Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
searchnu.com /413

searchnu.com /413


Plagegeister aller Art und deren Bekämpfung: searchnu.com /413

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 28.12.2012, 17:23   #1
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


searchnu.com /413 mit FLV Converter von Chip erhalten

Hallo Zusammen,

ich habe mir auch die Malware searchnu.com/413 mit dem FLV Converter geladen. Und hab überhaupt kein plan von rechnern.
Bitte wer kann mir helfen..

THX

Shadowxx

Alt 28.12.2012, 18:06   #2
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 28.12.2012, 20:31   #3
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


Hallo Marcusg

Hab jetzt otl auf den Rechner scan wird ausgefürt..

Danke schonmal für deine Hilfe

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.12.2012 20:20:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven250779\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,60% Memory free
7,93 Gb Paging File | 5,80 Gb Available in Paging File | 73,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,75 Gb Total Space | 358,03 Gb Free Space | 77,20% Space Free | Partition Type: NTFS
 
Computer Name: STEVEN250779-PC | User Name: Steven250779 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.28 20:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven250779\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 21:51:46 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.12.05 23:37:53 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.19 18:29:12 | 000,084,480 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe
PRC - [2012.11.19 18:27:22 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe
PRC - [2012.11.01 05:14:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.05 16:30:27 | 001,462,376 | ---- | M] (Mail.Ru) -- C:\Users\Steven250779\AppData\Local\Mail.Ru\MailRuUpdater.exe
PRC - [2012.07.13 08:01:48 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.07.13 08:01:15 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7M\ICQ.exe
PRC - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.04.01 10:46:16 | 000,159,912 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.01 10:46:12 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2001.03.26 05:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.11 21:51:46 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.12.05 23:37:53 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.13 08:01:48 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2012.07.02 08:11:30 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2012.06.17 14:22:08 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2012.05.16 20:01:30 | 000,140,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua52.dll
MOD - [2012.01.09 18:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt32.dll
MOD - [2010.12.12 11:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010.12.12 11:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010.12.12 11:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010.12.12 11:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010.12.12 11:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010.12.12 11:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2001.03.26 05:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
MOD - [2001.03.16 14:30:02 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 21:51:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 23:37:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.01 05:14:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 08:01:48 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.04.01 10:46:12 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.13 07:14:55 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2012.07.13 07:14:55 | 000,063,648 | ---- | M] (Siano) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smsbda.sys -- (smsbda)
DRV:64bit: - [2012.07.13 06:46:34 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 12:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.07.01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2012.07.24 10:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=2515827156364216&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=2515827156364216&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 6C B6 3B BF 60 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=2515827156364216&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=2515827156364216&o=APN10649&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Steven250779\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.01 19:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 23:37:53 | 000,000,000 | ---D | M]
 
[2012.12.27 12:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\Extensions
[2012.12.27 12:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\Firefox\Profiles\kjr7aiaw.default\extensions
[2012.07.25 16:20:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Steven250779\AppData\Roaming\mozilla\Firefox\Profiles\kjr7aiaw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.11.21 16:53:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steven250779\AppData\Roaming\mozilla\Firefox\Profiles\kjr7aiaw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.23 11:43:25 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\extensions\ciuvo-extension@icq.de.xpi
[2012.09.18 13:25:48 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.12.12 13:21:04 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 16:45:55 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.24 00:49:13 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-1.xml
[2012.07.27 01:15:03 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-2.xml
[2012.08.31 14:52:31 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-3.xml
[2012.09.15 08:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-4.xml
[2012.10.14 03:01:58 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-5.xml
[2012.10.28 05:14:12 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-6.xml
[2012.12.10 04:14:35 | 000,000,950 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin-7.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\icqplugin.xml
[2012.12.26 12:40:15 | 000,002,683 | ---- | M] () -- C:\Users\Steven250779\AppData\Roaming\mozilla\firefox\profiles\kjr7aiaw.default\searchplugins\Search_Results.xml
[2012.12.27 12:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.01 19:59:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.05 23:37:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 08:01:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.26 12:40:15 | 000,002,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - Extension: YouTube = C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - 10 - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\PROGRA~2\FUJITS~2\OSDUTI~1.EXE (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Fujitsu Wireless Control] C:\PROGRA~2\FUJITS~2\WIRELE~1.EXE (Quanta Company)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [Launch Manager] C:\PROGRA~2\FUJITS~1\LAUNCH~1.EXE (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SEF40.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Steven250779\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MailRuUpdater] C:\Users\Steven250779\AppData\Local\Mail.Ru\MailRuUpdater.exe (Mail.Ru)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BB8EEF9-E649-45B3-93BB-E73EA33A47C5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F4DE924-5D86-47A0-B31B-193FDA0569AE}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7c250eff-ccaf-11e1-92d7-000df0783ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c250eff-ccaf-11e1-92d7-000df0783ee4}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: TotalMediaTVMonitor - hkey= - key= - C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\Malwarebytes
[2012.12.28 18:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.28 18:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.28 18:02:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.28 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.28 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\Programs
[2012.12.27 15:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2012.12.27 13:19:32 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{A826DF9E-1428-4A14-AE57-448D00F9DCEA}
[2012.12.26 17:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{C31C6B01-125A-477E-B3B0-0B35C977D7B4}
[2012.12.26 15:15:55 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012.12.26 12:51:58 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2012.12.26 12:51:55 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\FreeFLVConverter
[2012.12.26 12:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2012.12.26 10:18:20 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{AED56209-D2E1-43C7-A031-60A35D0A5E64}
[2012.12.25 21:14:56 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\Apple Computer
[2012.12.25 21:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.12.25 21:12:29 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\IObit
[2012.12.25 21:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.12.25 11:40:28 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{0C49469F-490B-4B8A-A361-B566E424C8A9}
[2012.12.24 13:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012.12.24 13:33:04 | 000,000,000 | ---D | C] -- C:\Intel
[2012.12.24 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.12.24 13:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fujitsu OSD Utility
[2012.12.24 13:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.24 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\Broadcom
[2012.12.24 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\Documents\Bluetooth-Exchange-Ordner
[2012.12.24 13:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012.12.24 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{1E9B4A45-BEFA-43A3-B535-42AA138AE1DE}
[2012.12.23 22:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fujitsu
[2012.12.23 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{9EF8797E-4B4B-4C08-B725-0C0EA69A2941}
[2012.12.22 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\SCE
[2012.12.22 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{F69F30D3-B9EB-46DD-81A9-811F45CA1683}
[2012.12.21 12:57:31 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{2CA01783-30C2-47B1-954E-096E1EDFF972}
[2012.12.20 07:59:32 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{B3C45EC0-EFA8-41AA-AE36-EE67730A0DDB}
[2012.12.19 09:15:03 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{48F6A98B-521B-41A5-82AF-30DA87B9F1B4}
[2012.12.18 09:37:50 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{280D0493-088E-4E52-B76B-C9B6AA1CA06D}
[2012.12.17 19:09:40 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{1A442085-750A-4709-9DAA-94CB05D2CE79}
[2012.12.16 10:05:19 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{347545DE-7CD6-4D39-96B2-120F3265DA83}
[2012.12.14 18:40:01 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{B9457002-52C0-4201-A283-290A585C98B7}
[2012.12.13 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{0966F47E-9400-42B3-BE9A-FA08C4F81222}
[2012.12.13 00:46:22 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{21EB0D10-7AD1-4BA1-BEA8-9A24B80B4E5D}
[2012.12.12 12:45:55 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{B899B682-2C45-44C2-88E5-BE2CE7F6ACF9}
[2012.12.11 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{5B331665-C3D6-4F2E-B7CD-737A730FD4D1}
[2012.12.11 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{9D09F3B0-57D0-43A1-B291-11EEAF9A45C0}
[2012.12.10 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{04A3F89D-DD82-40EC-B652-5A8496C26193}
[2012.12.09 17:31:38 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{3ED3C829-B359-4ECC-993A-BE0A325A940F}
[2012.12.09 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\FileMaker
[2012.12.09 13:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\BewerbungsMaster
[2012.12.09 13:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2012.12.08 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{8F7D31FD-32FE-4694-82AB-EFA42BF885E8}
[2012.12.08 00:20:21 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\Documents\MAGIX
[2012.12.08 00:20:11 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\MAGIX
[2012.12.08 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\Xara
[2012.12.08 00:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.12.08 00:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012.12.08 00:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.08 00:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.12.08 00:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.12.07 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{5ED99057-E8D0-488A-91C4-17842157A801}
[2012.12.07 09:31:44 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{B1402B82-F840-4ACA-B38A-99EF9D033509}
[2012.12.06 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{EBF1DA39-1E6C-4993-A48F-D2A151EB7220}
[2012.12.05 23:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\PDF24
[2012.12.05 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\Documents\Bewerbung
[2012.12.05 13:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{90568FB1-115B-40CA-964E-27BA0055B88D}
[2012.12.05 13:29:18 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\Epson
[2012.12.05 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.12.05 13:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.12.05 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012.12.05 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2012.12.05 13:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint
[2012.12.05 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{DAA55416-42D8-417B-BF83-5F053654E2C1}
[2012.12.05 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.12.05 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{39FAC56D-87D0-4747-BE98-00A7045271C9}
[2012.12.05 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{DD3FE945-D7C4-4DE2-9789-191848090D68}
[2012.12.04 19:11:49 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{B9996D93-AC13-4020-9D3E-40125836D352}
[2012.12.04 02:57:25 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{311A1615-ACC8-485C-88C8-7E8A42D536A7}
[2012.12.03 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\Documents\Steganos Safe
[2012.12.03 16:31:05 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Roaming\Steganos
[2012.12.03 16:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 2012
[2012.12.03 16:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2012.12.03 16:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Safe 2012
[2012.12.03 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{DF900CE7-1802-4F08-9B7D-F46F68122E26}
[2012.12.02 13:33:04 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\Documents\Meine empfangenen Dateien
[2012.12.02 12:52:31 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{667B0B86-1ECB-4270-AE97-E6AF5621535C}
[2012.12.01 10:15:00 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{31DE207F-2CC7-4BB4-A77C-96F2D0F19CA8}
[2012.11.30 08:59:42 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{4A3C3B92-91E3-4504-AF2A-33300F3FA6FB}
[2012.11.29 09:40:46 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{0B2F250C-0D31-4C84-B09B-C17F3DEABD21}
[2012.11.28 21:54:27 | 000,000,000 | ---D | C] -- C:\Users\Steven250779\AppData\Local\{48517F76-B074-4F1E-A269-569E499BF070}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 19:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.28 19:38:02 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000UA.job
[2012.12.28 18:02:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 11:33:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 11:33:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 11:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 11:25:52 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 23:19:34 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.27 23:19:34 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.27 23:19:34 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.27 23:19:34 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.27 23:19:34 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.26 16:12:31 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2012.12.26 10:38:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000Core.job
[2012.12.24 13:28:50 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.12.23 14:27:08 | 000,295,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.09 15:02:49 | 000,000,626 | ---- | M] () -- C:\Windows\ST6UNST0.MIF
[2012.12.08 00:20:06 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.05 16:36:19 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012.12.05 13:24:57 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.05 13:17:55 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.12.03 16:31:00 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Steganos Safe.lnk
[2012.12.01 18:42:00 | 000,166,724 | ---- | M] () -- C:\Windows\SysWow64\MSForms.exd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.28 18:02:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.26 16:12:31 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2012.12.26 12:51:56 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012.12.26 12:51:56 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012.12.26 12:51:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012.12.24 13:27:22 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.12.09 15:02:46 | 000,000,626 | ---- | C] () -- C:\Windows\ST6UNST0.MIF
[2012.12.08 00:20:06 | 000,001,222 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Foto & Grafik Designer 6 SE.lnk
[2012.12.05 16:36:19 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.12.05 13:24:57 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.05 13:18:22 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.12.05 13:18:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.12.05 13:18:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.12.05 13:18:22 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.12.05 13:18:22 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.12.05 13:18:22 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.12.05 13:18:22 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.12.05 13:18:22 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012.12.05 13:18:22 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.12.05 13:18:22 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2012.12.05 13:18:22 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012.12.05 13:18:22 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012.12.05 13:18:22 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2012.12.05 13:18:22 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012.12.05 13:18:22 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012.12.05 13:18:22 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2012.12.05 13:18:22 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012.12.05 13:18:22 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2012.12.05 13:18:22 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2012.12.05 13:18:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.12.05 13:18:22 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2012.12.05 13:18:22 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2012.12.05 13:18:22 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.12.05 13:18:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.12.05 13:18:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.12.05 13:18:22 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.12.05 13:18:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.12.05 13:18:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.12.05 13:18:22 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.12.05 13:18:22 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.12.05 13:18:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.12.05 13:18:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.12.05 13:10:57 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.12.03 16:31:00 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Steganos Safe.lnk
[2012.12.01 18:42:00 | 000,166,724 | ---- | C] () -- C:\Windows\SysWow64\MSForms.exd
[2012.11.05 21:10:08 | 000,002,019 | ---- | C] () -- C:\Program Files\Adobe Reader XI.lnk
[2012.11.04 18:58:48 | 000,005,120 | ---- | C] () -- C:\Users\Steven250779\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.04 17:49:52 | 000,001,239 | ---- | C] () -- C:\Program Files\DVDVideoSoft Free Studio.lnk
[2012.11.04 12:52:12 | 000,001,933 | ---- | C] () -- C:\Program Files\Rainlendar2.lnk
[2012.10.04 21:51:28 | 000,000,967 | ---- | C] () -- C:\Program Files\TeamSpeak 3 Client.lnk
[2012.08.26 18:17:33 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.07.13 12:00:03 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.13 11:12:02 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.13 11:12:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.13 11:11:59 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2012.07.13 06:38:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\ArmA II Launcher
[2012.12.03 20:57:16 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\Audacity
[2012.09.12 01:49:17 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 17:50:03 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\DVDVideoSoft
[2012.11.04 17:50:01 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.05 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\Epson
[2012.12.26 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\FreeFLVConverter
[2012.12.28 11:26:55 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\ICQ
[2012.07.13 08:02:15 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\ICQ Search
[2012.12.26 15:06:00 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\IObit
[2012.12.08 00:20:11 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\MAGIX
[2012.12.03 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\Steganos
[2012.10.05 03:21:15 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\TS3Client
[2012.11.22 09:40:41 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\Wargaming.net
[2012.07.25 16:19:40 | 000,000,000 | ---D | M] -- C:\Users\Steven250779\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.13 14:34:44 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.09.10 09:33:21 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000Core.job
[2012.09.10 09:33:22 | 000,000,956 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000UA.job
 
