emptied: 101416057 bytes
->Java cache emptied: 2186134 bytes
->Flash cache emptied: 59249 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35046 bytes
RecycleBin emptied: 200345 bytes
 
Total Files Cleaned = 417,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: aS
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.1 log created on 06082012_223558

Files\Folders moved on Reboot...
C:\Users\aS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\aS\AppData\Local\Temp\~DF0D6CB4598A738D63.TMP not found!
File\Folder C:\Users\aS\AppData\Local\Temp\~DF169B3DFC7C1832C9.TMP not found!
File\Folder C:\Users\aS\AppData\Local\Temp\~DFC42388304C48D793.TMP not found!
File\Folder C:\Users\aS\AppData\Local\Temp\~DFC9CAB5E722DE1A1D.TMP not found!
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQVG1YVQ\116696-google-leitet-falsche-seiten[1].html moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQVG1YVQ\facebook_com[2].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQVG1YVQ\fastbutton[1].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTY76REB\ads[4].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTY76REB\ai[1].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7TVT6XW\ads[3].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7TVT6XW\ads[5].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7TVT6XW\ai[2].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7TVT6XW\xd_arbiter[1].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7TVT6XW\xd_arbiter[2].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9796XBJ4\12[1].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9796XBJ4\ai[1].htm moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\aS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Darf man auch mal fragen was da alles passiert sieht alles sehr sehr interessant aus.

cosinus · 08.06.2012, 22:01

Oh da wär ich ja noch morgen bei dir das im Detail zu erklären

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

CMstorm · 08.06.2012, 22:11

Code:

ATTFilter

23:03:14.0992 2512	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:03:15.0039 2512	============================================================
23:03:15.0039 2512	Current date / time: 2012/06/08 23:03:15.0039
23:03:15.0039 2512	SystemInfo:
23:03:15.0039 2512	
23:03:15.0039 2512	OS Version: 6.1.7600 ServicePack: 0.0
23:03:15.0039 2512	Product type: Workstation
23:03:15.0039 2512	ComputerName: AS-PC
23:03:15.0039 2512	UserName: aS
23:03:15.0039 2512	Windows directory: C:\Windows
23:03:15.0039 2512	System windows directory: C:\Windows
23:03:15.0039 2512	Running under WOW64
23:03:15.0039 2512	Processor architecture: Intel x64
23:03:15.0039 2512	Number of processors: 4
23:03:15.0039 2512	Page size: 0x1000
23:03:15.0039 2512	Boot type: Normal boot
23:03:15.0039 2512	============================================================
23:03:16.0256 2512	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:03:16.0256 2512	Drive \Device\Harddisk1\DR1 - Size: 0x3C7C00000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:03:16.0256 2512	============================================================
23:03:16.0256 2512	\Device\Harddisk0\DR0:
23:03:16.0256 2512	MBR partitions:
23:03:16.0256 2512	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
23:03:16.0256 2512	\Device\Harddisk1\DR1:
23:03:16.0256 2512	MBR partitions:
23:03:16.0256 2512	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1E3DFC1
23:03:16.0256 2512	============================================================
23:03:16.0271 2512	C: <-> \Device\Harddisk0\DR0\Partition0
23:03:16.0271 2512	============================================================
23:03:16.0271 2512	Initialize success
23:03:16.0271 2512	============================================================
23:04:30.0372 3004	============================================================
23:04:30.0372 3004	Scan started
23:04:30.0372 3004	Mode: Manual; SigCheck; TDLFS; 
23:04:30.0372 3004	============================================================
23:04:31.0807 3004	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:04:31.0885 3004	1394ohci - ok
23:04:31.0916 3004	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:04:31.0932 3004	ACPI - ok
23:04:31.0932 3004	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:04:31.0994 3004	AcpiPmi - ok
23:04:32.0088 3004	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:04:32.0088 3004	AdobeARMservice - ok
23:04:32.0181 3004	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:32.0197 3004	AdobeFlashPlayerUpdateSvc - ok
23:04:32.0228 3004	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:04:32.0244 3004	adp94xx - ok
23:04:32.0275 3004	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:04:32.0290 3004	adpahci - ok
23:04:32.0306 3004	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:04:32.0322 3004	adpu320 - ok
23:04:32.0337 3004	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:04:32.0462 3004	AeLookupSvc - ok
23:04:32.0509 3004	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:04:32.0556 3004	AFD - ok
23:04:32.0602 3004	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:04:32.0634 3004	agp440 - ok
23:04:32.0680 3004	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:04:32.0774 3004	ALG - ok
23:04:32.0774 3004	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:04:32.0790 3004	aliide - ok
23:04:32.0836 3004	AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
23:04:32.0883 3004	AMD External Events Utility - ok
23:04:32.0883 3004	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:04:32.0899 3004	amdide - ok
23:04:32.0914 3004	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:04:32.0961 3004	AmdK8 - ok
23:04:32.0977 3004	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:04:33.0024 3004	AmdPPM - ok
23:04:33.0039 3004	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:04:33.0070 3004	amdsata - ok
23:04:33.0086 3004	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:04:33.0102 3004	amdsbs - ok
23:04:33.0117 3004	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:04:33.0133 3004	amdxata - ok
23:04:33.0148 3004	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:04:33.0211 3004	AppID - ok
23:04:33.0226 3004	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:04:33.0289 3004	AppIDSvc - ok
23:04:33.0304 3004	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:04:33.0320 3004	Appinfo - ok
23:04:33.0414 3004	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:04:33.0414 3004	Apple Mobile Device - ok
23:04:33.0445 3004	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:04:33.0445 3004	arc - ok
23:04:33.0476 3004	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:04:33.0492 3004	arcsas - ok
23:04:33.0507 3004	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:33.0554 3004	AsyncMac - ok
23:04:33.0570 3004	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:04:33.0570 3004	atapi - ok
23:04:33.0772 3004	atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
23:04:33.0882 3004	atikmdag - ok
23:04:33.0975 3004	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:04:34.0053 3004	AudioEndpointBuilder - ok
23:04:34.0053 3004	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:04:34.0084 3004	AudioSrv - ok
23:04:34.0147 3004	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:04:34.0240 3004	AxInstSV - ok
23:04:34.0318 3004	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:04:34.0365 3004	b06bdrv - ok
23:04:34.0381 3004	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:04:34.0412 3004	b57nd60a - ok
23:04:34.0428 3004	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:04:34.0443 3004	BDESVC - ok
23:04:34.0474 3004	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:04:34.0537 3004	Beep - ok
23:04:34.0584 3004	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
23:04:34.0630 3004	BITS - ok
23:04:34.0662 3004	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:04:34.0677 3004	blbdrive - ok
23:04:34.0755 3004	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:04:34.0771 3004	Bonjour Service - ok
23:04:34.0786 3004	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:04:34.0818 3004	bowser - ok
23:04:34.0818 3004	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:04:34.0833 3004	BrFiltLo - ok
23:04:34.0849 3004	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:04:34.0849 3004	BrFiltUp - ok
23:04:34.0864 3004	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:04:34.0896 3004	Browser - ok
23:04:34.0911 3004	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:04:34.0942 3004	Brserid - ok
23:04:34.0942 3004	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:04:34.0958 3004	BrSerWdm - ok
23:04:34.0958 3004	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:04:34.0974 3004	BrUsbMdm - ok
23:04:34.0974 3004	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:04:34.0989 3004	BrUsbSer - ok
23:04:34.0989 3004	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:04:35.0005 3004	BTHMODEM - ok
23:04:35.0020 3004	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:04:35.0052 3004	bthserv - ok
23:04:35.0067 3004	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:04:35.0098 3004	cdfs - ok
23:04:35.0114 3004	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:04:35.0130 3004	cdrom - ok
