Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom-Brief: Netzwerk versendet Spams

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.10.2012, 18:51   #1
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Hallo,

eigentlich hatte ich geplant meinen Geburtstag anders zu verbringen, doch heute kam ein Brief der Telekom, dass über die Email-Adresse und/oder das NEtzwerk Spammails versendet werden.

Leider Gottes weiss ich überhaupt nicht wo ich mit der Schädlingssuche anfangen soll. Ins Netzwerk sind 5 Rechner eingebunden, wobei ich gern einen mal genauer unter die Lupe nehmen würde.

Als absoluter Laie von dieser Materie wurde mir von einem Freund dieses Forum hier umgehend empfohlen.

Kann mir jemand in irgend einer Art und Weise helfen, wo und wie ich anfangen kann das Problem zu suchen? Natürlich habe ich schon mit der Forensuche gearbeitet, allerdings muss ich zugeben, dass ich dort nicht alles verstehe.

Liebe Grüße

Alt 24.10.2012, 19:45   #2
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



hi
trotzdem alles gute :-)
erstelle mir bitte otl logs von allen 5 pcs.
hänge die am besten als datei an, packe jedes log in ein extra ordner und nummeriere diese, damit wir die pcs unterscheiden können.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 24.10.2012, 21:51   #3
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



So, ich habe nun erstmal den Log von Rechner 1 erstellt, da ich an die anderen nicht so einfach ran komme (jedenfalls nicht heute) und ich diesen Rechner hier nächste Woche auf einer Reise bräuchte, ihn also gerne primär behandeln würde.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.10.2012 21:12:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 48,22% Memory free
7,49 Gb Paging File | 5,50 Gb Available in Paging File | 73,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 44,59 Gb Free Space | 30,46% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 93,77 Gb Free Space | 61,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.24 20:04:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 01:57:32 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:57:22 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.08.27 06:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Winamp\winampa.exe
PRC - [2011.11.07 10:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
PRC - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
PRC - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2010.07.29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
MOD - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
MOD - [2011.11.07 10:43:33 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
MOD - [2011.11.07 10:39:08 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
MOD - [2011.11.07 10:39:01 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
MOD - [2011.11.07 10:38:53 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
MOD - [2011.11.07 10:38:51 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
MOD - [2011.11.07 10:38:49 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.06 05:03:32 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
MOD - [2011.05.06 05:02:40 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
MOD - [2010.10.14 11:37:52 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
MOD - [2010.10.14 11:37:52 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.25 22:59:26 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011.03.16 01:54:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.03.17 04:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.25 18:50:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.28 06:24:54 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.17 04:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe -- (STacSV)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.24 18:27:57 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.25 22:59:26 | 003,854,000 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2012.04.02 21:21:16 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011.08.19 12:25:25 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.05.27 11:17:04 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.16 02:14:36 | 006,862,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.16 01:20:10 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.20 13:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 13:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 13:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 06:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.22 14:59:16 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.03.17 04:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.03.09 22:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.02 14:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.12.15 04:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009.12.15 04:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=fmvn&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKLM\..\SearchScopes\{07F03980-B2BE-AEB5-8326-75A4603E0F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE D8 92 59 50 1C CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{07F03980-B2BE-AEB5-8326-75A4603E0F9C}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=fmvn&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{5CA1B09E-DED9-4ED9-A103-6F35DE703BBB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.20.31.113:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: clipconverter@clipconverter.cc:1.2.4
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: addon@music-clips.net:1.1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 17:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.19 17:53:23 | 000,000,000 | ---D | M]
 
[2011.05.27 14:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.24 17:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\xhuejl8l.default\extensions
[2011.08.07 11:46:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\xhuejl8l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.03 18:42:18 | 000,014,468 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\addon@music-clips.net.xpi
[2012.09.21 15:23:40 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\amznUWL2@amazon.com.xpi
[2012.06.29 18:06:21 | 000,009,439 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\clipconverter@clipconverter.cc.xpi
[2012.10.11 21:11:55 | 000,002,341 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\searchplugins\Funmoods.xml
[2012.10.24 20:25:19 | 000,001,056 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\searchplugins\icqplugin.xml
[2012.06.25 18:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.25 18:50:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.12 14:07:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.25 18:50:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 18:50:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 18:50:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 14:22:35 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.25 18:50:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 18:50:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 18:50:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47FB643B-D6FC-486C-B5B7-45CC7F6AAF41}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E149C8A0-8379-4F3E-993D-765A720B9DA3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c450ba0a-937b-11e0-a0b0-cc52af17c522}\Shell - "" = AutoRun
O33 - MountPoints2\{c450ba0a-937b-11e0-a0b0-cc52af17c522}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.24 18:27:57 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.10.24 18:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.10.24 18:27:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NPE
[2012.10.24 18:12:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{CD7D8B6A-11E7-409D-909E-9D0AAD340093}
[2012.10.24 16:57:01 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmnet.dll
[2012.10.24 16:57:01 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmnet.dll
[2012.10.24 16:57:01 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bminstall.dll
[2012.10.24 16:57:01 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bminstall.dll
[2012.10.24 16:57:01 | 000,271,488 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmapi.dll
[2012.10.24 16:57:01 | 000,271,488 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmapi.dll
[2012.10.24 16:57:01 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmdumpd.bin
[2012.10.24 16:57:01 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmdumpd.bin
[2012.10.24 16:57:01 | 000,039,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2012.10.24 16:57:00 | 000,016,512 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys
[2012.10.24 16:56:12 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.10.24 16:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2012.10.24 16:53:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppZXH
[2012.10.24 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\congstar
[2012.10.24 16:49:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{E2A30A97-1561-4491-B5BE-147E2374CC79}
[2012.10.23 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{964C7AC6-7597-499C-B893-96B2C1AD2A75}
[2012.10.22 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{5478D749-E67E-4E34-A0A5-376953775010}
[2012.10.21 20:50:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{B61ED97D-2220-493A-8B5D-3DC475981980}
[2012.10.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{76D0CE17-BFA1-47D3-B1FC-B8A378F88029}
[2012.10.18 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{EE0A3509-AEFA-47CC-8ADF-471D7E662620}
[2012.10.18 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{056DD94A-0F07-4686-AA03-DA4964D77F7A}
[2012.10.18 18:59:38 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{27EC6357-0EB6-40AA-9DA0-6CEF4171FA2D}
[2012.10.17 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{BA08BB93-D4D1-47AE-BC35-0239A0DA1246}
[2012.10.16 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D6EF18E5-C26A-42CF-9513-0AB7FA949496}
[2012.10.14 21:12:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{09E8933B-1C45-48E5-BF0C-0D0650BCAB00}
[2012.10.13 18:28:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{98C6C5E3-FCFF-4582-87F5-712BDCDF3D64}
[2012.10.12 13:55:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{4B5C4332-7C9E-4D54-93A3-DA5813955B94}
[2012.10.11 22:27:21 | 000,000,000 | R--D | C] -- C:\Users\Christian\Dropbox
[2012.10.11 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.10.11 22:19:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Dropbox
[2012.10.11 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\MP3toiPodAudioBookConverter
[2012.10.11 21:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.10.11 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter
[2012.10.11 21:09:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Loden_Software
[2012.10.11 18:26:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{1153F0A1-C4FE-40CF-89C9-286FCA8DC15A}
[2012.10.10 17:53:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{AF2BB55F-4797-433C-BC70-879BB11B727E}
[2012.10.08 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{659EA63A-FBE8-4A0A-AE98-4F9D09E9C3B1}
[2012.10.06 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{222E0B9F-1A77-45D8-96B4-AAA08F522570}
[2012.10.05 14:12:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{DAF6C74B-7735-4056-8561-A47BEB3F2522}
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D762D341-2D0A-46D2-B1F6-741B26C4E849}
[2012.10.03 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{0C8C7C92-32B6-41BD-A6E6-F368A1C5F664}
[2012.10.01 17:27:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D6030B78-05F3-4E9F-8B0C-F3B3B4D26377}
[2012.09.29 23:20:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{35AA6273-ABD6-4E27-9CA1-B6B8F73C4CEB}
[2012.09.28 14:11:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{9939AECB-CE5A-4EDD-8AB8-4E6FDB84AC56}
[2012.09.27 19:02:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{BAEF31DC-14AF-4204-A52D-E385F4F1200B}
[2012.09.26 17:02:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{6E4A3BD8-3D16-45D1-B9EB-1786FC88D516}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 18:37:26 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 18:37:26 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 18:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 18:29:34 | 3017,195,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 18:27:57 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.10.24 18:21:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.24 18:15:13 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.24 18:15:13 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.24 18:15:13 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.24 18:15:13 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.24 18:15:13 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.24 18:10:36 | 000,367,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.24 16:57:00 | 000,000,518 | ---- | M] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.10.24 16:57:00 | 000,000,518 | ---- | M] () -- C:\Windows\SysNative\bocinstall.ini
[2012.10.24 16:56:10 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2012.10.24 16:56:10 | 000,002,214 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2012.10.11 22:27:21 | 000,001,047 | ---- | M] () -- C:\Users\Christian\Desktop\Dropbox.lnk
[2012.10.11 22:21:53 | 000,001,057 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.11 21:11:37 | 000,290,500 | ---- | M] () -- C:\Users\Christian\AppData\Local\funmoods-speeddial_sf.crx
[2012.10.03 19:08:49 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.24 16:57:01 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe
[2012.10.24 16:57:01 | 000,193,664 | ---- | C] () -- C:\Windows\SysNative\bmsdk.exe
[2012.10.24 16:57:01 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini
[2012.10.24 16:57:01 | 000,002,960 | ---- | C] () -- C:\Windows\SysNative\boc.ini
[2012.10.24 16:57:01 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.10.24 16:57:01 | 000,000,518 | ---- | C] () -- C:\Windows\SysNative\bocinstall.ini
[2012.10.24 16:56:10 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2012.10.24 16:56:10 | 000,002,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2012.10.11 22:27:21 | 000,001,047 | ---- | C] () -- C:\Users\Christian\Desktop\Dropbox.lnk
[2012.10.11 22:21:53 | 000,001,057 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.11 21:11:46 | 000,290,500 | ---- | C] () -- C:\Users\Christian\AppData\Local\funmoods-speeddial_sf.crx
[2012.07.19 21:44:26 | 000,001,085 | ---- | C] () -- C:\Users\Christian\Musik - Verknüpfung.lnk
[2012.05.07 18:08:46 | 000,083,472 | ---- | C] () -- C:\Users\Christian\NeuESt2010_Wetzel_Christian.elfo
[2012.05.07 17:50:34 | 000,083,646 | ---- | C] () -- C:\Users\Christian\Neu2011_Wetzel_Christian.elfo
[2012.05.06 22:25:14 | 000,077,969 | ---- | C] () -- C:\Users\Christian\ESt2009_Wetzel_Christian.elfo
[2012.04.19 18:59:34 | 000,001,585 | ---- | C] () -- C:\Users\Christian\.lmmsrc.xml
[2012.01.29 14:10:21 | 000,000,218 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel
[2011.10.06 18:48:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Booms
[2011.10.06 18:48:52 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bass
[2011.10.06 18:48:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BookService
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Basics
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Basic Track
[2011.10.06 18:48:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.06 18:48:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.05.27 17:08:34 | 001,541,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 16:35:27 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.05.27 10:49:24 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.05.27 10:49:24 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.05.27 10:49:24 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.05.27 10:28:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.18 00:37:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Audacity
[2011.09.01 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe Limited
[2012.10.24 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox
[2012.05.07 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2011.09.21 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.03 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\elsterformular
[2012.01.29 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0
[2012.10.18 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2011.08.06 13:24:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2012.01.29 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2012.10.11 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MP3toiPodAudioBookConverter
[2011.10.06 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon
[2011.10.05 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PhotoFiltre
[2011.10.05 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PhotoScape
[2011.10.05 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pixlromatic
[2012.06.25 18:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pro Cycling Manager 2008 - Demo
[2012.07.13 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pro Cycling Manager 2010
[2011.06.29 18:11:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\proDAD
[2011.06.27 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2012.03.07 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Serif
[2011.06.27 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2012.04.02 21:21:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2012.03.31 12:12:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WindSolutions
[2011.05.27 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XMedia Recode
[2012.05.18 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.08.24 18:56:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.29 18:20:45 | 000,000,000 | ---D | M] -- C:\MotionStudios
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.19 17:58:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.24 21:09:51 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.24 18:27:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.27 11:17:02 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.10.24 21:13:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.27 10:47:16 | 000,000,000 | ---D | M] -- C:\system.sav
[2011.05.27 09:30:09 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.24 18:35:23 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.04.19 20:25:33 | 000,001,585 | ---- | M] () -- C:\Users\Christian\.lmmsrc.xml
[2012.01.29 14:10:21 | 000,000,218 | ---- | M] () -- C:\Users\Christian\.recently-used.xbel
[2012.05.06 22:25:29 | 000,077,969 | ---- | M] () -- C:\Users\Christian\ESt2009_Wetzel_Christian.elfo
[2012.07.19 21:44:26 | 000,001,085 | ---- | M] () -- C:\Users\Christian\Musik - Verknüpfung.lnk
[2012.05.07 18:00:03 | 000,083,646 | ---- | M] () -- C:\Users\Christian\Neu2011_Wetzel_Christian.elfo
[2012.05.07 18:09:13 | 000,083,472 | ---- | M] () -- C:\Users\Christian\NeuESt2010_Wetzel_Christian.elfo
[2012.10.24 21:40:36 | 002,097,152 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2012.10.24 21:40:36 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1
[2011.05.27 09:30:10 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2
[2011.05.27 09:43:40 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.05.27 09:43:40 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.05.27 09:43:40 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.01.10 23:21:43 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TM.blf
[2012.01.10 23:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TMContainer00000000000000000001.regtrans-ms
[2012.01.10 23:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TMContainer00000000000000000002.regtrans-ms
[2011.05.27 09:30:10 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2012.09.28 17:15:40 | 000,314,880 | -HS- | M] () -- C:\Users\Christian\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
__________________