< %SYSTEMDRIVE%\*. >
[2012.07.20 19:56:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.13 06:22:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.21 18:59:09 | 000,000,000 | ---D | M] -- C:\Games
[2012.12.24 13:33:04 | 000,000,000 | ---D | M] -- C:\Intel
[2012.09.30 22:37:58 | 000,000,000 | ---D | M] -- C:\LAN
[2012.07.13 17:14:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.24 13:27:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.28 18:02:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.28 18:02:29 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.07.13 06:22:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.13 06:23:07 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.01 05:03:30 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.12.28 20:22:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.14 17:25:02 | 000,000,000 | ---D | M] -- C:\temp
[2012.10.22 18:19:36 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.28 12:53:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.11.14 02:48:27 | 000,420,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\vbscript.dll
 
< %USERPROFILE%\*.* >
[2012.12.28 20:37:12 | 002,883,584 | ---- | M] () -- C:\Users\Steven250779\NTUSER.DAT
[2012.12.28 20:37:12 | 000,262,144 | -HS- | M] () -- C:\Users\Steven250779\ntuser.dat.LOG1
[2012.07.13 06:23:18 | 000,000,000 | -HS- | M] () -- C:\Users\Steven250779\ntuser.dat.LOG2
[2012.07.13 06:54:27 | 000,065,536 | -HS- | M] () -- C:\Users\Steven250779\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.07.13 06:54:27 | 000,524,288 | -HS- | M] () -- C:\Users\Steven250779\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.07.13 06:54:27 | 000,524,288 | -HS- | M] () -- C:\Users\Steven250779\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.07.13 06:23:18 | 000,000,020 | -HS- | M] () -- C:\Users\Steven250779\ntuser.ini
[2012.12.05 13:15:37 | 000,000,000 | ---- | M] () -- C:\Users\Steven250779\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

Und wie gehts jetzt weiter ?

Hallo Markusg
__________________
Alt 02.01.2013, 21:42   #4
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Hi
malwarebytes, logdateien, Berichte mit Funden posten.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 23:28   #5
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