23:04:35.0145 3004	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:04:35.0176 3004	CertPropSvc - ok
23:04:35.0208 3004	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:04:35.0223 3004	circlass - ok
23:04:35.0254 3004	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:04:35.0270 3004	CLFS - ok
23:04:35.0317 3004	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:35.0348 3004	clr_optimization_v2.0.50727_32 - ok
23:04:35.0410 3004	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:04:35.0426 3004	clr_optimization_v2.0.50727_64 - ok
23:04:35.0520 3004	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:35.0551 3004	clr_optimization_v4.0.30319_32 - ok
23:04:35.0582 3004	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:04:35.0598 3004	clr_optimization_v4.0.30319_64 - ok
23:04:35.0629 3004	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:35.0676 3004	CmBatt - ok
23:04:35.0691 3004	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:04:35.0707 3004	cmdide - ok
23:04:35.0738 3004	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:04:35.0769 3004	CNG - ok
23:04:35.0785 3004	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:04:35.0800 3004	Compbatt - ok
23:04:35.0816 3004	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:04:35.0847 3004	CompositeBus - ok
23:04:35.0863 3004	COMSysApp - ok
23:04:35.0878 3004	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:04:35.0894 3004	crcdisk - ok
23:04:35.0925 3004	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:04:35.0972 3004	CryptSvc - ok
23:04:36.0003 3004	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:04:36.0050 3004	DcomLaunch - ok
23:04:36.0097 3004	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:04:36.0144 3004	defragsvc - ok
23:04:36.0159 3004	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:04:36.0190 3004	DfsC - ok
23:04:36.0222 3004	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:04:36.0300 3004	Dhcp - ok
23:04:36.0315 3004	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:04:36.0362 3004	discache - ok
23:04:36.0393 3004	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:04:36.0393 3004	Disk - ok
23:04:36.0424 3004	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:04:36.0471 3004	Dnscache - ok
23:04:36.0487 3004	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:04:36.0549 3004	dot3svc - ok
23:04:36.0565 3004	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:04:36.0612 3004	DPS - ok
23:04:36.0643 3004	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:04:36.0658 3004	drmkaud - ok
23:04:36.0690 3004	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:04:36.0705 3004	DXGKrnl - ok
23:04:36.0736 3004	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:04:36.0768 3004	EapHost - ok
23:04:36.0877 3004	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:04:36.0924 3004	ebdrv - ok
23:04:37.0002 3004	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:04:37.0033 3004	EFS - ok
23:04:37.0095 3004	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:04:37.0126 3004	ehRecvr - ok
23:04:37.0142 3004	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:04:37.0173 3004	ehSched - ok
23:04:37.0236 3004	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:04:37.0251 3004	elxstor - ok
23:04:37.0267 3004	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:04:37.0282 3004	ErrDev - ok
23:04:37.0314 3004	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:04:37.0360 3004	EventSystem - ok
23:04:37.0376 3004	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:04:37.0392 3004	exfat - ok
23:04:37.0485 3004	Fabs - ok
23:04:37.0516 3004	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:04:37.0563 3004	fastfat - ok
23:04:37.0626 3004	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:04:37.0672 3004	Fax - ok
23:04:37.0688 3004	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:04:37.0704 3004	fdc - ok
23:04:37.0719 3004	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:04:37.0750 3004	fdPHost - ok
23:04:37.0766 3004	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:04:37.0797 3004	FDResPub - ok
23:04:37.0813 3004	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:04:37.0828 3004	FileInfo - ok
23:04:37.0828 3004	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:04:37.0860 3004	Filetrace - ok
23:04:37.0969 3004	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
23:04:38.0016 3004	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:04:38.0016 3004	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:04:38.0047 3004	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:04:38.0078 3004	FLEXnet Licensing Service - ok
23:04:38.0125 3004	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:04:38.0140 3004	flpydisk - ok
23:04:38.0156 3004	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:04:38.0172 3004	FltMgr - ok
23:04:38.0218 3004	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:04:38.0250 3004	FontCache - ok
23:04:38.0328 3004	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:04:38.0343 3004	FontCache3.0.0.0 - ok
23:04:38.0359 3004	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:04:38.0359 3004	FsDepends - ok
23:04:38.0390 3004	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:04:38.0390 3004	Fs_Rec - ok
23:04:38.0437 3004	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:04:38.0452 3004	fvevol - ok
23:04:38.0468 3004	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:04:38.0484 3004	gagp30kx - ok
23:04:38.0515 3004	gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
23:04:38.0530 3004	gdrv - ok
23:04:38.0562 3004	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:04:38.0577 3004	GEARAspiWDM - ok
23:04:38.0608 3004	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:04:38.0640 3004	gpsvc - ok
23:04:38.0655 3004	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:04:38.0671 3004	hcw85cir - ok
23:04:38.0702 3004	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:04:38.0733 3004	HdAudAddService - ok
23:04:38.0764 3004	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:38.0811 3004	HDAudBus - ok
23:04:38.0811 3004	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:04:38.0827 3004	HidBatt - ok
23:04:38.0827 3004	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:04:38.0858 3004	HidBth - ok
23:04:38.0858 3004	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:04:38.0874 3004	HidIr - ok
23:04:38.0889 3004	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:04:38.0936 3004	hidserv - ok
23:04:38.0967 3004	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:04:38.0998 3004	HidUsb - ok
23:04:39.0014 3004	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:04:39.0061 3004	hkmsvc - ok
23:04:39.0076 3004	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:04:39.0108 3004	HomeGroupListener - ok
23:04:39.0139 3004	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:04:39.0154 3004	HomeGroupProvider - ok
23:04:39.0201 3004	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:04:39.0201 3004	HpSAMD - ok
23:04:39.0232 3004	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:04:39.0295 3004	HTTP - ok