Alt 24.10.2012, 21:55   #4
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Und hier noch die OTL...vielen Dank erstmal!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.10.2012 21:12:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 48,22% Memory free
7,49 Gb Paging File | 5,50 Gb Available in Paging File | 73,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 44,59 Gb Free Space | 30,46% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 93,77 Gb Free Space | 61,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.24 20:04:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 01:57:32 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:57:22 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.08.27 06:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Winamp\winampa.exe
PRC - [2011.11.07 10:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
PRC - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
PRC - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2010.07.29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
MOD - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
MOD - [2011.11.07 10:43:33 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
MOD - [2011.11.07 10:39:08 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
MOD - [2011.11.07 10:39:01 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
MOD - [2011.11.07 10:38:53 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
MOD - [2011.11.07 10:38:51 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
MOD - [2011.11.07 10:38:49 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.06 05:03:32 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
MOD - [2011.05.06 05:02:40 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
MOD - [2010.10.14 11:37:52 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
MOD - [2010.10.14 11:37:52 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.25 22:59:26 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011.03.16 01:54:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.03.17 04:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.25 18:50:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.28 06:24:54 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.17 04:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe -- (STacSV)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.24 18:27:57 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.25 22:59:26 | 003,854,000 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2012.04.02 21:21:16 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011.08.19 12:25:25 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.05.27 11:17:04 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.16 02:14:36 | 006,862,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.16 01:20:10 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.20 13:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 13:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 13:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 06:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.22 14:59:16 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.03.17 04:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.03.09 22:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.02 14:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.12.15 04:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009.12.15 04:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=fmvn&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKLM\..\SearchScopes\{07F03980-B2BE-AEB5-8326-75A4603E0F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE D8 92 59 50 1C CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{07F03980-B2BE-AEB5-8326-75A4603E0F9C}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=fmvn&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{5CA1B09E-DED9-4ED9-A103-6F35DE703BBB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.20.31.113:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: clipconverter@clipconverter.cc:1.2.4
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: addon@music-clips.net:1.1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 17:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.19 17:53:23 | 000,000,000 | ---D | M]
 