23:10:36.0867 3976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:10:37.0117 3976 ============================================================
23:10:37.0117 3976 Current date / time: 2013/01/02 23:10:37.0117
23:10:37.0117 3976 SystemInfo:
23:10:37.0117 3976
23:10:37.0117 3976 OS Version: 6.1.7601 ServicePack: 1.0
23:10:37.0117 3976 Product type: Workstation
23:10:37.0117 3976 ComputerName: STEVEN250779-PC
23:10:37.0117 3976 UserName: Steven250779
23:10:37.0117 3976 Windows directory: C:\Windows
23:10:37.0117 3976 System windows directory: C:\Windows
23:10:37.0117 3976 Running under WOW64
23:10:37.0117 3976 Processor architecture: Intel x64
23:10:37.0117 3976 Number of processors: 2
23:10:37.0117 3976 Page size: 0x1000
23:10:37.0117 3976 Boot type: Normal boot
23:10:37.0117 3976 ============================================================
23:10:38.0037 3976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:10:38.0053 3976 ============================================================
23:10:38.0053 3976 \Device\Harddisk0\DR0:
23:10:38.0053 3976 MBR partitions:
23:10:38.0053 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x40466C, BlocksNum 0x39F811C4
23:10:38.0053 3976 ============================================================
23:10:38.0100 3976 C: <-> \Device\Harddisk0\DR0\Partition1
23:10:38.0100 3976 ============================================================
23:10:38.0100 3976 Initialize success
23:10:38.0100 3976 ============================================================
23:12:40.0817 2532 ============================================================
23:12:40.0817 2532 Scan started
23:12:40.0817 2532 Mode: Manual; SigCheck; TDLFS;
23:12:40.0817 2532 ============================================================
23:12:41.0441 2532 ================ Scan system memory ========================
23:12:41.0441 2532 System memory - ok
23:12:41.0441 2532 ================ Scan services =============================
23:12:42.0003 2532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:12:42.0658 2532 1394ohci - ok
23:12:42.0721 2532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:12:42.0752 2532 ACPI - ok
23:12:42.0783 2532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:12:43.0001 2532 AcpiPmi - ok
23:12:43.0173 2532 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:12:43.0204 2532 AdobeARMservice - ok
23:12:43.0844 2532 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:12:43.0875 2532 AdobeFlashPlayerUpdateSvc - ok
23:12:43.0922 2532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:12:43.0969 2532 adp94xx - ok
23:12:44.0015 2532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:12:44.0047 2532 adpahci - ok
23:12:44.0062 2532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:12:44.0109 2532 adpu320 - ok
23:12:44.0140 2532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:12:44.0515 2532 AeLookupSvc - ok
23:12:44.0577 2532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:12:44.0733 2532 AFD - ok
23:12:44.0764 2532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:12:44.0780 2532 agp440 - ok
23:12:44.0811 2532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:12:44.0889 2532 ALG - ok
23:12:44.0920 2532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:12:44.0936 2532 aliide - ok
23:12:44.0951 2532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:12:44.0983 2532 amdide - ok
23:12:45.0045 2532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:12:45.0154 2532 AmdK8 - ok
23:12:45.0232 2532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:12:45.0341 2532 AmdPPM - ok
23:12:45.0435 2532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:12:45.0466 2532 amdsata - ok
23:12:45.0497 2532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:12:45.0513 2532 amdsbs - ok
23:12:45.0591 2532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:12:45.0607 2532 amdxata - ok
23:12:45.0700 2532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:12:46.0293 2532 AppID - ok
23:12:46.0324 2532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:12:46.0387 2532 AppIDSvc - ok
23:12:46.0449 2532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:12:46.0527 2532 Appinfo - ok
23:12:46.0605 2532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:12:46.0621 2532 arc - ok
23:12:46.0652 2532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:12:46.0683 2532 arcsas - ok
23:12:46.0995 2532 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:12:47.0026 2532 aspnet_state - ok
23:12:47.0042 2532 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:12:47.0479 2532 aswFsBlk - ok
23:12:47.0541 2532 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:12:47.0557 2532 aswMonFlt - ok
23:12:47.0588 2532 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
23:12:47.0603 2532 aswRdr - ok
23:12:47.0728 2532 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:12:47.0822 2532 aswSnx - ok
23:12:47.0900 2532 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:12:47.0978 2532 aswSP - ok
23:12:47.0993 2532 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:12:48.0009 2532 aswTdi - ok
23:12:48.0009 2532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:12:48.0087 2532 AsyncMac - ok
23:12:48.0118 2532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:12:48.0150 2532 atapi - ok
23:12:48.0212 2532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:12:48.0352 2532 AudioEndpointBuilder - ok
23:12:48.0384 2532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:12:48.0430 2532 AudioSrv - ok
23:12:48.0586 2532 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:12:48.0602 2532 avast! Antivirus - ok
23:12:48.0633 2532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:12:48.0820 2532 AxInstSV - ok
23:12:48.0883 2532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:12:48.0976 2532 b06bdrv - ok
23:12:48.0992 2532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:12:49.0132 2532 b57nd60a - ok
23:12:49.0226 2532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:12:49.0288 2532 BDESVC - ok
23:12:49.0304 2532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:12:49.0429 2532 Beep - ok
23:12:49.0569 2532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:12:49.0632 2532 BFE - ok
23:12:49.0772 2532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:12:49.0959 2532 BITS - ok
23:12:49.0975 2532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:12:50.0022 2532 blbdrive - ok
23:12:50.0053 2532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:12:50.0146 2532 bowser - ok
23:12:50.0162 2532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:12:50.0256 2532 BrFiltLo - ok
23:12:50.0271 2532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:12:50.0287 2532 BrFiltUp - ok
23:12:50.0334 2532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:12:50.0474 2532 Browser - ok
23:12:50.0505 2532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:12:50.0630 2532 Brserid - ok
23:12:50.0661 2532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:12:50.0708 2532 BrSerWdm - ok
23:12:50.0739 2532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:12:50.0770 2532 BrUsbMdm - ok
23:12:50.0802 2532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:12:50.0833 2532 BrUsbSer - ok
23:12:50.0880 2532 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:12:51.0067 2532 BthEnum - ok
23:12:51.0082 2532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:12:51.0129 2532 BTHMODEM - ok
23:12:51.0160 2532 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:12:51.0270 2532 BthPan - ok
23:12:51.0332 2532 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:12:51.0426 2532 BTHPORT - ok
23:12:51.0457 2532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:12:51.0550 2532 bthserv - ok
23:12:51.0582 2532 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:12:51.0628 2532 BTHUSB - ok
23:12:51.0675 2532 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
23:12:51.0691 2532 btusbflt - ok
23:12:51.0722 2532 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:12:51.0753 2532 btwaudio - ok
23:12:51.0784 2532 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
23:12:51.0800 2532 btwavdt - ok
23:12:51.0909 2532 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:12:51.0956 2532 btwdins - ok
23:12:51.0987 2532 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:12:52.0003 2532 btwl2cap - ok
23:12:52.0034 2532 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:12:52.0050 2532 btwrchid - ok
23:12:52.0065 2532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:12:52.0128 2532 cdfs - ok
23:12:52.0174 2532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:12:52.0221 2532 cdrom - ok
23:12:52.0268 2532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:12:52.0486 2532 CertPropSvc - ok
23:12:52.0533 2532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:12:52.0580 2532 circlass - ok
23:12:52.0627 2532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:12:52.0658 2532 CLFS - ok
23:12:52.0767 2532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:12:52.0783 2532 clr_optimization_v2.0.50727_32 - ok
23:12:52.0845 2532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:12:52.0861 2532 clr_optimization_v2.0.50727_64 - ok
23:12:52.0954 2532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:12:53.0001 2532 clr_optimization_v4.0.30319_32 - ok
23:12:53.0064 2532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:12:53.0079 2532 clr_optimization_v4.0.30319_64 - ok
23:12:53.0110 2532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:12:53.0173 2532 CmBatt - ok
23:12:53.0204 2532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:12:53.0235 2532 cmdide - ok
23:12:53.0266 2532 [ 2BE0B819E0E1551136F4967660DF89B4 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
23:12:53.0360 2532 cmnsusbser - ok
23:12:53.0422 2532 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:12:53.0516 2532 CNG - ok
23:12:53.0547 2532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:12:53.0563 2532 Compbatt - ok
23:12:53.0578 2532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:12:53.0641 2532 CompositeBus - ok
23:12:53.0641 2532 COMSysApp - ok
23:12:53.0656 2532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:12:53.0688 2532 crcdisk - ok
23:12:53.0797 2532 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:12:53.0922 2532 CryptSvc - ok
23:12:53.0968 2532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:12:54.0031 2532 DcomLaunch - ok
23:12:54.0124 2532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:12:54.0249 2532 defragsvc - ok
23:12:54.0280 2532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:12:54.0358 2532 DfsC - ok
23:12:54.0421 2532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:12:54.0546 2532 Dhcp - ok
23:12:54.0608 2532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:12:54.0702 2532 discache - ok
23:12:54.0764 2532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:12:54.0780 2532 Disk - ok
23:12:54.0811 2532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:12:54.0858 2532 Dnscache - ok
23:12:54.0920 2532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:12:54.0998 2532 dot3svc - ok
23:12:55.0029 2532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:12:55.0107 2532 DPS - ok
23:12:55.0138 2532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:12:55.0216 2532 drmkaud - ok
23:12:55.0466 2532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:12:55.0528 2532 DXGKrnl - ok
23:12:55.0560 2532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:12:55.0622 2532 EapHost - ok