23:04:39.0310 3004	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:04:39.0310 3004	hwpolicy - ok
23:04:39.0326 3004	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:39.0326 3004	i8042prt - ok
23:04:39.0373 3004	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:04:39.0388 3004	iaStorV - ok
23:04:39.0498 3004	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:04:39.0529 3004	idsvc - ok
23:04:39.0529 3004	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:04:39.0544 3004	iirsp - ok
23:04:39.0607 3004	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:04:39.0685 3004	IKEEXT - ok
23:04:39.0747 3004	IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
23:04:39.0778 3004	IntcAzAudAddService - ok
23:04:39.0841 3004	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:04:39.0856 3004	intelide - ok
23:04:39.0872 3004	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:04:39.0888 3004	intelppm - ok
23:04:39.0903 3004	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:04:39.0934 3004	IPBusEnum - ok
23:04:39.0934 3004	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:39.0966 3004	IpFilterDriver - ok
23:04:39.0966 3004	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:04:39.0981 3004	IPMIDRV - ok
23:04:39.0997 3004	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:04:40.0012 3004	IPNAT - ok
23:04:40.0106 3004	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:04:40.0137 3004	iPod Service - ok
23:04:40.0168 3004	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:04:40.0184 3004	IRENUM - ok
23:04:40.0184 3004	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:04:40.0184 3004	isapnp - ok
23:04:40.0215 3004	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:04:40.0215 3004	iScsiPrt - ok
23:04:40.0231 3004	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:40.0246 3004	kbdclass - ok
23:04:40.0262 3004	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:40.0278 3004	kbdhid - ok
23:04:40.0293 3004	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:04:40.0309 3004	KeyIso - ok
23:04:40.0324 3004	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:04:40.0340 3004	KSecDD - ok
23:04:40.0340 3004	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:04:40.0356 3004	KSecPkg - ok
23:04:40.0371 3004	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:04:40.0449 3004	ksthunk - ok
23:04:40.0574 3004	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:04:40.0652 3004	KtmRm - ok
23:04:40.0683 3004	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
23:04:40.0699 3004	LanmanServer - ok
23:04:40.0730 3004	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:04:40.0777 3004	LanmanWorkstation - ok
23:04:40.0808 3004	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:04:40.0839 3004	lltdio - ok
23:04:40.0870 3004	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:04:40.0933 3004	lltdsvc - ok
23:04:40.0948 3004	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:04:40.0980 3004	lmhosts - ok
23:04:41.0026 3004	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:04:41.0026 3004	LSI_FC - ok
23:04:41.0026 3004	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:04:41.0042 3004	LSI_SAS - ok
23:04:41.0042 3004	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:04:41.0058 3004	LSI_SAS2 - ok
23:04:41.0058 3004	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:04:41.0073 3004	LSI_SCSI - ok
23:04:41.0104 3004	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:04:41.0136 3004	luafv - ok
23:04:41.0151 3004	lxcr_device - ok
23:04:41.0182 3004	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:04:41.0198 3004	MBAMProtector - ok
23:04:41.0307 3004	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:04:41.0338 3004	MBAMService - ok
23:04:41.0370 3004	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:04:41.0385 3004	Mcx2Svc - ok
23:04:41.0385 3004	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:04:41.0401 3004	megasas - ok
23:04:41.0401 3004	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:04:41.0416 3004	MegaSR - ok
23:04:41.0432 3004	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:04:41.0479 3004	MMCSS - ok
23:04:41.0494 3004	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:04:41.0526 3004	Modem - ok
23:04:41.0557 3004	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:04:41.0572 3004	monitor - ok
23:04:41.0572 3004	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:04:41.0588 3004	mouclass - ok
23:04:41.0588 3004	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:04:41.0604 3004	mouhid - ok
23:04:41.0619 3004	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:04:41.0619 3004	mountmgr - ok
23:04:41.0635 3004	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:04:41.0650 3004	mpio - ok
23:04:41.0650 3004	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:04:41.0682 3004	mpsdrv - ok
23:04:41.0697 3004	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:04:41.0728 3004	MRxDAV - ok
23:04:41.0744 3004	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:04:41.0760 3004	mrxsmb - ok
23:04:41.0791 3004	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:04:41.0806 3004	mrxsmb10 - ok
23:04:41.0822 3004	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:04:41.0838 3004	mrxsmb20 - ok
23:04:41.0838 3004	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:04:41.0838 3004	msahci - ok
23:04:41.0853 3004	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:04:41.0869 3004	msdsm - ok
23:04:41.0900 3004	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:04:41.0900 3004	MSDTC - ok
23:04:41.0916 3004	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:04:41.0947 3004	Msfs - ok
23:04:41.0962 3004	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:04:41.0994 3004	mshidkmdf - ok
23:04:41.0994 3004	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:04:42.0009 3004	msisadrv - ok
23:04:42.0040 3004	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:04:42.0072 3004	MSiSCSI - ok
23:04:42.0087 3004	msiserver - ok
23:04:42.0118 3004	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:04:42.0212 3004	MSKSSRV - ok
23:04:42.0228 3004	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:04:42.0259 3004	MSPCLOCK - ok
23:04:42.0259 3004	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:04:42.0290 3004	MSPQM - ok
23:04:42.0352 3004	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:04:42.0368 3004	MsRPC - ok
23:04:42.0384 3004	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:04:42.0384 3004	mssmbios - ok
23:04:42.0399 3004	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:04:42.0430 3004	MSTEE - ok
23:04:42.0446 3004	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:04:42.0462 3004	MTConfig - ok
23:04:42.0477 3004	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:04:42.0493 3004	Mup - ok
23:04:42.0540 3004	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:04:42.0586 3004	napagent - ok
23:04:42.0774 3004	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:04:42.0789 3004	NativeWifiP - ok
23:04:42.0976 3004	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:04:43.0008 3004	NDIS - ok
23:04:43.0023 3004	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:04:43.0054 3004	NdisCap - ok