[2011.05.27 14:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.10.24 17:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\xhuejl8l.default\extensions
[2011.08.07 11:46:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\xhuejl8l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.03 18:42:18 | 000,014,468 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\addon@music-clips.net.xpi
[2012.09.21 15:23:40 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\amznUWL2@amazon.com.xpi
[2012.06.29 18:06:21 | 000,009,439 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\extensions\clipconverter@clipconverter.cc.xpi
[2012.10.11 21:11:55 | 000,002,341 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\searchplugins\Funmoods.xml
[2012.10.24 20:25:19 | 000,001,056 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\xhuejl8l.default\searchplugins\icqplugin.xml
[2012.06.25 18:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.25 18:50:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.12 14:07:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.25 18:50:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 18:50:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 18:50:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 14:22:35 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.25 18:50:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 18:50:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 18:50:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47FB643B-D6FC-486C-B5B7-45CC7F6AAF41}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E149C8A0-8379-4F3E-993D-765A720B9DA3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c450ba0a-937b-11e0-a0b0-cc52af17c522}\Shell - "" = AutoRun
O33 - MountPoints2\{c450ba0a-937b-11e0-a0b0-cc52af17c522}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.24 18:27:57 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.10.24 18:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.10.24 18:27:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NPE
[2012.10.24 18:12:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{CD7D8B6A-11E7-409D-909E-9D0AAD340093}
[2012.10.24 16:57:01 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmnet.dll
[2012.10.24 16:57:01 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmnet.dll
[2012.10.24 16:57:01 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bminstall.dll
[2012.10.24 16:57:01 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bminstall.dll
[2012.10.24 16:57:01 | 000,271,488 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmapi.dll
[2012.10.24 16:57:01 | 000,271,488 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmapi.dll
[2012.10.24 16:57:01 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmdumpd.bin
[2012.10.24 16:57:01 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\bmdumpd.bin
[2012.10.24 16:57:01 | 000,039,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2012.10.24 16:57:00 | 000,016,512 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys
[2012.10.24 16:56:12 | 000,122,752 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys
[2012.10.24 16:56:12 | 000,012,800 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.10.24 16:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2012.10.24 16:53:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppZXH
[2012.10.24 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\congstar
[2012.10.24 16:49:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{E2A30A97-1561-4491-B5BE-147E2374CC79}
[2012.10.23 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{964C7AC6-7597-499C-B893-96B2C1AD2A75}
[2012.10.22 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{5478D749-E67E-4E34-A0A5-376953775010}
[2012.10.21 20:50:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{B61ED97D-2220-493A-8B5D-3DC475981980}
[2012.10.19 13:52:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{76D0CE17-BFA1-47D3-B1FC-B8A378F88029}
[2012.10.18 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{EE0A3509-AEFA-47CC-8ADF-471D7E662620}
[2012.10.18 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{056DD94A-0F07-4686-AA03-DA4964D77F7A}
[2012.10.18 18:59:38 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{27EC6357-0EB6-40AA-9DA0-6CEF4171FA2D}
[2012.10.17 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{BA08BB93-D4D1-47AE-BC35-0239A0DA1246}
[2012.10.16 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D6EF18E5-C26A-42CF-9513-0AB7FA949496}
[2012.10.14 21:12:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{09E8933B-1C45-48E5-BF0C-0D0650BCAB00}
[2012.10.13 18:28:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{98C6C5E3-FCFF-4582-87F5-712BDCDF3D64}
[2012.10.12 13:55:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{4B5C4332-7C9E-4D54-93A3-DA5813955B94}
[2012.10.11 22:27:21 | 000,000,000 | R--D | C] -- C:\Users\Christian\Dropbox
[2012.10.11 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.10.11 22:19:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Dropbox
[2012.10.11 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\MP3toiPodAudioBookConverter
[2012.10.11 21:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.10.11 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter
[2012.10.11 21:09:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Loden_Software
[2012.10.11 18:26:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{1153F0A1-C4FE-40CF-89C9-286FCA8DC15A}
[2012.10.10 17:53:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{AF2BB55F-4797-433C-BC70-879BB11B727E}
[2012.10.08 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{659EA63A-FBE8-4A0A-AE98-4F9D09E9C3B1}
[2012.10.06 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{222E0B9F-1A77-45D8-96B4-AAA08F522570}
[2012.10.05 14:12:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{DAF6C74B-7735-4056-8561-A47BEB3F2522}
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D762D341-2D0A-46D2-B1F6-741B26C4E849}
[2012.10.03 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{0C8C7C92-32B6-41BD-A6E6-F368A1C5F664}
[2012.10.01 17:27:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{D6030B78-05F3-4E9F-8B0C-F3B3B4D26377}
[2012.09.29 23:20:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{35AA6273-ABD6-4E27-9CA1-B6B8F73C4CEB}
[2012.09.28 14:11:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{9939AECB-CE5A-4EDD-8AB8-4E6FDB84AC56}
[2012.09.27 19:02:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{BAEF31DC-14AF-4204-A52D-E385F4F1200B}
[2012.09.26 17:02:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\{6E4A3BD8-3D16-45D1-B9EB-1786FC88D516}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 18:37:26 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 18:37:26 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 18:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 18:29:34 | 3017,195,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 18:27:57 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2012.10.24 18:21:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.24 18:15:13 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.24 18:15:13 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.24 18:15:13 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.24 18:15:13 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.24 18:15:13 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.24 18:10:36 | 000,367,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.24 16:57:00 | 000,000,518 | ---- | M] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.10.24 16:57:00 | 000,000,518 | ---- | M] () -- C:\Windows\SysNative\bocinstall.ini
[2012.10.24 16:56:10 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2012.10.24 16:56:10 | 000,002,214 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2012.10.11 22:27:21 | 000,001,047 | ---- | M] () -- C:\Users\Christian\Desktop\Dropbox.lnk
[2012.10.11 22:21:53 | 000,001,057 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.11 21:11:37 | 000,290,500 | ---- | M] () -- C:\Users\Christian\AppData\Local\funmoods-speeddial_sf.crx
[2012.10.03 19:08:49 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.24 16:57:01 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe
[2012.10.24 16:57:01 | 000,193,664 | ---- | C] () -- C:\Windows\SysNative\bmsdk.exe
[2012.10.24 16:57:01 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini
[2012.10.24 16:57:01 | 000,002,960 | ---- | C] () -- C:\Windows\SysNative\boc.ini
[2012.10.24 16:57:01 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.10.24 16:57:01 | 000,000,518 | ---- | C] () -- C:\Windows\SysNative\bocinstall.ini
[2012.10.24 16:56:10 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2012.10.24 16:56:10 | 000,002,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2012.10.11 22:27:21 | 000,001,047 | ---- | C] () -- C:\Users\Christian\Desktop\Dropbox.lnk
[2012.10.11 22:21:53 | 000,001,057 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.11 21:11:46 | 000,290,500 | ---- | C] () -- C:\Users\Christian\AppData\Local\funmoods-speeddial_sf.crx
[2012.07.19 21:44:26 | 000,001,085 | ---- | C] () -- C:\Users\Christian\Musik - Verknüpfung.lnk
[2012.05.07 18:08:46 | 000,083,472 | ---- | C] () -- C:\Users\Christian\NeuESt2010_Wetzel_Christian.elfo
[2012.05.07 17:50:34 | 000,083,646 | ---- | C] () -- C:\Users\Christian\Neu2011_Wetzel_Christian.elfo
[2012.05.06 22:25:14 | 000,077,969 | ---- | C] () -- C:\Users\Christian\ESt2009_Wetzel_Christian.elfo
[2012.04.19 18:59:34 | 000,001,585 | ---- | C] () -- C:\Users\Christian\.lmmsrc.xml
[2012.01.29 14:10:21 | 000,000,218 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel
[2011.10.06 18:48:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Booms
[2011.10.06 18:48:52 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bass
[2011.10.06 18:48:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BookService
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Basics
[2011.10.06 18:48:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Basic Track
[2011.10.06 18:48:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.06 18:48:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.05.27 17:08:34 | 001,541,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 16:35:27 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.05.27 10:49:24 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.05.27 10:49:24 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.05.27 10:49:24 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.05.27 10:28:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.18 00:37:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Audacity
[2011.09.01 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe Limited
[2012.10.24 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox
[2012.05.07 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2011.09.21 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.03 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\elsterformular
[2012.01.29 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0
[2012.10.18 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2011.08.06 13:24:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2012.01.29 14:19:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2012.10.11 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MP3toiPodAudioBookConverter
[2011.10.06 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon
[2011.10.05 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PhotoFiltre
[2011.10.05 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PhotoScape
[2011.10.05 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pixlromatic
[2012.06.25 18:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pro Cycling Manager 2008 - Demo
[2012.07.13 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Pro Cycling Manager 2010
[2011.06.29 18:11:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\proDAD
[2011.06.27 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2012.03.07 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Serif
[2011.06.27 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2012.04.02 21:21:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2012.03.31 12:12:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WindSolutions
[2011.05.27 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XMedia Recode
[2012.05.18 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.08.24 18:56:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.29 18:20:45 | 000,000,000 | ---D | M] -- C:\MotionStudios
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.19 17:58:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.24 21:09:51 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.24 18:27:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.27 09:30:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.27 11:17:02 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.10.24 21:13:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.27 10:47:16 | 000,000,000 | ---D | M] -- C:\system.sav
[2011.05.27 09:30:09 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.24 18:35:23 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.04.19 20:25:33 | 000,001,585 | ---- | M] () -- C:\Users\Christian\.lmmsrc.xml
[2012.01.29 14:10:21 | 000,000,218 | ---- | M] () -- C:\Users\Christian\.recently-used.xbel
[2012.05.06 22:25:29 | 000,077,969 | ---- | M] () -- C:\Users\Christian\ESt2009_Wetzel_Christian.elfo
[2012.07.19 21:44:26 | 000,001,085 | ---- | M] () -- C:\Users\Christian\Musik - Verknüpfung.lnk
[2012.05.07 18:00:03 | 000,083,646 | ---- | M] () -- C:\Users\Christian\Neu2011_Wetzel_Christian.elfo
[2012.05.07 18:09:13 | 000,083,472 | ---- | M] () -- C:\Users\Christian\NeuESt2010_Wetzel_Christian.elfo
[2012.10.24 21:40:36 | 002,097,152 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2012.10.24 21:40:36 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1
[2011.05.27 09:30:10 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2
[2011.05.27 09:43:40 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.05.27 09:43:40 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.05.27 09:43:40 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.01.10 23:21:43 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TM.blf
[2012.01.10 23:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TMContainer00000000000000000001.regtrans-ms
[2012.01.10 23:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{54c2d6dd-3bb5-11e1-bd70-cc52af0ea643}.TMContainer00000000000000000002.regtrans-ms
[2011.05.27 09:30:10 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2012.09.28 17:15:40 | 000,314,880 | -HS- | M] () -- C:\Users\Christian\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Alt 24.10.2012, 21:55   #5
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



dann dürfen die andern aber erst mal nicht ins internet.
öffne malwarebytes, berichte, poste alle logs mit funden
füre keine remover mehr aus bzw scans, außer der beschriebenen, gilt für alle pcs :-)

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Geändert von markusg (24.10.2012 um 22:17 Uhr)

Alt 24.10.2012, 22:18   #6
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



öffne
außerdem dein antimalware programm und poste, falls vorhanden, alle fundmeldungen
__________________
--> Telekom-Brief: Netzwerk versendet Spams

Alt 24.10.2012, 22:29   #7
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Unter welchem Menüpunkt find ich die Berichte in malewarebytes?steht bei mir jedenfalls nicht oben in den Reitern ?!

Hier das letzte Ergebnis von Malwarebytes...alle voran gegangenen Suchläufe waren ohne Funde.

Christian :: CHRISTIAN-PC [Administrator]

24.10.2012 19:29:39
mbam-log-2012-10-24 (19-29-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447720
Laufzeit: 1 Stunde(n), 38 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\MP3ToIpodAudioBookConverter\AudoBookConverter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Spywareterminator meldet einen "Affiliate tracking cookie", Gefahrenstufe 1 von 5, sonst nichts.

Alt 25.10.2012, 14:24   #8
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



hi
malwarebytes, logdateien oder berichte.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.10.2012, 14:34   #9
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Ok, sowie ich zu Hause bin, versuch ich das und melde mich!