23:12:55.0809 2532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:12:55.0981 2532 ebdrv - ok
23:12:55.0996 2532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:12:56.0121 2532 EFS - ok
23:12:56.0308 2532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:12:56.0449 2532 ehRecvr - ok
23:12:56.0496 2532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:12:56.0560 2532 ehSched - ok
23:12:56.0710 2532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:12:56.0820 2532 elxstor - ok
23:12:56.0850 2532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:12:56.0920 2532 ErrDev - ok
23:12:57.0060 2532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:12:57.0126 2532 EventSystem - ok
23:12:57.0142 2532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:12:57.0188 2532 exfat - ok
23:12:57.0220 2532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:12:57.0282 2532 fastfat - ok
23:12:57.0391 2532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:12:57.0532 2532 Fax - ok
23:12:57.0532 2532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:12:57.0563 2532 fdc - ok
23:12:57.0594 2532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:12:57.0656 2532 fdPHost - ok
23:12:57.0672 2532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:12:57.0734 2532 FDResPub - ok
23:12:57.0766 2532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:12:57.0781 2532 FileInfo - ok
23:12:57.0797 2532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:12:57.0875 2532 Filetrace - ok
23:12:57.0890 2532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:12:57.0906 2532 flpydisk - ok
23:12:57.0953 2532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:12:57.0984 2532 FltMgr - ok
23:12:58.0078 2532 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:12:58.0187 2532 FontCache - ok
23:12:58.0234 2532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:12:58.0249 2532 FontCache3.0.0.0 - ok
23:12:58.0280 2532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:12:58.0312 2532 FsDepends - ok
23:12:58.0343 2532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:12:58.0358 2532 Fs_Rec - ok
23:12:58.0405 2532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:12:58.0421 2532 fvevol - ok
23:12:58.0452 2532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:12:58.0483 2532 gagp30kx - ok
23:12:58.0592 2532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:12:58.0733 2532 gpsvc - ok
23:12:58.0920 2532 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
23:12:59.0045 2532 Guard.Mail.ru - ok
23:12:59.0076 2532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:12:59.0170 2532 hcw85cir - ok
23:12:59.0216 2532 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:12:59.0263 2532 HdAudAddService - ok
23:12:59.0279 2532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:12:59.0326 2532 HDAudBus - ok
23:12:59.0372 2532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:12:59.0419 2532 HidBatt - ok
23:12:59.0435 2532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:12:59.0497 2532 HidBth - ok
23:12:59.0528 2532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:12:59.0560 2532 HidIr - ok
23:12:59.0591 2532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:12:59.0684 2532 hidserv - ok
23:12:59.0747 2532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:12:59.0778 2532 HidUsb - ok
23:12:59.0856 2532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:12:59.0950 2532 hkmsvc - ok
23:12:59.0981 2532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:13:00.0090 2532 HomeGroupListener - ok
23:13:00.0152 2532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:13:00.0184 2532 HomeGroupProvider - ok
23:13:00.0215 2532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:13:00.0230 2532 HpSAMD - ok
23:13:00.0355 2532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:13:00.0480 2532 HTTP - ok
23:13:00.0511 2532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:13:00.0527 2532 hwpolicy - ok
23:13:00.0558 2532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:13:00.0589 2532 i8042prt - ok
23:13:00.0683 2532 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:13:00.0714 2532 IAANTMON - ok
23:13:00.0808 2532 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:13:00.0823 2532 iaStor - ok
23:13:00.0901 2532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:13:00.0932 2532 iaStorV - ok
23:13:00.0979 2532 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
23:13:01.0010 2532 ICQ Service - ok
23:13:01.0104 2532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:13:01.0151 2532 idsvc - ok
23:13:01.0166 2532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:13:01.0198 2532 iirsp - ok
23:13:01.0307 2532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:13:01.0400 2532 IKEEXT - ok
23:13:01.0447 2532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:13:01.0463 2532 intelide - ok
23:13:01.0478 2532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:13:01.0510 2532 intelppm - ok
23:13:01.0556 2532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:13:01.0634 2532 IPBusEnum - ok
23:13:01.0728 2532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:01.0790 2532 IpFilterDriver - ok
23:13:01.0853 2532 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:13:01.0962 2532 iphlpsvc - ok
23:13:01.0993 2532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:13:02.0024 2532 IPMIDRV - ok
23:13:02.0071 2532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:13:02.0134 2532 IPNAT - ok
23:13:02.0149 2532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:13:02.0383 2532 IRENUM - ok
23:13:02.0430 2532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:13:02.0461 2532 isapnp - ok
23:13:02.0524 2532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:13:02.0539 2532 iScsiPrt - ok
23:13:02.0555 2532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:13:02.0586 2532 kbdclass - ok
23:13:02.0602 2532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:13:02.0648 2532 kbdhid - ok
23:13:02.0695 2532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:13:02.0742 2532 KeyIso - ok
23:13:02.0773 2532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:13:02.0789 2532 KSecDD - ok
23:13:02.0820 2532 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:13:02.0836 2532 KSecPkg - ok
23:13:02.0867 2532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:13:02.0960 2532 ksthunk - ok
23:13:03.0023 2532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:13:03.0085 2532 KtmRm - ok
23:13:03.0132 2532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:13:03.0194 2532 LanmanServer - ok
23:13:03.0257 2532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:13:03.0335 2532 LanmanWorkstation - ok
23:13:03.0366 2532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:13:03.0428 2532 lltdio - ok
23:13:03.0506 2532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:13:03.0584 2532 lltdsvc - ok
23:13:03.0584 2532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:13:03.0631 2532 lmhosts - ok
23:13:03.0662 2532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:13:03.0678 2532 LSI_FC - ok
23:13:03.0694 2532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:13:03.0709 2532 LSI_SAS - ok
23:13:03.0725 2532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:13:03.0740 2532 LSI_SAS2 - ok
23:13:03.0756 2532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:13:03.0803 2532 LSI_SCSI - ok
23:13:03.0850 2532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:13:03.0912 2532 luafv - ok
23:13:03.0974 2532 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:13:03.0990 2532 MBAMProtector - ok
23:13:04.0115 2532 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:13:04.0130 2532 MBAMScheduler - ok
23:13:04.0193 2532 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:13:04.0255 2532 MBAMService - ok
23:13:04.0302 2532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:13:04.0349 2532 Mcx2Svc - ok
23:13:04.0380 2532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:13:04.0396 2532 megasas - ok
23:13:04.0411 2532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:13:04.0442 2532 MegaSR - ok
23:13:04.0474 2532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:13:04.0536 2532 MMCSS - ok
23:13:04.0552 2532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:13:04.0630 2532 Modem - ok
23:13:04.0645 2532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:13:04.0723 2532 monitor - ok
23:13:04.0770 2532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:13:04.0801 2532 mouclass - ok
23:13:04.0817 2532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:13:04.0864 2532 mouhid - ok
23:13:04.0879 2532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:13:04.0895 2532 mountmgr - ok
23:13:04.0957 2532 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:13:04.0988 2532 MozillaMaintenance - ok
23:13:05.0004 2532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:13:05.0035 2532 mpio - ok
23:13:05.0066 2532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:13:05.0113 2532 mpsdrv - ok
23:13:05.0191 2532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:13:05.0363 2532 MpsSvc - ok
23:13:05.0410 2532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:13:05.0488 2532 MRxDAV - ok
23:13:05.0550 2532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:05.0597 2532 mrxsmb - ok
23:13:05.0612 2532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:05.0675 2532 mrxsmb10 - ok
23:13:05.0737 2532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:05.0768 2532 mrxsmb20 - ok
23:13:05.0800 2532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:13:05.0831 2532 msahci - ok
23:13:05.0862 2532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:13:05.0893 2532 msdsm - ok
23:13:05.0909 2532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:13:05.0971 2532 MSDTC - ok
23:13:05.0987 2532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:13:06.0034 2532 Msfs - ok
23:13:06.0080 2532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:13:06.0127 2532 mshidkmdf - ok
23:13:06.0143 2532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:13:06.0174 2532 msisadrv - ok
23:13:06.0205 2532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:13:06.0252 2532 MSiSCSI - ok
23:13:06.0268 2532 msiserver - ok
23:13:06.0283 2532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:13:06.0330 2532 MSKSSRV - ok
23:13:06.0377 2532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:06.0502 2532 MSPCLOCK - ok
23:13:06.0533 2532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:13:06.0611 2532 MSPQM - ok
23:13:06.0720 2532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:13:06.0751 2532 MsRPC - ok
23:13:06.0782 2532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:13:06.0798 2532 mssmbios - ok
23:13:06.0829 2532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:13:06.0892 2532 MSTEE - ok
23:13:06.0923 2532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:13:06.0985 2532 MTConfig - ok
23:13:07.0032 2532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:13:07.0048 2532 Mup - ok
23:13:07.0110 2532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:13:07.0219 2532 napagent - ok
23:13:07.0266 2532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:13:07.0313 2532 NativeWifiP - ok
23:13:07.0391 2532 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:13:07.0438 2532 NDIS - ok
23:13:07.0484 2532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:13:07.0531 2532 NdisCap - ok