23:04:43.0070 3004	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:04:43.0101 3004	NdisTapi - ok
23:04:43.0117 3004	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:04:43.0148 3004	Ndisuio - ok
23:04:43.0148 3004	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:04:43.0179 3004	NdisWan - ok
23:04:43.0195 3004	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:04:43.0226 3004	NDProxy - ok
23:04:43.0242 3004	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:04:43.0273 3004	NetBIOS - ok
23:04:43.0288 3004	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:04:43.0320 3004	NetBT - ok
23:04:43.0335 3004	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:04:43.0351 3004	Netlogon - ok
23:04:43.0382 3004	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:04:43.0429 3004	Netman - ok
23:04:43.0507 3004	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:04:43.0569 3004	netprofm - ok
23:04:43.0647 3004	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:04:43.0678 3004	NetTcpPortSharing - ok
23:04:43.0725 3004	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:04:43.0741 3004	nfrd960 - ok
23:04:43.0772 3004	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:04:43.0819 3004	NlaSvc - ok
23:04:43.0850 3004	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:04:43.0881 3004	Npfs - ok
23:04:43.0897 3004	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:04:43.0928 3004	nsi - ok
23:04:43.0928 3004	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:04:43.0959 3004	nsiproxy - ok
23:04:44.0022 3004	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:04:44.0068 3004	Ntfs - ok
23:04:44.0146 3004	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:04:44.0209 3004	Null - ok
23:04:44.0240 3004	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:04:44.0256 3004	nvraid - ok
23:04:44.0271 3004	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:04:44.0287 3004	nvstor - ok
23:04:44.0302 3004	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:04:44.0318 3004	nv_agp - ok
23:04:44.0318 3004	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:04:44.0334 3004	ohci1394 - ok
23:04:44.0365 3004	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:04:44.0396 3004	p2pimsvc - ok
23:04:44.0412 3004	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:04:44.0427 3004	p2psvc - ok
23:04:44.0443 3004	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:04:44.0458 3004	Parport - ok
23:04:44.0490 3004	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:04:44.0490 3004	partmgr - ok
23:04:44.0505 3004	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:04:44.0536 3004	PcaSvc - ok
23:04:44.0536 3004	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:04:44.0552 3004	pci - ok
23:04:44.0552 3004	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:04:44.0568 3004	pciide - ok
23:04:44.0568 3004	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:04:44.0583 3004	pcmcia - ok
23:04:44.0614 3004	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:04:44.0614 3004	pcw - ok
23:04:44.0630 3004	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:04:44.0677 3004	PEAUTH - ok
23:04:44.0739 3004	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:04:44.0786 3004	PerfHost - ok
23:04:44.0848 3004	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:04:44.0895 3004	pla - ok
23:04:44.0958 3004	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:04:44.0989 3004	PlugPlay - ok
23:04:45.0020 3004	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:04:45.0036 3004	PNRPAutoReg - ok
23:04:45.0067 3004	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:04:45.0082 3004	PNRPsvc - ok
23:04:45.0114 3004	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:04:45.0160 3004	PolicyAgent - ok
23:04:45.0192 3004	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:04:45.0238 3004	Power - ok
23:04:45.0270 3004	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:04:45.0301 3004	PptpMiniport - ok
23:04:45.0316 3004	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:04:45.0332 3004	Processor - ok
23:04:45.0348 3004	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:04:45.0426 3004	ProfSvc - ok
23:04:45.0488 3004	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:04:45.0519 3004	ProtectedStorage - ok
23:04:45.0706 3004	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:04:45.0784 3004	Psched - ok
23:04:45.0831 3004	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:04:45.0862 3004	ql2300 - ok
23:04:45.0925 3004	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:04:45.0925 3004	ql40xx - ok
23:04:45.0956 3004	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:04:45.0972 3004	QWAVE - ok
23:04:45.0987 3004	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:04:46.0003 3004	QWAVEdrv - ok
23:04:46.0003 3004	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:04:46.0050 3004	RasAcd - ok
23:04:46.0065 3004	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:04:46.0096 3004	RasAgileVpn - ok
23:04:46.0112 3004	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:04:46.0143 3004	RasAuto - ok
23:04:46.0159 3004	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:04:46.0190 3004	Rasl2tp - ok
23:04:46.0206 3004	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:04:46.0237 3004	RasMan - ok
23:04:46.0268 3004	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:04:46.0299 3004	RasPppoe - ok
23:04:46.0299 3004	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:04:46.0330 3004	RasSstp - ok
23:04:46.0346 3004	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:04:46.0377 3004	rdbss - ok
23:04:46.0393 3004	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:04:46.0408 3004	rdpbus - ok
23:04:46.0408 3004	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:04:46.0440 3004	RDPCDD - ok
23:04:46.0455 3004	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:04:46.0486 3004	RDPENCDD - ok
23:04:46.0502 3004	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:04:46.0518 3004	RDPREFMP - ok
23:04:46.0549 3004	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:04:46.0564 3004	RDPWD - ok
23:04:46.0580 3004	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:04:46.0580 3004	rdyboost - ok
23:04:46.0611 3004	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:04:46.0658 3004	RemoteAccess - ok
23:04:46.0674 3004	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:04:46.0705 3004	RemoteRegistry - ok
23:04:46.0720 3004	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:04:46.0752 3004	RpcEptMapper - ok
23:04:46.0767 3004	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:04:46.0767 3004	RpcLocator - ok
23:04:46.0798 3004	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:04:46.0830 3004	RpcSs - ok
23:04:46.0845 3004	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:04:46.0892 3004	rspndr - ok
23:04:46.0939 3004	RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
23:04:46.0954 3004	RTHDMIAzAudService - ok
23:04:46.0986 3004	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:04:47.0001 3004	RTL8167 - ok
23:04:47.0017 3004	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:04:47.0032 3004	SamSs - ok
23:04:47.0032 3004	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:04:47.0048 3004	sbp2port - ok