DANKE

Alt 25.10.2012, 14:41   #10
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



hi mach einfach weiter, wenn du zeit hast :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.10.2012, 21:48   #11
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Combofix Logfile
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-25.02 - Christian 25.10.2012  21:29:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3837.2242 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-25 bis 2012-10-25  ))))))))))))))))))))))))))))))
.
.
2012-10-25 19:39 . 2012-10-25 19:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-24 16:27 . 2012-10-24 16:27	--------	d-----w-	c:\programdata\Norton
2012-10-24 16:27 . 2012-10-24 16:30	--------	d-----w-	c:\users\Christian\AppData\Local\NPE
2012-10-24 16:21 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9D2068C-8194-459A-BB20-43488F253F11}\mpengine.dll
2012-10-24 14:56 . 2011-08-19 10:25	12800	----a-w-	c:\windows\system32\drivers\massfilter.sys
2012-10-24 14:56 . 2011-08-19 10:25	122752	----a-w-	c:\windows\system32\drivers\HSPADataCardusbser.sys
2012-10-24 14:56 . 2011-08-19 10:25	122752	----a-w-	c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2012-10-24 14:56 . 2011-08-19 10:25	122752	----a-w-	c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2012-10-24 14:53 . 2012-10-24 14:57	--------	d-----w-	c:\windows\SysWow64\SupportAppZXH
2012-10-24 14:53 . 2012-10-24 14:53	--------	d-----w-	c:\program files (x86)\congstar
2012-10-23 15:48 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-21 19:01 . 2012-10-04 18:02	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92B33049-9320-4A8D-AEEE-5400A2E0513D}\gapaengine.dll
2012-10-11 20:27 . 2012-10-25 19:09	--------	d-----r-	c:\users\Christian\Dropbox
2012-10-11 20:19 . 2012-10-25 19:09	--------	d-----w-	c:\users\Christian\AppData\Roaming\Dropbox
2012-10-11 19:31 . 2012-10-11 19:31	--------	d-----w-	c:\users\Christian\AppData\Roaming\MP3toiPodAudioBookConverter
2012-10-11 19:11 . 2012-10-12 13:52	--------	d-----w-	c:\programdata\Tarma Installer
2012-10-11 19:11 . 2012-10-11 19:21	--------	d-----w-	c:\program files (x86)\AudioConverter
2012-10-11 19:09 . 2012-10-11 19:09	--------	d-----w-	c:\users\Christian\AppData\Local\Loden_Software
2012-10-10 16:09 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 16:09 . 2012-08-24 17:10	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 16:09 . 2012-09-14 19:23	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 16:09 . 2012-09-14 18:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 16:08 . 2012-08-11 00:53	714752	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 16:08 . 2012-08-10 23:54	541184	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 16:08 . 2012-06-02 05:25	1462784	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 16:07 . 2012-06-02 05:25	182272	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 16:07 . 2012-06-02 04:45	1157632	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 16:07 . 2012-06-02 05:25	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 16:07 . 2012-06-02 04:45	139264	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 16:07 . 2012-06-02 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 16:33 . 2011-05-27 10:23	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-04 18:02 . 2011-10-11 17:39	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 17:54 . 2011-05-28 09:57	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-22 22:38	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 22:38	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 22:38	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 22:38	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 22:38	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 22:38	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 22:38	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 22:38	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 22:38	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 22:38	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 22:38	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 22:38	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 22:38	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 22:38	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 22:38	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 22:38	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 22:38	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:38	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:38	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:38	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:38	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:38	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-21 11:01 . 2012-09-19 15:59	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-09-17 09:10	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-09-17 09:10	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-10 16:11	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-11 18:36	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-11 18:36	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"WinampAgent"="d:\winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2012-10-24 60688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2011-08-19 122752]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2011-08-19 122752]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2011-08-19 122752]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-19 12800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 16512]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2012-06-25 3854000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203264]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-04-02 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-03-28 1148632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-16 6862848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-15 264192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 172.20.31.113:8080
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=fmvn&s={searchTerms}&f=4
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\xhuejl8l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - ExtSQL: 2012-10-03 17:42; addon@music-clips.net; c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\xhuejl8l.default\extensions\addon@music-clips.net.xpi
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FtCyB0CyDtBtBzyyDzytAtN0D0Tzu0CtBzzyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1032198426&q=
FF - user.js: extensions.funmoods.id - CC52AF17C5229593
FF - user.js: extensions.funmoods.instlDay - 15624
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:11
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-25  21:43:36
ComboFix-quarantined-files.txt  2012-10-25 19:43
.
Vor Suchlauf: 9 Verzeichnis(se), 47.878.025.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 47.494.078.464 Bytes frei
.
- - End Of File - - 515DD8087C84E490583C9D12B452B2C0
         
--- --- ---


Ich hänge gleich nochmal die INfo hinten an, dass nach dem Combofix einige Ordner im Laufwerk C gesperrt sind, wie zum beispiel Eigene Dateien, Dokumente usw, die dich anscheinend nicht mehr freigeben lassen...aber vielleicht ist das auch ein normaler Vorgang?

Viele Grüße

Alt 25.10.2012, 23:07   #12
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



hi
kannst du mal norton öffnen, und schauen, ob das programm funde hatte, wenn ja, posten.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.10.2012, 23:21   #13
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Soweit ich weiß ist auf dem Rechner kein Norton installiert, nur Microsoft essentials! Soll ich trotzdem wie angegeben mit tdsskiller fortfahren ?!

Alt 25.10.2012, 23:23   #14
markusg
/// Malware-holic
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



also ich sehe da nen norton :-)
c:\programdata\Norton

mal evtl. im infobereich gucken oder im start, programme menü
tdss killer auf jeden fall mal nutzen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.10.2012, 15:08   #15
kolleche
 
Telekom-Brief: Netzwerk versendet Spams - Standard

Telekom-Brief: Netzwerk versendet Spams



Also, der Norton, den hab ich mal bei der Telekom runtergeladen (stand in dem Brief drin), hab ihn aber bis dato nicht genutzt!