23:13:07.0547 2532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:07.0594 2532 NdisTapi - ok
23:13:07.0656 2532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:07.0703 2532 Ndisuio - ok
23:13:07.0734 2532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:07.0781 2532 NdisWan - ok
23:13:07.0828 2532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:13:07.0890 2532 NDProxy - ok
23:13:07.0921 2532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:13:07.0984 2532 NetBIOS - ok
23:13:08.0015 2532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:13:08.0093 2532 NetBT - ok
23:13:08.0108 2532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:13:08.0171 2532 Netlogon - ok
23:13:08.0202 2532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:13:08.0311 2532 Netman - ok
23:13:08.0389 2532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:08.0405 2532 NetMsmqActivator - ok
23:13:08.0405 2532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:08.0420 2532 NetPipeActivator - ok
23:13:08.0498 2532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:13:08.0576 2532 netprofm - ok
23:13:08.0592 2532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:08.0608 2532 NetTcpActivator - ok
23:13:08.0608 2532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:08.0623 2532 NetTcpPortSharing - ok
23:13:08.0701 2532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:13:08.0717 2532 nfrd960 - ok
23:13:08.0748 2532 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:13:08.0795 2532 NlaSvc - ok
23:13:08.0810 2532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:13:08.0857 2532 Npfs - ok
23:13:08.0888 2532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:13:08.0935 2532 nsi - ok
23:13:08.0966 2532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:13:09.0029 2532 nsiproxy - ok
23:13:09.0263 2532 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:13:09.0356 2532 Ntfs - ok
23:13:09.0403 2532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:13:09.0481 2532 Null - ok
23:13:09.0497 2532 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:13:09.0528 2532 NVHDA - ok
23:13:10.0698 2532 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:13:11.0152 2532 nvlddmkm - ok
23:13:11.0174 2532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:13:11.0195 2532 nvraid - ok
23:13:11.0219 2532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:13:11.0239 2532 nvstor - ok
23:13:11.0319 2532 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
23:13:11.0369 2532 nvsvc - ok
23:13:11.0763 2532 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:13:11.0872 2532 nvUpdatusService - ok
23:13:11.0919 2532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:13:11.0935 2532 nv_agp - ok
23:13:11.0966 2532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:13:12.0028 2532 ohci1394 - ok
23:13:12.0091 2532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:13:12.0200 2532 p2pimsvc - ok
23:13:12.0371 2532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:13:12.0496 2532 p2psvc - ok
23:13:12.0559 2532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:13:12.0574 2532 Parport - ok
23:13:12.0605 2532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:13:12.0637 2532 partmgr - ok
23:13:12.0652 2532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:13:12.0793 2532 PcaSvc - ok
23:13:12.0824 2532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:13:12.0839 2532 pci - ok
23:13:12.0933 2532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:13:12.0949 2532 pciide - ok
23:13:13.0058 2532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:13:13.0073 2532 pcmcia - ok
23:13:13.0120 2532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:13:13.0151 2532 pcw - ok
23:13:13.0261 2532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:13:13.0432 2532 PEAUTH - ok
23:13:14.0462 2532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:13:14.0571 2532 PerfHost - ok
23:13:14.0805 2532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:13:14.0992 2532 pla - ok
23:13:15.0101 2532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:13:15.0195 2532 PlugPlay - ok
23:13:15.0195 2532 PnkBstrA - ok
23:13:15.0226 2532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:13:15.0273 2532 PNRPAutoReg - ok
23:13:15.0523 2532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:13:15.0538 2532 PNRPsvc - ok
23:13:15.0679 2532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:13:15.0757 2532 PolicyAgent - ok
23:13:15.0835 2532 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:13:15.0897 2532 Power - ok
23:13:16.0115 2532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:13:16.0459 2532 PptpMiniport - ok
23:13:16.0490 2532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:13:16.0537 2532 Processor - ok
23:13:16.0568 2532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:13:16.0677 2532 ProfSvc - ok
23:13:16.0693 2532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:13:16.0724 2532 ProtectedStorage - ok
23:13:16.0771 2532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:13:16.0817 2532 Psched - ok
23:13:16.0942 2532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:13:17.0005 2532 ql2300 - ok
23:13:17.0036 2532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:13:17.0067 2532 ql40xx - ok
23:13:17.0129 2532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:13:17.0161 2532 QWAVE - ok
23:13:17.0192 2532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:13:17.0270 2532 QWAVEdrv - ok
23:13:17.0270 2532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:13:17.0348 2532 RasAcd - ok
23:13:17.0395 2532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:13:17.0441 2532 RasAgileVpn - ok
23:13:17.0473 2532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:13:17.0519 2532 RasAuto - ok
23:13:17.0582 2532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:17.0629 2532 Rasl2tp - ok
23:13:17.0675 2532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:13:17.0722 2532 RasMan - ok
23:13:17.0753 2532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:17.0816 2532 RasPppoe - ok
23:13:17.0831 2532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:13:17.0878 2532 RasSstp - ok
23:13:17.0941 2532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:13:17.0987 2532 rdbss - ok
23:13:18.0019 2532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:13:18.0081 2532 rdpbus - ok
23:13:18.0097 2532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:18.0175 2532 RDPCDD - ok
23:13:18.0190 2532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:13:18.0268 2532 RDPENCDD - ok
23:13:18.0315 2532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:13:18.0362 2532 RDPREFMP - ok
23:13:18.0393 2532 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:13:18.0455 2532 RdpVideoMiniport - ok
23:13:18.0487 2532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:13:18.0580 2532 RDPWD - ok
23:13:18.0658 2532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:13:18.0689 2532 rdyboost - ok
23:13:18.0814 2532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:13:18.0892 2532 RemoteAccess - ok
23:13:18.0955 2532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:13:19.0033 2532 RemoteRegistry - ok
23:13:19.0064 2532 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:13:19.0111 2532 RFCOMM - ok
23:13:19.0142 2532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:13:19.0189 2532 RpcEptMapper - ok
23:13:19.0220 2532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:13:19.0267 2532 RpcLocator - ok
23:13:19.0345 2532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:13:19.0407 2532 RpcSs - ok
23:13:19.0454 2532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:13:19.0501 2532 rspndr - ok
23:13:19.0547 2532 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:13:19.0579 2532 RSUSBSTOR - ok
23:13:19.0641 2532 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:13:19.0688 2532 RTL8167 - ok
23:13:19.0766 2532 [ 8E843C0340C30994161C10FBA87EEA18 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
23:13:19.0828 2532 rtl8192se - ok
23:13:19.0828 2532 RtsUIR - ok
23:13:19.0844 2532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:13:19.0875 2532 SamSs - ok
23:13:19.0906 2532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:13:19.0922 2532 sbp2port - ok
23:13:19.0953 2532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:13:20.0047 2532 SCardSvr - ok
23:13:20.0109 2532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:13:20.0187 2532 scfilter - ok
23:13:20.0281 2532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:13:20.0390 2532 Schedule - ok
23:13:20.0405 2532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:13:20.0468 2532 SCPolicySvc - ok
23:13:20.0483 2532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:13:20.0530 2532 SDRSVC - ok
23:13:20.0561 2532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:13:20.0639 2532 secdrv - ok
23:13:20.0764 2532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:13:20.0811 2532 seclogon - ok
23:13:20.0858 2532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:13:20.0936 2532 SENS - ok
23:13:20.0951 2532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:13:21.0061 2532 SensrSvc - ok
23:13:21.0092 2532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:13:21.0154 2532 Serenum - ok
23:13:21.0185 2532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:13:21.0217 2532 Serial - ok
23:13:21.0248 2532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:13:21.0295 2532 sermouse - ok
23:13:21.0326 2532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:13:21.0388 2532 SessionEnv - ok
23:13:21.0451 2532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:13:21.0497 2532 sffdisk - ok
23:13:21.0529 2532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:13:21.0560 2532 sffp_mmc - ok
23:13:21.0575 2532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:13:21.0622 2532 sffp_sd - ok
23:13:21.0653 2532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:13:21.0685 2532 sfloppy - ok
23:13:21.0950 2532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:13:22.0028 2532 SharedAccess - ok
23:13:22.0106 2532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:13:22.0168 2532 ShellHWDetection - ok
23:13:22.0199 2532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:13:22.0231 2532 SiSRaid2 - ok
23:13:22.0246 2532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:13:22.0277 2532 SiSRaid4 - ok
23:13:22.0309 2532 [ A42C09C8E60FCDCCE04B722FDD4E8694 ] SLEE_18_DRIVER C:\Windows\Sleen1864.sys
23:13:22.0324 2532 SLEE_18_DRIVER - ok
23:13:22.0340 2532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:13:22.0402 2532 Smb - ok
23:13:22.0449 2532 [ E7EEA18CCD746CCB2EEE66D3C82909E0 ] smsbda C:\Windows\system32\drivers\smsbda.sys
23:13:22.0465 2532 smsbda - ok
23:13:22.0511 2532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:13:22.0605 2532 SNMPTRAP - ok
23:13:22.0652 2532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:13:22.0667 2532 spldr - ok
23:13:22.0777 2532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:13:22.0870 2532 Spooler - ok
23:13:23.0198 2532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:13:23.0432 2532 sppsvc - ok
23:13:23.0525 2532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:13:23.0588 2532 sppuinotify - ok
23:13:23.0713 2532 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
23:13:23.0713 2532 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
23:13:23.0744 2532 sptd ( LockedFile.Multi.Generic ) - warning