23:04:47.0079 3004	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:04:47.0110 3004	SCardSvr - ok
23:04:47.0126 3004	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:04:47.0157 3004	scfilter - ok
23:04:47.0204 3004	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:04:47.0251 3004	Schedule - ok
23:04:47.0266 3004	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:04:47.0298 3004	SCPolicySvc - ok
23:04:47.0344 3004	ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
23:04:47.0360 3004	ScreamBAudioSvc - ok
23:04:47.0376 3004	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:04:47.0422 3004	SDRSVC - ok
23:04:47.0454 3004	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:04:47.0485 3004	secdrv - ok
23:04:47.0500 3004	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:04:47.0532 3004	seclogon - ok
23:04:47.0547 3004	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:04:47.0578 3004	SENS - ok
23:04:47.0610 3004	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:04:47.0656 3004	SensrSvc - ok
23:04:47.0672 3004	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:04:47.0703 3004	Serenum - ok
23:04:47.0719 3004	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:04:47.0734 3004	Serial - ok
23:04:47.0750 3004	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:04:47.0766 3004	sermouse - ok
23:04:47.0781 3004	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:04:47.0812 3004	SessionEnv - ok
23:04:47.0812 3004	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:04:47.0844 3004	sffdisk - ok
23:04:47.0844 3004	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:04:47.0859 3004	sffp_mmc - ok
23:04:47.0859 3004	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:04:47.0890 3004	sffp_sd - ok
23:04:47.0890 3004	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:04:47.0890 3004	sfloppy - ok
23:04:47.0922 3004	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:04:47.0953 3004	SharedAccess - ok
23:04:47.0984 3004	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:04:48.0015 3004	ShellHWDetection - ok
23:04:48.0046 3004	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:04:48.0046 3004	SiSRaid2 - ok
23:04:48.0046 3004	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:04:48.0062 3004	SiSRaid4 - ok
23:04:48.0124 3004	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:04:48.0156 3004	SkypeUpdate - ok
23:04:48.0171 3004	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:04:48.0218 3004	Smb - ok
23:04:48.0249 3004	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:04:48.0265 3004	SNMPTRAP - ok
23:04:48.0265 3004	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:04:48.0280 3004	spldr - ok
23:04:48.0312 3004	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:04:48.0343 3004	Spooler - ok
23:04:48.0436 3004	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:04:48.0499 3004	sppsvc - ok
23:04:48.0561 3004	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:04:48.0624 3004	sppuinotify - ok
23:04:48.0686 3004	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:04:48.0733 3004	srv - ok
23:04:48.0764 3004	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:04:48.0795 3004	srv2 - ok
23:04:48.0811 3004	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:04:48.0842 3004	srvnet - ok
23:04:48.0873 3004	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:04:48.0904 3004	SSDPSRV - ok
23:04:48.0920 3004	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:04:48.0951 3004	SstpSvc - ok
23:04:49.0014 3004	Steam Client Service - ok
23:04:49.0045 3004	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:04:49.0076 3004	stexstor - ok
23:04:49.0123 3004	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:04:49.0154 3004	stisvc - ok
23:04:49.0154 3004	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:04:49.0170 3004	swenum - ok
23:04:49.0263 3004	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:04:49.0279 3004	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
23:04:49.0279 3004	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
23:04:49.0326 3004	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:04:49.0388 3004	swprv - ok
23:04:49.0435 3004	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:04:49.0482 3004	SysMain - ok
23:04:49.0544 3004	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:04:49.0591 3004	TabletInputService - ok
23:04:49.0606 3004	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:04:49.0669 3004	TapiSrv - ok
23:04:49.0684 3004	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:04:49.0716 3004	TBS - ok
23:04:49.0809 3004	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:04:49.0840 3004	Tcpip - ok
23:04:49.0918 3004	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:04:49.0950 3004	TCPIP6 - ok
23:04:49.0965 3004	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:04:49.0996 3004	tcpipreg - ok
23:04:50.0012 3004	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:04:50.0028 3004	TDPIPE - ok
23:04:50.0043 3004	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:04:50.0059 3004	TDTCP - ok
23:04:50.0074 3004	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:04:50.0106 3004	tdx - ok
23:04:50.0277 3004	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
23:04:50.0308 3004	TeamViewer7 - ok
23:04:50.0324 3004	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:04:50.0340 3004	TermDD - ok
23:04:50.0371 3004	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:04:50.0418 3004	TermService - ok
23:04:50.0433 3004	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:04:50.0449 3004	Themes - ok
23:04:50.0480 3004	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:04:50.0511 3004	THREADORDER - ok
23:04:50.0527 3004	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:04:50.0558 3004	TrkWks - ok
23:04:50.0589 3004	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:04:50.0605 3004	TrustedInstaller - ok
23:04:50.0620 3004	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:04:50.0652 3004	tssecsrv - ok
23:04:50.0667 3004	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:04:50.0714 3004	tunnel - ok
23:04:50.0776 3004	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:04:50.0823 3004	uagp35 - ok
23:04:50.0901 3004	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:04:50.0948 3004	udfs - ok
23:04:50.0964 3004	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:04:50.0979 3004	UI0Detect - ok
23:04:51.0026 3004	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:04:51.0026 3004	uliagpkx - ok
23:04:51.0042 3004	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:04:51.0057 3004	umbus - ok
23:04:51.0057 3004	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:04:51.0073 3004	UmPass - ok
23:04:51.0088 3004	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:04:51.0135 3004	upnphost - ok
23:04:51.0151 3004	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:04:51.0182 3004	USBAAPL64 - ok
23:04:51.0213 3004	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:04:51.0244 3004	usbccgp - ok
23:04:51.0260 3004	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:04:51.0291 3004	usbcir - ok
23:04:51.0291 3004	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:04:51.0307 3004	usbehci - ok