Killer-Log

15:01:29.0378 3752 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:01:29.0685 3752 ============================================================
15:01:29.0685 3752 Current date / time: 2012/10/26 15:01:29.0685
15:01:29.0685 3752 SystemInfo:
15:01:29.0685 3752
15:01:29.0685 3752 OS Version: 6.1.7600 ServicePack: 0.0
15:01:29.0685 3752 Product type: Workstation
15:01:29.0686 3752 ComputerName: CHRISTIAN-PC
15:01:29.0686 3752 UserName: Christian
15:01:29.0686 3752 Windows directory: C:\Windows
15:01:29.0686 3752 System windows directory: C:\Windows
15:01:29.0686 3752 Running under WOW64
15:01:29.0686 3752 Processor architecture: Intel x64
15:01:29.0686 3752 Number of processors: 2
15:01:29.0686 3752 Page size: 0x1000
15:01:29.0686 3752 Boot type: Normal boot
15:01:29.0686 3752 ============================================================
15:01:31.0800 3752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:01:31.0805 3752 ============================================================
15:01:31.0805 3752 \Device\Harddisk0\DR0:
15:01:31.0805 3752 MBR partitions:
15:01:31.0805 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:01:31.0805 3752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
15:01:31.0805 3752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x12F35800
15:01:31.0805 3752 ============================================================
15:01:31.0826 3752 C: <-> \Device\Harddisk0\DR0\Partition2
15:01:31.0935 3752 D: <-> \Device\Harddisk0\DR0\Partition3
15:01:31.0935 3752 ============================================================
15:01:31.0935 3752 Initialize success
15:01:31.0935 3752 ============================================================
15:01:52.0406 0648 ============================================================
15:01:52.0406 0648 Scan started
15:01:52.0406 0648 Mode: Manual; SigCheck; TDLFS;
15:01:52.0406 0648 ============================================================
15:01:52.0740 0648 ================ Scan system memory ========================
15:01:52.0740 0648 System memory - ok
15:01:52.0741 0648 ================ Scan services =============================
15:01:52.0968 0648 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:01:53.0097 0648 1394ohci - ok
15:01:53.0225 0648 ACDaemon - ok
15:01:53.0292 0648 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:01:53.0340 0648 ACPI - ok
15:01:53.0369 0648 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:01:53.0411 0648 AcpiPmi - ok
15:01:53.0463 0648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:53.0519 0648 adp94xx - ok
15:01:53.0545 0648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:01:53.0572 0648 adpahci - ok
15:01:53.0604 0648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:01:53.0623 0648 adpu320 - ok
15:01:53.0653 0648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:01:53.0713 0648 AeLookupSvc - ok
15:01:53.0823 0648 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
15:01:53.0905 0648 AESTFilters - ok
15:01:54.0113 0648 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
15:01:54.0348 0648 Afc - ok
15:01:54.0410 0648 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
15:01:54.0456 0648 AFD - ok
15:01:54.0497 0648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:01:54.0514 0648 agp440 - ok
15:01:54.0549 0648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:01:54.0637 0648 ALG - ok
15:01:54.0679 0648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:01:54.0699 0648 aliide - ok
15:01:54.0739 0648 [ FD6568A8924BCDAFF11EF83AEEF94039 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:01:54.0778 0648 AMD External Events Utility - ok
15:01:54.0784 0648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:01:54.0805 0648 amdide - ok
15:01:54.0854 0648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:01:54.0930 0648 AmdK8 - ok
15:01:55.0321 0648 [ 5587FD43508E9F0B313A494E58F2C5DC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:01:55.0541 0648 amdkmdag - ok
15:01:55.0586 0648 [ 95E78AEC7B1E9258BE4918206FA9F6E3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:01:55.0655 0648 amdkmdap - ok
15:01:55.0696 0648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:01:55.0764 0648 AmdPPM - ok
15:01:55.0800 0648 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:01:55.0822 0648 amdsata - ok
15:01:55.0837 0648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:01:55.0856 0648 amdsbs - ok
15:01:55.0877 0648 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:01:55.0893 0648 amdxata - ok
15:01:56.0110 0648 [ B1F3E64C26684D60DE67BED3E6718783 ] appdrv01 C:\Windows\system32\Drivers\appdrv01.sys
15:01:56.0307 0648 appdrv01 - ok
15:01:56.0351 0648 appdrvrem01 - ok
15:01:56.0415 0648 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:01:56.0645 0648 AppID - ok
15:01:56.0664 0648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:01:56.0730 0648 AppIDSvc - ok
15:01:56.0764 0648 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:01:56.0802 0648 Appinfo - ok
15:01:56.0955 0648 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:01:57.0002 0648 Apple Mobile Device - ok
15:01:57.0059 0648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:01:57.0094 0648 arc - ok
15:01:57.0116 0648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:01:57.0138 0648 arcsas - ok
15:01:57.0158 0648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:57.0216 0648 AsyncMac - ok
15:01:57.0266 0648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:01:57.0300 0648 atapi - ok
15:01:57.0352 0648 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:01:57.0372 0648 AtiHDAudioService - ok
15:01:57.0393 0648 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:01:57.0408 0648 AtiPcie - ok
15:01:57.0454 0648 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:01:57.0521 0648 AudioEndpointBuilder - ok
15:01:57.0532 0648 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:01:57.0588 0648 AudioSrv - ok
15:01:57.0620 0648 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:01:57.0654 0648 AxInstSV - ok
15:01:57.0708 0648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:01:57.0817 0648 b06bdrv - ok
15:01:57.0848 0648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:01:57.0888 0648 b57nd60a - ok
15:01:58.0018 0648 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:01:58.0154 0648 BCM43XX - ok
15:01:58.0194 0648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:01:58.0282 0648 BDESVC - ok
15:01:58.0321 0648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:01:58.0374 0648 Beep - ok
15:01:58.0423 0648 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:01:58.0493 0648 BFE - ok
15:01:58.0590 0648 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
15:01:58.0673 0648 BITS - ok
15:01:58.0709 0648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:01:58.0744 0648 blbdrive - ok
15:01:58.0785 0648 [ 057F482CFDB57E75202E2E37795F2D3B ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
15:01:58.0816 0648 BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:01:58.0816 0648 BMLoad - detected UnsignedFile.Multi.Generic (1)
15:01:58.0892 0648 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:01:58.0951 0648 Bonjour Service - ok
15:01:58.0979 0648 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:01:59.0023 0648 bowser - ok
15:01:59.0062 0648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:01:59.0156 0648 BrFiltLo - ok
15:01:59.0178 0648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:01:59.0213 0648 BrFiltUp - ok
15:01:59.0238 0648 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:01:59.0300 0648 BridgeMP - ok
15:01:59.0358 0648 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
15:01:59.0395 0648 Browser - ok
15:01:59.0416 0648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:01:59.0488 0648 Brserid - ok
15:01:59.0529 0648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:01:59.0606 0648 BrSerWdm - ok
15:01:59.0633 0648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:01:59.0683 0648 BrUsbMdm - ok
15:01:59.0708 0648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:01:59.0750 0648 BrUsbSer - ok
15:01:59.0811 0648 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:01:59.0924 0648 BthEnum - ok
15:01:59.0945 0648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:01:59.0994 0648 BTHMODEM - ok
15:02:00.0030 0648 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:02:00.0071 0648 BthPan - ok
15:02:00.0160 0648 [ E10D1912634974EA273A1588C75CCB76 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:02:00.0217 0648 BTHPORT - ok
15:02:00.0255 0648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:02:00.0340 0648 bthserv - ok
15:02:00.0412 0648 [ 19B784B6ECBB3ADBB2242700FEE90BEC ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:02:00.0487 0648 BTHUSB - ok
15:02:00.0528 0648 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
15:02:00.0555 0648 btwampfl - ok
15:02:00.0582 0648 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:02:00.0599 0648 btwaudio - ok
15:02:00.0635 0648 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
15:02:00.0652 0648 btwavdt - ok
15:02:00.0765 0648 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:02:00.0821 0648 btwdins - ok
15:02:00.0853 0648 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:02:00.0868 0648 btwl2cap - ok
15:02:00.0895 0648 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:02:00.0910 0648 btwrchid - ok
15:02:00.0939 0648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:02:01.0000 0648 cdfs - ok
15:02:01.0047 0648 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:02:01.0095 0648 cdrom - ok
15:02:01.0144 0648 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:02:01.0187 0648 CertPropSvc - ok
15:02:01.0209 0648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:02:01.0247 0648 circlass - ok
15:02:01.0269 0648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:02:01.0292 0648 CLFS - ok
15:02:01.0350 0648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:01.0382 0648 clr_optimization_v2.0.50727_32 - ok
15:02:01.0477 0648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:02:01.0528 0648 clr_optimization_v2.0.50727_64 - ok
15:02:01.0713 0648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:01.0802 0648 clr_optimization_v4.0.30319_32 - ok
15:02:01.0878 0648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:02:01.0916 0648 clr_optimization_v4.0.30319_64 - ok
15:02:01.0945 0648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:01.0984 0648 CmBatt - ok
15:02:02.0004 0648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:02:02.0020 0648 cmdide - ok
15:02:02.0083 0648 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:02:02.0158 0648 CNG - ok
15:02:02.0199 0648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:02:02.0221 0648 Compbatt - ok
15:02:02.0273 0648 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:02:02.0338 0648 CompositeBus - ok
15:02:02.0360 0648 COMSysApp - ok
15:02:02.0398 0648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:02.0430 0648 crcdisk - ok
15:02:02.0515 0648 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:02:02.0600 0648 CryptSvc - ok
15:02:02.0665 0648 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:02:02.0778 0648 DcomLaunch - ok
15:02:02.0819 0648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:02:02.0884 0648 defragsvc - ok
15:02:02.0938 0648 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:02:03.0011 0648 DfsC - ok
15:02:03.0046 0648 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:02:03.0119 0648 Dhcp - ok
15:02:03.0151 0648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:02:03.0216 0648 discache - ok
15:02:03.0269 0648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:02:03.0303 0648 Disk - ok
15:02:03.0363 0648 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:02:03.0433 0648 Dnscache - ok
15:02:03.0538 0648 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:02:03.0605 0648 dot3svc - ok
15:02:03.0629 0648 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:02:03.0673 0648 DPS - ok
15:02:03.0703 0648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:02:03.0724 0648 drmkaud - ok
15:02:03.0790 0648 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:02:03.0852 0648 DXGKrnl - ok
15:02:03.0906 0648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:02:03.0977 0648 EapHost - ok
15:02:04.0200 0648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:02:04.0343 0648 ebdrv - ok
15:02:04.0368 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
15:02:04.0445 0648 EFS - ok
15:02:04.0514 0648 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:02:04.0603 0648 ehRecvr - ok
15:02:04.0634 0648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:02:04.0731 0648 ehSched - ok
15:02:04.0767 0648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:02:04.0793 0648 elxstor - ok
15:02:04.0813 0648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:02:04.0850 0648 ErrDev - ok
15:02:04.0895 0648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:02:04.0956 0648 EventSystem - ok
15:02:05.0008 0648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:02:05.0115 0648 exfat - ok
15:02:05.0151 0648 Fabs - ok
15:02:05.0189 0648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:02:05.0254 0648 fastfat - ok
15:02:05.0300 0648 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:02:05.0362 0648 Fax - ok
15:02:05.0382 0648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:02:05.0401 0648 fdc - ok
15:02:05.0426 0648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:02:05.0492 0648 fdPHost - ok
15:02:05.0521 0648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:02:05.0596 0648 FDResPub - ok
15:02:05.0622 0648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:02:05.0669 0648 FileInfo - ok
15:02:05.0689 0648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:02:05.0749 0648 Filetrace - ok
15:02:05.0852 0648 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:02:06.0005 0648 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:02:06.0006 0648 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:02:06.0047 0648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:06.0084 0648 flpydisk - ok
15:02:06.0120 0648 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:02:06.0147 0648 FltMgr - ok
15:02:06.0264 0648 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
15:02:06.0381 0648 FontCache - ok
15:02:06.0420 0648 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:02:06.0466 0648 FontCache3.0.0.0 - ok
15:02:06.0508 0648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:02:06.0559 0648 FsDepends - ok
15:02:06.0620 0648 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:02:06.0661 0648 Fs_Rec - ok
15:02:06.0698 0648 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:02:06.0721 0648 fvevol - ok
15:02:06.0765 0648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:06.0782 0648 gagp30kx - ok
15:02:06.0825 0648 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:02:06.0839 0648 GEARAspiWDM - ok
15:02:06.0929 0648 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:02:07.0020 0648 gpsvc - ok
15:02:07.0061 0648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:02:07.0147 0648 hcw85cir - ok
15:02:07.0200 0648 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:02:07.0250 0648 HdAudAddService - ok
15:02:07.0297 0648 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:02:07.0371 0648 HDAudBus - ok
15:02:07.0390 0648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:07.0421 0648 HidBatt - ok
15:02:07.0437 0648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:02:07.0485 0648 HidBth - ok
15:02:07.0505 0648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:02:07.0547 0648 HidIr - ok
15:02:07.0584 0648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:02:07.0669 0648 hidserv - ok