23:13:23.0744 2532 sptd - detected LockedFile.Multi.Generic (1)
23:13:23.0806 2532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:13:23.0915 2532 srv - ok
23:13:23.0947 2532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:13:23.0978 2532 srv2 - ok
23:13:24.0025 2532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:13:24.0071 2532 srvnet - ok
23:13:24.0181 2532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:13:24.0259 2532 SSDPSRV - ok
23:13:24.0274 2532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:13:24.0321 2532 SstpSvc - ok
23:13:24.0461 2532 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:13:24.0493 2532 Stereo Service - ok
23:13:24.0539 2532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:13:24.0571 2532 stexstor - ok
23:13:24.0617 2532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:13:24.0695 2532 stisvc - ok
23:13:24.0727 2532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:13:24.0742 2532 swenum - ok
23:13:24.0805 2532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:13:24.0914 2532 swprv - ok
23:13:25.0117 2532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:13:25.0226 2532 SysMain - ok
23:13:25.0319 2532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:13:25.0351 2532 TabletInputService - ok
23:13:25.0382 2532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:13:25.0460 2532 TapiSrv - ok
23:13:25.0522 2532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:13:25.0569 2532 TBS - ok
23:13:25.0709 2532 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:13:25.0803 2532 Tcpip - ok
23:13:25.0943 2532 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:13:26.0053 2532 TCPIP6 - ok
23:13:26.0146 2532 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:13:26.0209 2532 tcpipreg - ok
23:13:26.0255 2532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:13:26.0349 2532 TDPIPE - ok
23:13:26.0380 2532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:13:26.0427 2532 TDTCP - ok
23:13:26.0458 2532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:13:26.0505 2532 tdx - ok
23:13:26.0552 2532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:13:26.0567 2532 TermDD - ok
23:13:26.0677 2532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:13:26.0801 2532 TermService - ok
23:13:26.0864 2532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:13:26.0926 2532 Themes - ok
23:13:26.0942 2532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:13:27.0020 2532 THREADORDER - ok
23:13:27.0067 2532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:13:27.0207 2532 TrkWks - ok
23:13:27.0301 2532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:13:27.0379 2532 TrustedInstaller - ok
23:13:27.0410 2532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:27.0472 2532 tssecsrv - ok
23:13:27.0519 2532 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:13:27.0613 2532 TsUsbFlt - ok
23:13:27.0628 2532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:13:27.0691 2532 tunnel - ok
23:13:27.0753 2532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:13:27.0769 2532 uagp35 - ok
23:13:27.0847 2532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:13:27.0893 2532 udfs - ok
23:13:27.0909 2532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:13:27.0956 2532 UI0Detect - ok
23:13:27.0987 2532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:13:28.0003 2532 uliagpkx - ok
23:13:28.0049 2532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:13:28.0096 2532 umbus - ok
23:13:28.0127 2532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:13:28.0174 2532 UmPass - ok
23:13:28.0221 2532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:13:28.0299 2532 upnphost - ok
23:13:28.0315 2532 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:13:28.0377 2532 usbccgp - ok
23:13:28.0377 2532 USBCCID - ok
23:13:28.0408 2532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:13:28.0471 2532 usbcir - ok
23:13:28.0502 2532 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:13:28.0517 2532 usbehci - ok
23:13:28.0564 2532 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:13:28.0595 2532 usbhub - ok
23:13:28.0611 2532 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:13:28.0642 2532 usbohci - ok
23:13:28.0689 2532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:13:28.0736 2532 usbprint - ok
23:13:28.0767 2532 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:13:28.0783 2532 usbscan - ok
23:13:28.0814 2532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:28.0939 2532 USBSTOR - ok
23:13:28.0954 2532 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:13:28.0985 2532 usbuhci - ok
23:13:29.0017 2532 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:13:29.0048 2532 usbvideo - ok
23:13:29.0063 2532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:13:29.0157 2532 UxSms - ok
23:13:29.0204 2532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:13:29.0297 2532 VaultSvc - ok
23:13:29.0313 2532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:13:29.0344 2532 vdrvroot - ok
23:13:29.0422 2532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:13:29.0516 2532 vds - ok
23:13:29.0531 2532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:29.0563 2532 vga - ok
23:13:29.0578 2532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:13:29.0641 2532 VgaSave - ok
23:13:29.0672 2532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:13:29.0703 2532 vhdmp - ok
23:13:29.0719 2532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:13:29.0734 2532 viaide - ok
23:13:29.0781 2532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:13:29.0797 2532 volmgr - ok
23:13:29.0937 2532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:13:29.0953 2532 volmgrx - ok
23:13:29.0999 2532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:13:30.0093 2532 volsnap - ok
23:13:30.0124 2532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:13:30.0155 2532 vsmraid - ok
23:13:30.0249 2532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:13:30.0389 2532 VSS - ok
23:13:30.0405 2532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:13:30.0452 2532 vwifibus - ok
23:13:30.0467 2532 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:13:30.0545 2532 vwififlt - ok
23:13:30.0561 2532 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:13:30.0592 2532 vwifimp - ok
23:13:30.0701 2532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:13:30.0857 2532 W32Time - ok
23:13:30.0920 2532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:13:30.0967 2532 WacomPen - ok
23:13:31.0029 2532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:13:31.0091 2532 WANARP - ok
23:13:31.0091 2532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:13:31.0138 2532 Wanarpv6 - ok
23:13:31.0247 2532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:13:31.0372 2532 wbengine - ok
23:13:31.0419 2532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:13:31.0450 2532 WbioSrvc - ok
23:13:31.0497 2532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:13:31.0544 2532 wcncsvc - ok
23:13:31.0575 2532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:13:31.0622 2532 WcsPlugInService - ok
23:13:31.0653 2532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:13:31.0669 2532 Wd - ok
23:13:31.0856 2532 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:13:31.0903 2532 Wdf01000 - ok
23:13:31.0949 2532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:13:32.0137 2532 WdiServiceHost - ok
23:13:32.0168 2532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:13:32.0183 2532 WdiSystemHost - ok
23:13:32.0230 2532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:13:32.0277 2532 WebClient - ok
23:13:32.0324 2532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:13:32.0480 2532 Wecsvc - ok
23:13:32.0527 2532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:13:32.0620 2532 wercplsupport - ok
23:13:32.0651 2532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:13:32.0698 2532 WerSvc - ok
23:13:32.0729 2532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:13:32.0776 2532 WfpLwf - ok
23:13:32.0792 2532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:13:32.0823 2532 WIMMount - ok
23:13:32.0839 2532 WinDefend - ok
23:13:32.0854 2532 WinHttpAutoProxySvc - ok
23:13:33.0026 2532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:13:33.0088 2532 Winmgmt - ok
23:13:33.0213 2532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:13:33.0353 2532 WinRM - ok
23:13:33.0447 2532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:13:33.0541 2532 Wlansvc - ok
23:13:33.0806 2532 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:13:33.0915 2532 wlidsvc - ok
23:13:33.0977 2532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:13:34.0087 2532 WmiAcpi - ok
23:13:34.0102 2532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:13:34.0165 2532 wmiApSrv - ok
23:13:34.0196 2532 WMPNetworkSvc - ok
23:13:34.0258 2532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:13:34.0289 2532 WPCSvc - ok
23:13:34.0321 2532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:13:34.0430 2532 WPDBusEnum - ok
23:13:34.0461 2532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:13:34.0523 2532 ws2ifsl - ok
23:13:34.0555 2532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:13:34.0601 2532 wscsvc - ok
23:13:34.0601 2532 WSearch - ok
23:13:34.0679 2532 [ 624809FE31F0EBBA33FD4C98E016DD83 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
23:13:34.0789 2532 WTGService - ok
23:13:34.0991 2532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:13:35.0101 2532 wuauserv - ok
23:13:35.0132 2532 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:13:35.0194 2532 WudfPf - ok
23:13:35.0225 2532 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:35.0241 2532 WUDFRd - ok
23:13:35.0272 2532 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:13:35.0303 2532 wudfsvc - ok
23:13:35.0366 2532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:13:35.0397 2532 WwanSvc - ok
23:13:35.0428 2532 [ D6997BE36260B0E2AD1ED223460ACD91 ] XS Stick Service C:\Windows\service4g.exe
23:13:35.0459 2532 XS Stick Service - ok
23:13:35.0459 2532 ================ Scan global ===============================
23:13:35.0506 2532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:13:35.0537 2532 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:13:35.0553 2532 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:13:35.0584 2532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:13:35.0647 2532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:13:35.0662 2532 [Global] - ok
23:13:35.0662 2532 ================ Scan MBR ==================================
23:13:35.0678 2532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:13:37.0893 2532 \Device\Harddisk0\DR0 - ok
23:13:37.0893 2532 ================ Scan VBR ==================================
23:13:37.0940 2532 [ ECB6137FE996E7FB21B8A6A06AC69049 ] \Device\Harddisk0\DR0\Partition1
23:13:37.0940 2532 \Device\Harddisk0\DR0\Partition1 - ok
23:13:37.0940 2532 ============================================================
23:13:37.0940 2532 Scan finished
23:13:37.0940 2532 ============================================================
23:13:37.0940 4628 Detected object count: 1
23:13:37.0940 4628 Actual detected object count: 1
23:16:26.0207 4628 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:16:26.0207 4628 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steven250779 :: STEVEN250779-PC [Administrator]