23:04:51.0322 3004	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:04:51.0354 3004	usbhub - ok
23:04:51.0354 3004	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:04:51.0354 3004	usbohci - ok
23:04:51.0369 3004	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:04:51.0369 3004	usbprint - ok
23:04:51.0432 3004	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:04:51.0463 3004	usbscan - ok
23:04:51.0494 3004	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:04:51.0510 3004	USBSTOR - ok
23:04:51.0525 3004	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:04:51.0541 3004	usbuhci - ok
23:04:51.0556 3004	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:04:51.0603 3004	UxSms - ok
23:04:51.0619 3004	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:04:51.0634 3004	VaultSvc - ok
23:04:51.0650 3004	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:04:51.0666 3004	vdrvroot - ok
23:04:51.0712 3004	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:04:51.0759 3004	vds - ok
23:04:51.0759 3004	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:04:51.0775 3004	vga - ok
23:04:51.0790 3004	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:04:51.0837 3004	VgaSave - ok
23:04:51.0853 3004	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:04:51.0853 3004	vhdmp - ok
23:04:51.0868 3004	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:04:51.0868 3004	viaide - ok
23:04:51.0884 3004	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:04:51.0884 3004	volmgr - ok
23:04:51.0915 3004	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:04:51.0915 3004	volmgrx - ok
23:04:51.0931 3004	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:04:51.0946 3004	volsnap - ok
23:04:51.0978 3004	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:04:51.0993 3004	vsmraid - ok
23:04:52.0024 3004	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:04:52.0071 3004	VSS - ok
23:04:52.0134 3004	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:04:52.0149 3004	vwifibus - ok
23:04:52.0165 3004	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:04:52.0196 3004	W32Time - ok
23:04:52.0212 3004	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:04:52.0227 3004	WacomPen - ok
23:04:52.0258 3004	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:52.0305 3004	WANARP - ok
23:04:52.0305 3004	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:52.0321 3004	Wanarpv6 - ok
23:04:52.0383 3004	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:04:52.0383 3004	Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 3cec96de223e49eaae3651fcf8faea6c
23:04:52.0399 3004	WatAdminSvc ( LockedFile.Multi.Generic ) - warning
23:04:52.0399 3004	WatAdminSvc - detected LockedFile.Multi.Generic (1)
23:04:52.0446 3004	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:04:52.0492 3004	wbengine - ok
23:04:52.0524 3004	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:04:52.0524 3004	WbioSrvc - ok
23:04:52.0555 3004	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:04:52.0586 3004	wcncsvc - ok
23:04:52.0602 3004	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:04:52.0617 3004	WcsPlugInService - ok
23:04:52.0617 3004	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:04:52.0633 3004	Wd - ok
23:04:52.0648 3004	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:04:52.0664 3004	Wdf01000 - ok
23:04:52.0680 3004	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:04:52.0711 3004	WdiServiceHost - ok
23:04:52.0711 3004	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:04:52.0726 3004	WdiSystemHost - ok
23:04:52.0742 3004	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:04:52.0773 3004	WebClient - ok
23:04:52.0773 3004	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:04:52.0820 3004	Wecsvc - ok
23:04:52.0836 3004	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:04:52.0867 3004	wercplsupport - ok
23:04:52.0882 3004	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:04:52.0914 3004	WerSvc - ok
23:04:52.0945 3004	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:04:52.0960 3004	WfpLwf - ok
23:04:52.0976 3004	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:04:52.0992 3004	WIMMount - ok
23:04:52.0992 3004	WinHttpAutoProxySvc - ok
23:04:53.0038 3004	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:04:53.0085 3004	Winmgmt - ok
23:04:53.0163 3004	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:04:53.0210 3004	WinRM - ok
23:04:53.0319 3004	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:04:53.0366 3004	WinUsb - ok
23:04:53.0428 3004	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:04:53.0475 3004	Wlansvc - ok
23:04:53.0475 3004	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:04:53.0491 3004	WmiAcpi - ok
23:04:53.0506 3004	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:04:53.0538 3004	wmiApSrv - ok
23:04:53.0584 3004	WMPNetworkSvc - ok
23:04:53.0584 3004	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:04:53.0600 3004	WPCSvc - ok
23:04:53.0616 3004	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:04:53.0647 3004	WPDBusEnum - ok
23:04:53.0662 3004	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:04:53.0694 3004	ws2ifsl - ok
23:04:53.0694 3004	WSearch - ok
23:04:53.0772 3004	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:04:53.0818 3004	wuauserv - ok
23:04:53.0850 3004	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:04:53.0881 3004	WudfPf - ok
23:04:53.0912 3004	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:04:53.0943 3004	WUDFRd - ok
23:04:53.0959 3004	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:04:53.0990 3004	wudfsvc - ok
23:04:54.0021 3004	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:04:54.0037 3004	WwanSvc - ok
23:04:54.0084 3004	ZSMC301b        (99217bd11bee7f21e873f6e39b93aafd) C:\Windows\system32\Drivers\usbVM31b.sys
23:04:54.0099 3004	ZSMC301b - ok
23:04:54.0115 3004	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:04:54.0302 3004	\Device\Harddisk0\DR0 - ok
23:04:54.0318 3004	MBR (0x1B8)     (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
23:05:04.0005 3004	\Device\Harddisk1\DR1 - ok
23:05:04.0005 3004	Boot (0x1200)   (db008b3d20e8adf9a4b6ba366b22d7ab) \Device\Harddisk0\DR0\Partition0
23:05:04.0005 3004	\Device\Harddisk0\DR0\Partition0 - ok
23:05:04.0005 3004	Boot (0x1200)   (78b5da69dcdc82829bb757d93536acbe) \Device\Harddisk1\DR1\Partition0
23:05:04.0005 3004	\Device\Harddisk1\DR1\Partition0 - ok
23:05:04.0005 3004	============================================================
23:05:04.0005 3004	Scan finished
23:05:04.0005 3004	============================================================
23:05:04.0021 3276	Detected object count: 3
23:05:04.0021 3276	Actual detected object count: 3
23:08:32.0948 3276	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:08:32.0948 3276	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:08:32.0948 3276	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
23:08:32.0948 3276	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:08:32.0948 3276	WatAdminSvc ( LockedFile.Multi.Generic ) - skipped by user
23:08:32.0948 3276	WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Skip