15:02:07.0735 0648 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:02:07.0796 0648 HidUsb - ok
15:02:07.0835 0648 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:02:07.0941 0648 hkmsvc - ok
15:02:07.0968 0648 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:02:08.0011 0648 HomeGroupListener - ok
15:02:08.0053 0648 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:02:08.0092 0648 HomeGroupProvider - ok
15:02:08.0138 0648 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:02:08.0183 0648 HpSAMD - ok
15:02:08.0220 0648 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
15:02:08.0257 0648 HSPADataCardusbmdm - ok
15:02:08.0298 0648 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
15:02:08.0317 0648 HSPADataCardusbnmea - ok
15:02:08.0362 0648 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
15:02:08.0399 0648 HSPADataCardusbser - ok
15:02:08.0459 0648 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:02:08.0542 0648 HTTP - ok
15:02:08.0585 0648 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:02:08.0601 0648 hwpolicy - ok
15:02:08.0623 0648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:02:08.0643 0648 i8042prt - ok
15:02:08.0683 0648 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:02:08.0706 0648 iaStorV - ok
15:02:08.0815 0648 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:02:08.0846 0648 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:02:08.0847 0648 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:02:08.0990 0648 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:02:09.0037 0648 idsvc - ok
15:02:09.0077 0648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:02:09.0094 0648 iirsp - ok
15:02:09.0195 0648 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:02:09.0283 0648 IKEEXT - ok
15:02:09.0312 0648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:02:09.0328 0648 intelide - ok
15:02:09.0440 0648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:02:09.0466 0648 intelppm - ok
15:02:09.0515 0648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:02:09.0622 0648 IPBusEnum - ok
15:02:09.0663 0648 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:09.0747 0648 IpFilterDriver - ok
15:02:09.0861 0648 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:02:09.0956 0648 iphlpsvc - ok
15:02:09.0977 0648 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:02:10.0046 0648 IPMIDRV - ok
15:02:10.0069 0648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:02:10.0127 0648 IPNAT - ok
15:02:10.0231 0648 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:02:10.0277 0648 iPod Service - ok
15:02:10.0314 0648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:02:10.0337 0648 IRENUM - ok
15:02:10.0348 0648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:02:10.0365 0648 isapnp - ok
15:02:10.0378 0648 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:02:10.0398 0648 iScsiPrt - ok
15:02:10.0412 0648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:02:10.0440 0648 kbdclass - ok
15:02:10.0459 0648 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:02:10.0491 0648 kbdhid - ok
15:02:10.0514 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
15:02:10.0532 0648 KeyIso - ok
15:02:10.0565 0648 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:02:10.0583 0648 KSecDD - ok
15:02:10.0597 0648 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:02:10.0616 0648 KSecPkg - ok
15:02:10.0645 0648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:02:10.0713 0648 ksthunk - ok
15:02:10.0775 0648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:02:10.0885 0648 KtmRm - ok
15:02:10.0928 0648 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:02:11.0006 0648 LanmanServer - ok
15:02:11.0057 0648 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:02:11.0139 0648 LanmanWorkstation - ok
15:02:11.0193 0648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:02:11.0235 0648 lltdio - ok
15:02:11.0392 0648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:02:11.0484 0648 lltdsvc - ok
15:02:11.0516 0648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:02:11.0566 0648 lmhosts - ok
15:02:11.0590 0648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:11.0609 0648 LSI_FC - ok
15:02:11.0627 0648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:11.0645 0648 LSI_SAS - ok
15:02:11.0659 0648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:11.0676 0648 LSI_SAS2 - ok
15:02:11.0691 0648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:11.0710 0648 LSI_SCSI - ok
15:02:11.0734 0648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:02:11.0797 0648 luafv - ok
15:02:11.0870 0648 [ 1B4DBCAA0321BBB76255983148051F09 ] massfilter C:\Windows\system32\drivers\massfilter.sys
15:02:11.0946 0648 massfilter - ok
15:02:12.0076 0648 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:02:12.0190 0648 MBAMProtector - ok
15:02:12.0260 0648 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:02:12.0302 0648 MBAMScheduler - ok
15:02:12.0334 0648 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:02:12.0364 0648 MBAMService - ok
15:02:12.0413 0648 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:02:12.0496 0648 Mcx2Svc - ok
15:02:12.0539 0648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:02:12.0570 0648 megasas - ok
15:02:12.0598 0648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:02:12.0620 0648 MegaSR - ok
15:02:12.0670 0648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:02:12.0729 0648 MMCSS - ok
15:02:12.0780 0648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:02:12.0898 0648 Modem - ok
15:02:12.0918 0648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:02:12.0955 0648 monitor - ok
15:02:12.0988 0648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:02:13.0005 0648 mouclass - ok
15:02:13.0031 0648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:02:13.0050 0648 mouhid - ok
15:02:13.0067 0648 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:02:13.0085 0648 mountmgr - ok
15:02:13.0126 0648 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:02:13.0142 0648 MozillaMaintenance - ok
15:02:13.0249 0648 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:02:13.0295 0648 MpFilter - ok
15:02:13.0310 0648 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:02:13.0329 0648 mpio - ok
15:02:13.0352 0648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:02:13.0404 0648 mpsdrv - ok
15:02:13.0529 0648 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:02:13.0605 0648 MpsSvc - ok
15:02:13.0642 0648 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:02:13.0709 0648 MRxDAV - ok
15:02:13.0772 0648 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:13.0808 0648 mrxsmb - ok
15:02:13.0899 0648 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:13.0952 0648 mrxsmb10 - ok
15:02:14.0000 0648 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:14.0035 0648 mrxsmb20 - ok
15:02:14.0066 0648 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:02:14.0090 0648 msahci - ok
15:02:14.0120 0648 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:02:14.0139 0648 msdsm - ok
15:02:14.0154 0648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:02:14.0177 0648 MSDTC - ok
15:02:14.0203 0648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:02:14.0245 0648 Msfs - ok
15:02:14.0254 0648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:02:14.0314 0648 mshidkmdf - ok
15:02:14.0333 0648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:02:14.0356 0648 msisadrv - ok
15:02:14.0414 0648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:02:14.0511 0648 MSiSCSI - ok
15:02:14.0517 0648 msiserver - ok
15:02:14.0559 0648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:02:14.0617 0648 MSKSSRV - ok
15:02:14.0699 0648 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:02:14.0736 0648 MsMpSvc - ok
15:02:14.0765 0648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:14.0831 0648 MSPCLOCK - ok
15:02:14.0875 0648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:02:14.0932 0648 MSPQM - ok
15:02:14.0964 0648 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:02:14.0999 0648 MsRPC - ok
15:02:15.0015 0648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:02:15.0032 0648 mssmbios - ok
15:02:15.0043 0648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:02:15.0104 0648 MSTEE - ok
15:02:15.0126 0648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:02:15.0158 0648 MTConfig - ok
15:02:15.0192 0648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:02:15.0210 0648 Mup - ok
15:02:15.0263 0648 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:02:15.0331 0648 napagent - ok
15:02:15.0388 0648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:02:15.0446 0648 NativeWifiP - ok
15:02:15.0608 0648 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:02:15.0677 0648 NDIS - ok
15:02:15.0728 0648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:15.0817 0648 NdisCap - ok
15:02:15.0851 0648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:15.0915 0648 NdisTapi - ok
15:02:15.0941 0648 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:16.0001 0648 Ndisuio - ok
15:02:16.0031 0648 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:16.0083 0648 NdisWan - ok
15:02:16.0101 0648 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:02:16.0163 0648 NDProxy - ok
15:02:16.0193 0648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:02:16.0253 0648 NetBIOS - ok
15:02:16.0270 0648 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:02:16.0317 0648 NetBT - ok
15:02:16.0335 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
15:02:16.0354 0648 Netlogon - ok
15:02:16.0396 0648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:02:16.0470 0648 Netman - ok
15:02:16.0501 0648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:02:16.0569 0648 netprofm - ok
15:02:16.0606 0648 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:16.0624 0648 NetTcpPortSharing - ok
15:02:16.0677 0648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:02:16.0694 0648 nfrd960 - ok
15:02:16.0772 0648 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:02:16.0810 0648 NisDrv - ok
15:02:16.0927 0648 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
15:02:16.0991 0648 NisSrv - ok
15:02:17.0038 0648 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:02:17.0154 0648 NlaSvc - ok
15:02:17.0227 0648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:02:17.0336 0648 Npfs - ok
15:02:17.0409 0648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:02:17.0537 0648 nsi - ok
15:02:17.0607 0648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:02:17.0691 0648 nsiproxy - ok
15:02:17.0788 0648 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:02:17.0854 0648 Ntfs - ok
15:02:17.0884 0648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:02:17.0926 0648 Null - ok
15:02:17.0980 0648 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:02:18.0000 0648 nvraid - ok
15:02:18.0025 0648 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:02:18.0046 0648 nvstor - ok
15:02:18.0079 0648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:02:18.0098 0648 nv_agp - ok
15:02:18.0129 0648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:02:18.0161 0648 ohci1394 - ok
15:02:18.0197 0648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:02:18.0255 0648 p2pimsvc - ok
15:02:18.0314 0648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:02:18.0340 0648 p2psvc - ok
15:02:18.0359 0648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:02:18.0380 0648 Parport - ok
15:02:18.0429 0648 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:02:18.0485 0648 partmgr - ok
15:02:18.0513 0648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:02:18.0559 0648 PcaSvc - ok
15:02:18.0604 0648 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:02:18.0638 0648 pci - ok
15:02:18.0666 0648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:02:18.0684 0648 pciide - ok
15:02:18.0728 0648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:18.0765 0648 pcmcia - ok
15:02:18.0792 0648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:02:18.0811 0648 pcw - ok
15:02:18.0837 0648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:02:18.0907 0648 PEAUTH - ok
15:02:19.0219 0648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:02:19.0281 0648 PerfHost - ok
15:02:19.0354 0648 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:02:19.0434 0648 pla - ok
15:02:19.0470 0648 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:02:19.0515 0648 PlugPlay - ok
15:02:19.0535 0648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:02:19.0570 0648 PNRPAutoReg - ok
15:02:19.0597 0648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:02:19.0621 0648 PNRPsvc - ok
15:02:19.0715 0648 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:02:19.0797 0648 PolicyAgent - ok
15:02:19.0832 0648 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:02:19.0895 0648 Power - ok
15:02:19.0946 0648 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:02:20.0036 0648 PptpMiniport - ok
15:02:20.0060 0648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:02:20.0081 0648 Processor - ok
15:02:20.0134 0648 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
15:02:20.0163 0648 ProfSvc - ok
15:02:20.0180 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:02:20.0198 0648 ProtectedStorage - ok
15:02:20.0231 0648 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:02:20.0295 0648 Psched - ok
15:02:20.0420 0648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:02:20.0481 0648 ql2300 - ok
15:02:20.0515 0648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:20.0543 0648 ql40xx - ok
15:02:20.0578 0648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:02:20.0643 0648 QWAVE - ok
15:02:20.0660 0648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:02:20.0700 0648 QWAVEdrv - ok
15:02:20.0725 0648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:02:20.0797 0648 RasAcd - ok
15:02:20.0848 0648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:20.0938 0648 RasAgileVpn - ok
15:02:20.0988 0648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:02:21.0033 0648 RasAuto - ok
15:02:21.0065 0648 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:21.0129 0648 Rasl2tp - ok
15:02:21.0198 0648 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:02:21.0300 0648 RasMan - ok
15:02:21.0333 0648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:21.0376 0648 RasPppoe - ok
15:02:21.0431 0648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:02:21.0528 0648 RasSstp - ok
15:02:21.0575 0648 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:02:21.0631 0648 rdbss - ok
15:02:21.0657 0648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:21.0691 0648 rdpbus - ok
15:02:21.0710 0648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:21.0751 0648 RDPCDD - ok
15:02:21.0768 0648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:02:21.0827 0648 RDPENCDD - ok
15:02:21.0834 0648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:02:21.0878 0648 RDPREFMP - ok
15:02:21.0914 0648 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:02:21.0980 0648 RDPWD - ok
15:02:22.0018 0648 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:02:22.0045 0648 rdyboost - ok
15:02:22.0065 0648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:02:22.0150 0648 RemoteAccess - ok
15:02:22.0202 0648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:02:22.0281 0648 RemoteRegistry - ok
15:02:22.0322 0648 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:02:22.0362 0648 RFCOMM - ok
15:02:22.0403 0648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:02:22.0466 0648 RpcEptMapper - ok
15:02:22.0527 0648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:02:22.0607 0648 RpcLocator - ok