Schutz: Aktiviert

02.01.2013 22:58:00
mbam-log-2013-01-02 (22-58-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349536
Laufzeit: 43 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 03.01.2013, 18:41   #6
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Hi
ich wollte alle alten Malwarebytes logs mit funden.

combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> searchnu.com /413

Alt 03.01.2013, 20:09   #7
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-03.05 - Steven250779 03.01.2013  19:01:15.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.2608 [GMT 1:00]
ausgeführt von:: c:\users\Steven250779\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steven250779\AppData\Local\Mail.Ru\MailRuUpdater.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-02 08:27 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3C292B9-A5DA-4213-B582-37F52D241E10}\mpengine.dll
2012-12-28 17:02 . 2012-12-28 17:02	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\Malwarebytes
2012-12-28 17:02 . 2012-12-28 17:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-28 17:02 . 2012-12-28 17:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 17:02 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-28 17:02 . 2012-12-28 17:02	--------	d-----w-	c:\users\Steven250779\AppData\Local\Programs
2012-12-27 14:55 . 2012-12-27 14:55	--------	d-----w-	c:\program files (x86)\ConvertHelper
2012-12-26 14:15 . 2012-10-12 18:09	25472	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2012-12-26 11:51 . 2012-10-17 15:37	397312	----a-w-	c:\windows\SysWow64\TubeFinder.exe
2012-12-26 11:51 . 2011-09-28 08:18	9728	----a-w-	c:\windows\SysWow64\PCCLPFR.DLL
2012-12-26 11:51 . 2011-09-28 08:18	84512	----a-w-	c:\windows\SysWow64\PICCLP32.OCX
2012-12-26 11:51 . 2011-09-28 08:18	364544	----a-w-	c:\windows\SysWow64\PropertyGrid.ocx
2012-12-26 11:51 . 2011-09-28 08:18	119568	----a-w-	c:\windows\SysWow64\VB6FR.DLL
2012-12-26 11:51 . 2012-12-26 12:19	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\FreeFLVConverter
2012-12-26 11:51 . 2011-09-28 08:18	32768	----a-w-	c:\windows\SysWow64\CMDLGFR.DLL
2012-12-26 11:51 . 2011-09-28 08:18	24576	----a-w-	c:\windows\SysWow64\ControlSubX.ocx
2012-12-26 11:51 . 2011-09-28 08:18	152848	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2012-12-26 11:51 . 2011-09-28 08:18	141312	----a-w-	c:\windows\SysWow64\MSCMCFR.DLL
2012-12-26 11:37 . 2012-12-26 13:55	--------	d-----w-	c:\program files (x86)\Free FLV Converter
2012-12-25 20:14 . 2012-12-25 20:14	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\Apple Computer
2012-12-25 20:12 . 2012-12-25 20:12	--------	d-----w-	c:\programdata\IObit
2012-12-25 20:12 . 2012-12-26 14:06	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\IObit
2012-12-25 20:12 . 2012-12-25 20:12	--------	d-----w-	c:\program files (x86)\IObit
2012-12-24 12:33 . 2012-12-24 12:33	--------	d-----w-	C:\Intel
2012-12-24 12:33 . 2009-06-04 17:54	408600	----a-w-	c:\windows\system32\drivers\iaStor.sys
2012-12-24 12:32 . 2012-12-24 12:33	--------	d-----w-	c:\program files (x86)\Intel
2012-12-24 12:32 . 2012-12-24 12:32	--------	d-----w-	c:\program files (x86)\Fujitsu OSD Utility
2012-12-24 12:31 . 2009-02-02 17:27	7347200	----a-w-	c:\windows\system32\RTSUSTORicon.dll
2012-12-24 12:31 . 2012-12-24 12:31	--------	d-----w-	c:\program files (x86)\Realtek
2012-12-24 12:31 . 2009-06-04 15:46	216064	----a-w-	c:\windows\system32\drivers\RtsUStor.sys
2012-12-24 12:31 . 2009-05-06 08:47	350720	----a-w-	c:\windows\system32\RtsUStor.dll
2012-12-24 12:30 . 2012-12-24 12:30	--------	d-----w-	c:\users\Steven250779\AppData\Local\Broadcom
2012-12-24 12:27 . 2009-07-01 11:46	98344	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2012-12-24 12:27 . 2009-07-01 11:46	132648	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2012-12-24 12:27 . 2009-07-01 11:46	21160	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2012-12-24 12:27 . 2009-04-07 14:33	35104	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2012-12-24 12:27 . 2012-12-24 12:27	--------	d-----w-	c:\program files\WIDCOMM
2012-12-23 21:04 . 2012-12-23 21:04	--------	d-----w-	c:\programdata\Fujitsu
2012-12-23 13:24 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-23 13:24 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-23 13:24 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-23 13:24 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-22 18:48 . 2012-12-22 18:48	--------	d-----w-	c:\users\Steven250779\AppData\Local\SCE
2012-12-12 13:30 . 2012-11-14 05:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-12-12 13:30 . 2012-11-14 01:44	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-12-12 12:34 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-12 12:31 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 12:31 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 12:28 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 12:28 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 12:28 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-09 15:09 . 2012-12-09 15:09	--------	d-----w-	c:\users\Steven250779\AppData\Local\FileMaker
2012-12-09 12:36 . 2012-12-09 14:02	--------	d-----w-	c:\programdata\BewerbungsMaster
2012-12-09 12:35 . 2012-12-09 12:35	335872	------w-	c:\windows\Setup1.exe
2012-12-09 12:35 . 2012-12-09 12:35	74752	----a-w-	c:\windows\ST6UNST.EXE
2012-12-07 23:20 . 2012-12-07 23:20	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\MAGIX
2012-12-07 23:20 . 2012-12-07 23:20	--------	d-----w-	c:\users\Steven250779\AppData\Local\Xara
2012-12-07 23:19 . 2012-12-07 23:20	--------	d-----w-	c:\programdata\MAGIX
2012-12-07 23:19 . 2012-12-07 23:19	--------	d-----w-	c:\program files (x86)\MAGIX
2012-12-07 23:19 . 2012-12-07 23:19	--------	d-----w-	c:\program files (x86)\Common Files\MAGIX Services
2012-12-07 23:19 . 2012-12-07 23:19	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-12-05 14:05 . 2012-12-05 14:05	--------	d-----w-	c:\users\Steven250779\AppData\Local\PDF24
2012-12-05 12:29 . 2012-12-05 12:29	--------	d-----w-	c:\users\Steven250779\AppData\Roaming\Epson
2012-12-05 12:24 . 2012-12-05 12:24	--------	d-----w-	c:\programdata\UDL
2012-12-05 12:23 . 2002-07-25 16:06	282624	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-12-05 12:22 . 2012-12-05 12:24	--------	d-----w-	c:\program files (x86)\Epson Software
2012-12-05 12:22 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-12-05 12:22 . 2002-12-02 12:33	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-05 12:22 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-12-05 12:22 . 2012-12-05 12:22	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-12-05 12:22 . 2012-12-05 12:22	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-12-05 12:22 . 2003-02-27 15:12	696320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-12-05 12:22 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-12-05 12:22 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-12-05 12:21 . 2012-12-05 12:22	--------	d-----w-	c:\program files (x86)\ABBYY FineReader 6.0 Sprint
2012-12-05 12:18 . 2007-06-21 23:10	501912	----a-w-	c:\windows\SysWow64\PICSDK2.dll
2012-12-05 12:18 . 2006-10-30 23:10	71840	----a-w-	c:\windows\SysWow64\EPPicMgr.dll
2012-12-05 12:18 . 2006-10-30 23:10	120992	----a-w-	c:\windows\SysWow64\EpPicPrt.dll
2012-12-05 12:18 . 2006-10-19 23:10	80024	----a-w-	c:\windows\SysWow64\PICSDK.dll
2012-12-05 12:18 . 2006-10-19 23:10	108704	----a-w-	c:\windows\SysWow64\PICEntry.dll
2012-12-05 12:10 . 2008-11-16 23:00	459776	----a-w-	c:\windows\system32\esxwiaud.dll
2012-12-05 12:10 . 2006-08-25 17:00	12800	----a-w-	c:\windows\system32\esxcdev.dll
2012-12-05 12:10 . 2012-12-05 12:23	--------	d-----w-	c:\program files (x86)\epson
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 13:31 . 2012-07-13 16:29	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 20:51 . 2012-07-13 13:34	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 20:51 . 2012-07-13 13:34	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-01 20:25 . 2012-11-01 04:27	280600	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-11-01 20:25 . 2012-07-13 10:12	280600	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-11-01 04:27 . 2012-07-13 10:12	280600	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-11-01 04:14 . 2012-07-13 10:12	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-10-30 22:51 . 2012-11-01 18:59	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-11-01 18:59	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-11-01 18:59	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-11-01 18:59	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-11-01 18:59	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-11-01 18:59	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-11-01 18:59	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-07-13 15:53	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 09:38	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 09:38	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 09:38	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-11-01 18:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 18:17 . 2012-11-14 10:16	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 10:16	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 10:16	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 10:16	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21	128064	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-13 127040]
"Facebook Update"="c:\users\Steven250779\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-10 138096]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-07-02 2498048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"starter4g"="c:\windows\starter4g.exe" [2010-04-01 159912]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-07-13 1564368]
"LWBMOUSE"="c:\program files (x86)\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SAFE2012 HotKeys"="c:\program files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe" [2012-11-19 84480]
"SAFE2012 File Redirection Starter"="c:\program files (x86)\Steganos Safe 2012\fredirstarter.exe" [2012-11-19 17408]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-07-13 117888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2012-07-13 63648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-13 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys [2012-07-24 09:39 108648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-07-13 1564368]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-01 145064]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:51]
.
2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000Core.job
- c:\users\Steven250779\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-10 08:33]
.
2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-204038423-3683448391-850199407-1000UA.job
- c:\users\Steven250779\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-10 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/413
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Steven250779\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=2515827156364216&o=APN10649&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MailRuUpdater - c:\users\Steven250779\AppData\Local\Mail.Ru\MailRuUpdater.exe
Toolbar-10 - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-MailRuUpdater - c:\users\Steven250779\AppData\Local\Mail.Ru\MailRuUpdater.exe
AddRemove-PlanetSide 2 - h:\planetside 2\Uninstaller.exe
AddRemove-SOE-PlanetSide 2 PSG - h:\planetside 2\Uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~2\ICQ6TO~1\ICQSER~1.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03  19:31:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-03 18:31
.
Vor Suchlauf: 12 Verzeichnis(se), 383.161.937.920 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 383.007.428.608 Bytes frei
.
- - End Of File - - F40B65622BB2B186A6B428ED659B2D22
--- --- ---
Alt 03.01.2013, 20:28   #8
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 20:57   #9
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