Okay dann lassen wir das lieber mit dem erklären.

cosinus · 08.06.2012, 22:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

CMstorm · 08.06.2012, 22:32

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-08.02 - aS 08.06.2012  23:18:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4094.2835 [GMT 2:00]
ausgeführt von:: c:\users\aS\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1330120858.bdinstall.bin
c:\programdata\1330180543.bdinstall.bin
c:\users\aS\AppData\Local\TempDIR
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-08 bis 2012-06-08  ))))))))))))))))))))))))))))))
.
.
2012-06-08 20:35 . 2012-06-08 20:35	--------	d-----w-	C:\_OTL
2012-06-08 16:16 . 2012-06-08 16:16	--------	d-----w-	c:\program files (x86)\ESET
2012-06-06 12:46 . 2012-06-06 12:46	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 12:46 . 2012-06-06 12:46	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 12:46 . 2012-06-08 11:04	--------	d-----w-	c:\windows\system32\Macromed
2012-06-05 09:48 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E07E08DD-0215-40D1-BE8C-FA60C6879997}\mpengine.dll
2012-06-04 11:10 . 2012-06-08 11:02	--------	d-----w-	c:\users\aS\AppData\Roaming\Malwarebytes
2012-06-04 11:10 . 2012-06-08 11:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 11:10 . 2012-06-08 11:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 11:10 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 20:11 . 2012-06-02 20:11	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-05-31 21:49 . 2012-06-08 11:04	--------	d-----w-	c:\users\aS\AppData\Local\Alexander_Nikiforov
2012-05-31 21:49 . 2012-05-31 21:49	--------	d-----w-	c:\users\aS\AppData\Roaming\MP3SkypeRecorder
2012-05-31 21:49 . 2012-05-31 21:49	--------	d-----w-	c:\program files (x86)\MP3 Skype Recorder
2012-05-31 18:02 . 2012-05-31 18:02	--------	d-----w-	c:\program files (x86)\Screaming Bee LLC
2012-05-31 16:04 . 2012-05-31 16:04	--------	d-----w-	c:\users\aS\AppData\Roaming\Screaming Bee
2012-05-31 16:03 . 2012-05-31 18:11	--------	d-----w-	c:\program files (x86)\Screaming Bee
2012-05-31 16:03 . 2012-05-31 16:04	--------	d-----w-	c:\programdata\Screaming Bee
2012-05-31 13:01 . 2012-05-31 13:01	--------	d-----w-	c:\programdata\eSellerate
2012-05-31 13:01 . 2012-05-31 13:01	--------	d-----w-	c:\program files (x86)\Common Files\eSellerate
2012-05-31 13:01 . 2012-05-31 15:46	--------	d-----w-	c:\program files (x86)\NewBlue
2012-05-31 12:25 . 2012-05-31 12:25	--------	d-----w-	c:\program files (x86)\LooksBuilder
2012-05-31 11:57 . 2012-05-31 12:09	--------	d-----w-	c:\users\aS\loooooo
2012-05-30 19:24 . 2012-05-30 19:24	--------	d-----w-	C:\AECS5COMMONPATH
2012-05-30 19:24 . 2012-05-30 19:24	--------	d-----w-	C:\CS5AEPRESETSFOLDER
2012-05-30 19:24 . 2012-05-30 19:24	--------	d-----w-	C:\AECS5PLUGINPATH
2012-05-24 10:31 . 2012-05-24 10:31	--------	d-----w-	c:\users\aS\AppData\Roaming\LolClient2
2012-05-21 21:48 . 2012-05-21 21:48	--------	d-----w-	c:\program files (x86)\Common Files\MAGIX Shared
2012-05-21 21:47 . 2012-05-21 21:47	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-05-21 21:30 . 2012-05-21 21:30	--------	d-----w-	c:\users\aS\AppData\Local\Ilivid Player
2012-05-21 21:15 . 2012-05-21 21:50	--------	d-----w-	c:\users\aS\AppData\Roaming\MAGIX
2012-05-21 21:15 . 2012-05-21 21:15	--------	d-----w-	c:\users\aS\AppData\Local\Xara
2012-05-21 21:14 . 2012-05-21 21:50	--------	d-----w-	c:\programdata\MAGIX
2012-05-21 21:14 . 2012-05-21 21:48	--------	d-----w-	c:\program files (x86)\Common Files\MAGIX Services
2012-05-21 20:46 . 2012-05-31 19:11	--------	d-----w-	c:\users\aS\AppData\Roaming\Audacity
2012-05-21 20:45 . 2012-05-21 20:45	--------	d-----w-	c:\program files (x86)\Audacity
2012-05-21 19:51 . 2012-06-08 11:04	--------	d-----w-	c:\users\aS\AppData\Roaming\PhotoScape
2012-05-21 19:50 . 2012-05-21 19:51	--------	d-----w-	c:\program files (x86)\PhotoScape
2012-05-19 09:15 . 2012-05-19 09:15	--------	d-----w-	c:\users\aS\AppData\Local\Mozilla
2012-05-19 08:53 . 2012-05-19 08:54	--------	d-----w-	c:\users\aS\AppData\Roaming\TeamViewer
2012-05-19 08:53 . 2012-05-19 08:53	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-05-10 04:32 . 2012-04-02 05:26	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 04:32 . 2012-04-02 05:24	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 04:32 . 2012-04-02 05:24	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 04:32 . 2012-04-02 05:24	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 04:32 . 2012-04-02 04:40	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 11:27 . 2012-01-30 16:24	14848	----a-w-	c:\windows\system32\slwga.dll
2012-06-03 11:27 . 2012-01-30 16:24	13824	----a-w-	c:\windows\SysWow64\slwga.dll
2012-06-03 11:27 . 2009-07-13 23:56	419840	----a-w-	c:\windows\system32\systemcpl.dll
2012-03-12 05:28 . 2012-02-08 13:11	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-30 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-01-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"VM_STI"="c:\windows\VM_STI.exe" [2004-06-09 40960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-2-25 495104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 12:46]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-497718101-2151430617-1334218238-1000Core.job
- c:\users\aS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 20:40]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-497718101-2151430617-1334218238-1000UA.job
- c:\users\aS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"combofix"="c:\combofix\CF14664.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\aS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TrayServer - c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-MAGIX_MSI_Videodeluxe18_premium - c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\Video_deluxe_MX_Premium_de-DE_setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-08  23:27:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-08 21:27
.
Vor Suchlauf: 15 Verzeichnis(se), 886.765.273.088 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 886.190.870.528 Bytes frei
.
- - End Of File - - 1A06F188B327D6432ADD129D148C6375

--- --- ---

08.06.2012, 19:55	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google leitet auf falsche Seiten weiter. Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

08.06.2012, 20:23	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google leitet auf falsche Seiten weiter. Ist das si schwierig Malwarebytes zu starten und dann im Reiter Logdateien nachzusehen?? __________________ --> Google leitet auf falsche Seiten weiter.

Google leitet auf falsche Seiten weiter.

Log-Analyse und Auswertung: Google leitet auf falsche Seiten weiter.