15:02:22.0653 0648 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:02:22.0705 0648 RpcSs - ok
15:02:22.0735 0648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:02:22.0794 0648 rspndr - ok
15:02:22.0826 0648 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:02:22.0848 0648 RTL8167 - ok
15:02:22.0857 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
15:02:22.0877 0648 SamSs - ok
15:02:22.0898 0648 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:02:22.0917 0648 sbp2port - ok
15:02:22.0942 0648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:02:22.0997 0648 SCardSvr - ok
15:02:23.0034 0648 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:02:23.0127 0648 scfilter - ok
15:02:23.0275 0648 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:02:23.0368 0648 Schedule - ok
15:02:23.0410 0648 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:02:23.0454 0648 SCPolicySvc - ok
15:02:23.0494 0648 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:02:23.0575 0648 SDRSVC - ok
15:02:23.0618 0648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:02:23.0685 0648 secdrv - ok
15:02:23.0721 0648 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:02:23.0809 0648 seclogon - ok
15:02:23.0838 0648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:02:23.0894 0648 SENS - ok
15:02:23.0912 0648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:02:23.0959 0648 SensrSvc - ok
15:02:23.0974 0648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:02:23.0994 0648 Serenum - ok
15:02:24.0022 0648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:02:24.0061 0648 Serial - ok
15:02:24.0085 0648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:02:24.0112 0648 sermouse - ok
15:02:24.0177 0648 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:02:24.0236 0648 SessionEnv - ok
15:02:24.0255 0648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:02:24.0295 0648 sffdisk - ok
15:02:24.0319 0648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:02:24.0391 0648 sffp_mmc - ok
15:02:24.0455 0648 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:02:24.0521 0648 sffp_sd - ok
15:02:24.0547 0648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:24.0567 0648 sfloppy - ok
15:02:24.0636 0648 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:02:24.0712 0648 SharedAccess - ok
15:02:24.0759 0648 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:02:24.0811 0648 ShellHWDetection - ok
15:02:24.0840 0648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:24.0857 0648 SiSRaid2 - ok
15:02:24.0868 0648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:24.0887 0648 SiSRaid4 - ok
15:02:24.0947 0648 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:02:24.0987 0648 SkypeUpdate - ok
15:02:25.0038 0648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:02:25.0112 0648 Smb - ok
15:02:25.0149 0648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:02:25.0173 0648 SNMPTRAP - ok
15:02:25.0229 0648 [ 94820815A302E54B63F0D3FB919C225D ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
15:02:25.0288 0648 SNP2UVC - ok
15:02:25.0318 0648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:02:25.0335 0648 spldr - ok
15:02:25.0409 0648 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
15:02:25.0494 0648 Spooler - ok
15:02:25.0642 0648 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:02:25.0774 0648 sppsvc - ok
15:02:25.0808 0648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:02:25.0870 0648 sppuinotify - ok
15:02:25.0947 0648 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys
15:02:26.0003 0648 sp_rsdrv2 - ok
15:02:26.0079 0648 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:02:26.0135 0648 srv - ok
15:02:26.0163 0648 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:02:26.0188 0648 srv2 - ok
15:02:26.0252 0648 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:02:26.0331 0648 srvnet - ok
15:02:26.0359 0648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:02:26.0423 0648 SSDPSRV - ok
15:02:26.0454 0648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:02:26.0521 0648 SstpSvc - ok
15:02:26.0635 0648 [ B17788CCE16D54DCA857B4DBF6D1041B ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
15:02:26.0675 0648 ST2012_Svc - ok
15:02:26.0780 0648 [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
15:02:26.0847 0648 STacSV - ok
15:02:26.0879 0648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:02:26.0915 0648 stexstor - ok
15:02:26.0956 0648 [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:02:27.0001 0648 STHDA - ok
15:02:27.0051 0648 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:02:27.0093 0648 stisvc - ok
15:02:27.0124 0648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:02:27.0143 0648 swenum - ok
15:02:27.0240 0648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:02:27.0317 0648 swprv - ok
15:02:27.0421 0648 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:02:27.0529 0648 SysMain - ok
15:02:27.0575 0648 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:02:27.0663 0648 TabletInputService - ok
15:02:27.0693 0648 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:02:27.0762 0648 TapiSrv - ok
15:02:27.0787 0648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:02:27.0838 0648 TBS - ok
15:02:27.0971 0648 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:02:28.0057 0648 Tcpip - ok
15:02:28.0095 0648 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:02:28.0141 0648 TCPIP6 - ok
15:02:28.0246 0648 [ 1A95043750E359F993154EF8559BE518 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
15:02:28.0325 0648 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:02:28.0325 0648 tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:02:28.0355 0648 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:02:28.0424 0648 tcpipreg - ok
15:02:28.0461 0648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:02:28.0530 0648 TDPIPE - ok
15:02:28.0569 0648 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:02:28.0620 0648 TDTCP - ok
15:02:28.0651 0648 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:02:28.0727 0648 tdx - ok
15:02:28.0737 0648 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:02:28.0755 0648 TermDD - ok
15:02:28.0807 0648 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:02:28.0877 0648 TermService - ok
15:02:28.0903 0648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:02:28.0947 0648 Themes - ok
15:02:28.0981 0648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:02:29.0025 0648 THREADORDER - ok
15:02:29.0067 0648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:02:29.0122 0648 TrkWks - ok
15:02:29.0191 0648 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:02:29.0247 0648 TrustedInstaller - ok
15:02:29.0261 0648 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:29.0326 0648 tssecsrv - ok
15:02:29.0359 0648 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:02:29.0420 0648 tunnel - ok
15:02:29.0450 0648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:02:29.0468 0648 uagp35 - ok
15:02:29.0514 0648 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:02:29.0583 0648 udfs - ok
15:02:29.0614 0648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:02:29.0658 0648 UI0Detect - ok
15:02:29.0697 0648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:02:29.0717 0648 uliagpkx - ok
15:02:29.0737 0648 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:02:29.0778 0648 umbus - ok
15:02:29.0804 0648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:02:29.0845 0648 UmPass - ok
15:02:29.0871 0648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:02:29.0925 0648 upnphost - ok
15:02:29.0968 0648 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:02:30.0009 0648 USBAAPL64 - ok
15:02:30.0036 0648 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:30.0096 0648 usbccgp - ok
15:02:30.0138 0648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:02:30.0179 0648 usbcir - ok
15:02:30.0204 0648 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:02:30.0237 0648 usbehci - ok
15:02:30.0307 0648 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:02:30.0335 0648 usbhub - ok
15:02:30.0376 0648 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:02:30.0417 0648 usbohci - ok
15:02:30.0456 0648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:02:30.0507 0648 usbprint - ok
15:02:30.0538 0648 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:30.0601 0648 USBSTOR - ok
15:02:30.0627 0648 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:02:30.0647 0648 usbuhci - ok
15:02:30.0698 0648 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:02:30.0742 0648 usbvideo - ok
15:02:30.0767 0648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:02:30.0819 0648 UxSms - ok
15:02:30.0836 0648 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
15:02:30.0859 0648 VaultSvc - ok
15:02:30.0902 0648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:02:30.0929 0648 vdrvroot - ok
15:02:30.0986 0648 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:02:31.0035 0648 vds - ok
15:02:31.0060 0648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:31.0082 0648 vga - ok
15:02:31.0101 0648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:02:31.0146 0648 VgaSave - ok
15:02:31.0195 0648 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:02:31.0216 0648 vhdmp - ok
15:02:31.0235 0648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:02:31.0253 0648 viaide - ok
15:02:31.0278 0648 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:02:31.0298 0648 volmgr - ok
15:02:31.0321 0648 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:02:31.0346 0648 volmgrx - ok
15:02:31.0368 0648 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:02:31.0391 0648 volsnap - ok
15:02:31.0414 0648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:31.0435 0648 vsmraid - ok
15:02:31.0571 0648 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:02:31.0652 0648 VSS - ok
15:02:31.0670 0648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:31.0707 0648 vwifibus - ok
15:02:31.0738 0648 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:31.0769 0648 vwififlt - ok
15:02:31.0812 0648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:02:31.0860 0648 W32Time - ok
15:02:31.0889 0648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:02:31.0942 0648 WacomPen - ok
15:02:31.0975 0648 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:02:32.0033 0648 WANARP - ok
15:02:32.0053 0648 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:02:32.0099 0648 Wanarpv6 - ok
15:02:32.0250 0648 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:02:32.0373 0648 wbengine - ok
15:02:32.0388 0648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:02:32.0417 0648 WbioSrvc - ok
15:02:32.0440 0648 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:02:32.0514 0648 wcncsvc - ok
15:02:32.0549 0648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:02:32.0606 0648 WcsPlugInService - ok
15:02:32.0649 0648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:02:32.0666 0648 Wd - ok
15:02:32.0691 0648 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:02:32.0720 0648 Wdf01000 - ok
15:02:32.0736 0648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:02:32.0785 0648 WdiServiceHost - ok
15:02:32.0789 0648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:02:32.0817 0648 WdiSystemHost - ok
15:02:32.0851 0648 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:02:32.0885 0648 WebClient - ok
15:02:32.0914 0648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:02:32.0984 0648 Wecsvc - ok
15:02:33.0008 0648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:02:33.0077 0648 wercplsupport - ok
15:02:33.0107 0648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:02:33.0152 0648 WerSvc - ok
15:02:33.0169 0648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:33.0212 0648 WfpLwf - ok
15:02:33.0226 0648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:02:33.0243 0648 WIMMount - ok
15:02:33.0252 0648 WinDefend - ok
15:02:33.0259 0648 WinHttpAutoProxySvc - ok
15:02:33.0313 0648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:02:33.0359 0648 Winmgmt - ok
15:02:33.0525 0648 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:02:33.0674 0648 WinRM - ok
15:02:33.0733 0648 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:33.0760 0648 WinUsb - ok
15:02:33.0833 0648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:02:33.0890 0648 Wlansvc - ok
15:02:34.0142 0648 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:34.0210 0648 wlidsvc - ok
15:02:34.0254 0648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:02:34.0293 0648 WmiAcpi - ok
15:02:34.0338 0648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:02:34.0386 0648 wmiApSrv - ok
15:02:34.0421 0648 WMPNetworkSvc - ok
15:02:34.0475 0648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:02:34.0536 0648 WPCSvc - ok
15:02:34.0555 0648 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:02:34.0602 0648 WPDBusEnum - ok
15:02:34.0645 0648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:02:34.0711 0648 ws2ifsl - ok
15:02:34.0745 0648 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
15:02:34.0803 0648 wscsvc - ok
15:02:34.0808 0648 WSearch - ok
15:02:35.0227 0648 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:02:35.0322 0648 wuauserv - ok
15:02:35.0334 0648 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:02:35.0388 0648 WudfPf - ok
15:02:35.0427 0648 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:35.0471 0648 WUDFRd - ok
15:02:35.0509 0648 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:02:35.0572 0648 wudfsvc - ok
15:02:35.0599 0648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:02:35.0648 0648 WwanSvc - ok
15:02:35.0664 0648 ================ Scan global ===============================
15:02:35.0694 0648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:02:35.0736 0648 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:02:35.0745 0648 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:02:35.0779 0648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:02:35.0810 0648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:02:35.0814 0648 [Global] - ok
15:02:35.0815 0648 ================ Scan MBR ==================================
15:02:35.0833 0648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:02:36.0738 0648 \Device\Harddisk0\DR0 - ok
15:02:36.0738 0648 ================ Scan VBR ==================================
15:02:36.0777 0648 [ 7CFDA7A68D63B99DE761D82D8B3C9BDE ] \Device\Harddisk0\DR0\Partition1
15:02:36.0780 0648 \Device\Harddisk0\DR0\Partition1 - ok
15:02:36.0798 0648 [ B5854894BD0D6F1CEF30C2CF13B7BCC2 ] \Device\Harddisk0\DR0\Partition2
15:02:36.0816 0648 \Device\Harddisk0\DR0\Partition2 - ok
15:02:36.0848 0648 [ 4A2F73EB0B45E252E03F17B8DA0CFFE5 ] \Device\Harddisk0\DR0\Partition3
15:02:36.0849 0648 \Device\Harddisk0\DR0\Partition3 - ok
15:02:36.0850 0648 ============================================================
15:02:36.0850 0648 Scan finished
15:02:36.0850 0648 ============================================================
15:02:36.0892 1884 Detected object count: 4
15:02:36.0892 1884 Actual detected object count: 4
15:04:57.0723 1884 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:57.0723 1884 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:57.0723 1884 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:57.0723 1884 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:57.0726 1884 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:57.0726 1884 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:57.0729 1884 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:04:57.0729 1884 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Antwort