ABBYY FineReader 6.0 Sprint ABBYY Software House 05.12.2012 119MB 6.00.1395.4512 unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 unbekannt
Adobe Reader XI - Deutsch Adobe Systems Incorporated 05.11.2012 128MB 11.0.00 unbekannt
ArcSoft TotalMedia TV ArcSoft 13.07.2012 1.0.82.170 notwendig
Audacity 2.0.2 Audacity Team 18.10.2012 43,5MB 2.0.2 notwendig
avast! Free Antivirus AVAST Software 02.11.2012 7.0.1474.0 notwendig
Browser Mouse Browser Mouse 1.0 02.08.2012 unbekannt
CCleaner Piriform 22.06.2012 3.20 notwendig
ConvertHelper 2.2 DownloadHelper 27.12.2012 unbekannt
Druckerdeinstallation für EPSON SX110 Series SEIKO EPSON Corporation 29.08.2012 notwendig
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 05.12.2012 2.1.0.0 notwendig
Epson Event Manager SEIKO EPSON Corporation 05.12.2012 2.20.00 notwendig
EPSON Scan 05.12.2012 notwendig
Epson Stylus SX110_TX110 Handbuch 05.12.2012 notwendig
Facebook Video Calling 1.2.0.287 Skype Limited 25.10.2012 4,76MB 1.2.287 notwendig
Free Studio version 5.7.7.1031 DVDVideoSoft Ltd. 04.11.2012 559MB 5.7.7.1031 unbekannt
Fujitsu Launch Manager Quanta Computer Inc. 16.07.2012 545KB 1.2.0.8 unbekannt
Fujitsu OSD Utility Quanta Computer Inc. 24.12.2012 794KB 1.5.0.2 unbekannt
Guard.ICQ Mail.ru 13.07.2012 unbekannt
ICQ Internet ICQ Internet 13.07.2012 17.0.963.46 unbekannt
ICQ Sparberater solute gmbh 13.07.2012 375KB 1.3.671 unnötig
ICQ Toolbar ICQ 13.07.2012 3.0.0 unnötig
ICQ7M ICQ 13.07.2012 7.8 notwendig
Intel® Matrix Storage Manager Intel Corporation 24.12.2012 unbekannt
Java 7 Update 9 Oracle 02.09.2012 128MB 7.0.90 unbekannt
JavaFX 2.1.1 Oracle Corporation 14.07.2012 20,8MB 2.1.1 unbekannt
MAGIX Foto & Grafik Designer 6 SE MAGIX AG 08.12.2012 6.1.3.24817 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 28.12.2012 18,4MB 1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.07.2012 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 13.07.2012 51,9MB 4.0.30319 unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 27.09.2012 508KB 2.0.4024.1 unbekannt
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 28.09.2012 304MB 10.0.6626.0 notwendig
Microsoft Reader Text-to-Speech deutsch Microsoft Corporation 18.10.2012 2,28MB 01.00.0000 unbekannt
Microsoft Silverlight Microsoft Corporation 27.09.2012 40,3MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.08.2012 1,69MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.12.2012 300KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.10.2012 788KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 09.10.2012 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 31.08.2012 244KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.11.2012 230KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.07.2012 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 27.09.2012 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 28.09.2012 13,7MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 28.09.2012 11,0MB 10.0.30319 unbekannt
Mouse Driver 02.08.2012 unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 06.12.2012 41,0MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 06.12.2012 329KB 17.0.1 unbekannt
MSXML 4.0 SP3 Parser Microsoft Corporation 08.12.2012 1,47MB 4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12.12.2012 1,53MB 4.30.2114.0 unbekannt
NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 22.10.2012 306.97 unbekannt
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 22.10.2012 306.97 unbekannt
NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 22.10.2012 1.3.18.0 unbekannt
NVIDIA PhysX NVIDIA Corporation 11.09.2012 111MB 9.12.0613 unbekannt
NVIDIA Update 1.10.8 NVIDIA Corporation 22.10.2012 1.10.8 unbekannt
PunkBuster Services Even Balance, Inc. 26.08.2012 0.986 unbekannt
Rainlendar2 (remove only) 04.11.2012 unbekannt
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 24.12.2012 6.1.7100.30093 unbekannt
Steganos Safe 2012 Steganos Software GmbH 03.12.2012 13.0.5 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 04.10.2012 3.0.6 unbekannt
VLC media player 2.0.2 VideoLAN 25.07.2012 2.0.2 notwendig
WIDCOMM Bluetooth Software Broadcom Corporation 24.12.2012 144MB 6.2.0.9600 unbekannt
Windows Live Essentials Microsoft Corporation 18.08.2012 15.4.3555.0308 unbekannt
Windows Movie Maker 2.6 Microsoft Corporation 04.11.2012 8,85MB 2.6.4037.0 notwendig
WinRAR 4.10 (64-Bit) win.rar GmbH 13.07.2012 4.10.0 notwendig
World of Tanks Wargaming.net 21.11.2012 16,5MB notwendig
XSManager XSManager 13.07.2012 3.0 notwendig

Alt 05.01.2013, 16:37   #10
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


deinstaliere:
ABBYY
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ConvertHelper
Free Studio
Guard.ICQ
ICQ Internet
ICQ Sparberater
ICQ Toolbar
Java : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Rainlendar2
TeamSpeak
Windows Live : alle für dich unnötigen

Öffne Ccleaner, analysieren,s tarten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 11:03   #11
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


# AdwCleaner v2.104 - Datei am 06/01/2013 um 11:03:15 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Steven250779 - STEVEN250779-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steven250779\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\10
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKU\S-1-5-21-204038423-3683448391-850199407-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-204038423-3683448391-850199407-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_d[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3649 octets] - [06/01/2013 11:03:15]

########## EOF - C:\AdwCleaner[R1].txt - [3709 octets] ##########

# AdwCleaner v2.104 - Datei am 06/01/2013 um 11:18:42 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Steven250779 - STEVEN250779-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steven250779\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\10
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKU\S-1-5-21-204038423-3683448391-850199407-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-204038423-3683448391-850199407-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_d[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3772 octets] - [06/01/2013 11:03:15]
AdwCleaner[R2].txt - [3709 octets] - [06/01/2013 11:18:42]

########## EOF - C:\AdwCleaner[R2].txt - [3769 octets] ##########

Alt 06.01.2013, 17:32   #12
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Bitte starte neu, teste wie der Pc läuft + Programme.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 20:28   #13
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


# AdwCleaner v2.104 - Datei am 06/01/2013 um 20:19:52 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Steven250779 - STEVEN250779-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steven250779\Desktop\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\10
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\prefs.js

C:\Users\Steven250779\AppData\Roaming\Mozilla\Firefox\Profiles\kjr7aiaw.default\user.js ... Gelöscht !

Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_d[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Steven250779\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3772 octets] - [06/01/2013 11:03:15]
AdwCleaner[R2].txt - [3832 octets] - [06/01/2013 11:18:42]
AdwCleaner[S2].txt - [3630 octets] - [06/01/2013 20:19:52]

########## EOF - C:\AdwCleaner[S2].txt - [3690 octets] ##########

Alt 06.01.2013, 20:31   #14
markusg
/// Malware-holic
 
searchnu.com /413 - Standard

searchnu.com /413


Nun bitte testen, wie das System läuft + Programme.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 20:43   #15
Shadowxx
 
searchnu.com /413 - Standard

searchnu.com /413


Hab soweit Alles getestet und läuft einwandfrei.. :-)

Antwort
Seite 1 von 2 1 2

Themen zu searchnu.com /413
chip, converter, erhalte, kein plan, malware, rechner, search, searchnu.com, searchnu.com/413, überhaupt, zusammen


« Zeus Virus Infektion | Startfenster.com hat auch mich erwischt »


Ähnliche Themen: searchnu.com /413


  1. Searchnu.com/410
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (22)
  2. Searchnu.com , wie kriege ich es weg? :((
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (12)
  3. searchnu.com/406 entfernen
    Log-Analyse und Auswertung - 03.04.2013 (17)
  4. www.searchnu.com/410
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (11)
  5. searchnu.com/410 entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (19)
  6. searchnu.com/410
    Mülltonne - 10.11.2012 (1)
  7. http://www.searchnu.com/413
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  8. searchnu.com/410
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (31)
  9. Searchnu.com/421...
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (19)
  10. .searchnu.com/406
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (28)
  11. trojaner searchnu 410
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (3)
  12. Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab
    Log-Analyse und Auswertung - 30.08.2012 (29)
  13. searchnu Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (4)
  14. Trojaner /www.searchnu.com/406/
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (1)
  15. Searchnu.com/410 als Startseite
    Log-Analyse und Auswertung - 01.07.2012 (7)
  16. Searchnu.com/410 als Startseite
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  17. www.searchnu.com/413
    Log-Analyse und Auswertung - 21.05.2012 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema searchnu.com /413 - searchnu.com /413 mit FLV Converter von Chip erhalten Hallo Zusammen, ich habe mir auch die Malware searchnu.com/413 mit dem FLV Converter geladen. Und hab überhaupt kein plan von rechnern. Bitte - searchnu.com /413...
Archiv
Du betrachtest: searchnu.com /413 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131