Themen zu Telekom-Brief: Netzwerk versendet Spams
absoluter, brief, forum, freund, geburtstag, geplant, gottes, heute, irgend, natürlich, netzwerk, problem, rechner, spam, spammails, spams, telekom, versendet, überhaupt



Ähnliche Themen: Telekom-Brief: Netzwerk versendet Spams


  1. Telekom Mail versendet Spam - Delivery Status Notification erhalten
    Log-Analyse und Auswertung - 02.10.2015 (15)
  2. Brief von der Telekom bekommen, Internet Anschluss versendet Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 28.01.2015 (9)
  3. WIN7: Telekom-Rechnung (Trojaner) - Pc versendet Rechnungs-eMails und Grußkarten
    Log-Analyse und Auswertung - 07.12.2014 (9)
  4. Trojaner versendet Dateien aus Netzwerk?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (2)
  5. Abuse Brief von Telekom Schadprogramm ZeuS/ZBot mehrere Geräte im Netzwerk
    Log-Analyse und Auswertung - 29.08.2013 (9)
  6. wie soll man auf Spams reagieren?
    Überwachung, Datenschutz und Spam - 13.01.2013 (4)
  7. Passwort geknackt und Spams und Viren an alle in meinem Adressbuch versendet!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  8. Rechner versendet Spam -> Brief von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  9. Virus:Win32:InstallCore-AM ; E-Mail-Konto gehackt: Spams wurden versendet
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  10. SPAM Mails werden von GMX Account eines anderen Laptops im Netzwerk versendet
    Log-Analyse und Auswertung - 21.06.2012 (2)
  11. Die Telekom sagt mein System gehöre zu einem Sinkhole Netzwerk
    Log-Analyse und Auswertung - 08.07.2011 (43)
  12. computer versendet spams (antivirus meldet trojaner)
    Log-Analyse und Auswertung - 14.05.2010 (3)
  13. Netzwerk-Probleme / ohne T.online software ein Netzwerk ?
    Netzwerk und Hardware - 18.06.2009 (1)
  14. msn verschickt spams an meine freundesliste
    Log-Analyse und Auswertung - 22.05.2009 (5)
  15. Exchange2003 verschickt SPAMs
    Log-Analyse und Auswertung - 15.06.2008 (1)
  16. Gibt es wieder neue Spams?
    Mülltonne - 06.05.2005 (1)
  17. Gibt es wieder neue Spams?
    Mülltonne - 06.05.2005 (1)

Zum Thema Telekom-Brief: Netzwerk versendet Spams - Hallo, eigentlich hatte ich geplant meinen Geburtstag anders zu verbringen, doch heute kam ein Brief der Telekom, dass über die Email-Adresse und/oder das NEtzwerk Spammails versendet werden. Leider Gottes weiss - Telekom-Brief: Netzwerk versendet Spams...
Archiv
Du betrachtest: Telekom-Brief: Netzwerk versendet Spams auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.